Microsoft touts new security capabilities with Enterprise Mobility Suite
- 17 November, 2015 18:08
Microsoft is targeting the enterprise with its new security capabilities in its Enterprise Mobility Suite, which it touted at Microsoft Ignite on the Gold Coast today.
The vendor's
corporate VP of enterprise client and mobility, Brad Anderson, gave a
run down of its telemetry, data loss prevention policies, and
machine learning and threat detection.
Microsoft has
introduced telemetry data as part of its Mobility Suite, where
enterprises can see where, when, who and on what device a document
was accessed. It also shows if someone has failed to access a rights management
sharing (RMS) protected document.
“Interestingly,
there was nine times that this individual tried to open up a document
and didn't have rights to open a document. Now of course the document
wasn't opened, it was protected, but I find it super interesting
where I can see the telemetry [data] now on how [many times] the
document has been used,” Anderson said when demonstrating the
capability.
“I can also get a
map that will show me where in the world people are viewing this
particular document. Green is a successful open and orange is an
unsuccessful open,” he added.
Azure Active
Directory, as part of the Mobility Suite, also delivers telemetry
data to customers and reports users' access to and activities with
corporate data.
“It's showing me a
report where a user logged in at two different physical locations
with timestamps that are impossible. Jenifer logged in at New York,
and then 4.5 hours later logged in at Bangkok. Unless she has figured out
some kind of time travel, that's impossible.
“Also, we are
seeing that Jenifer's device is communicating with an addresses that
is known to be affected so we believe Jenifer's device is also
affected. And Jenifer signed on from a hidden IP address and there's
no reason why a user would sign on from a hidden address,” Anderson
said.
Data loss prevention
policies have also been introduced to prevent users from saving
documents in non-approved locations such as their personal Drop Box,
and to apply different rules on data accessed from personal drives or
accounts and corporate accounts.
“What we are
trying to do here is help users who use our applications for personal
life and business life be able to manage and protect corporate data.”
Microsoft has also
built in a capability to its Mobility Suite that stops the contents
of a corporate document being copied and pasted into an email that
does not contain a corporate email address.
“It understands
what is personal content and what is corporate content and it guides
the user to only share the corporate content in the corporate
[environment].”
However, this won't stop a user from first copying and pasting into their corporate email and then forwarding onto someone outside of their organisation or their personal email.
It also won't prevent a user from taking a
photo of the contents of a document on screen and then leaking it to
outsiders. Anderson said the capability is more about safeguarding
workers who have good intentions but make security mistakes.
Another new
capability that's part of the Mobility Suite is Advanced Threat
Analytics, which uses machine learning to detect unusual user
behaviour and potential threats.
“If it sees
anything that deviates from the norm, it'll flag it or bring it to
your attention. We see that the user account is accessing resources,
servers and others people's devices he doesn't normally access. The
machine learning capability is saying it is seeing something unusual
going on here.”
Microsoft is also
allowing Mobility Suite customers to open RMS protected documents
on their iOS or Android device.
“For the first
time, the principle and the foundation for the way organisations
protect their corporate data using RMS is now supported on various
platforms.”