Matt Bryant’s Post

Did Microsoft give away cybersecurity products and services to the US federal government in order to lock-in customers and avoid the normal procurement processes? See this ProPublica article for more detail. This should be a "must read" for every security vendor that competes with Microsoft. https://lnkd.in/g87D2-gA #cybersecurity #infosec #Microsoft #E5 #G5

Sam Sabin from Axios dives into a new report from the Cyber Safety Review Board, the result of a 7-month investigation into a Chinese espionage campaign targeting Microsoft last summer. Some key takeaways: ☑ The board was particularly harsh toward Microsoft, pointing out that this incident should have never occurred. ☑ "The threat actor has demonstrated the capability and intents to compromise identity systems and cloud providers and target emails of individuals of interest to the Chinese government." ☑ Microsoft has already started to proactively change its cybersecurity culture and practices. ☑ CISA plans to create a baseline of strong security practices for cloud service providers to follow. A strong baseline of security practices for CSPs is an impactful step, as navigating cloud security responsibilities and tactics across IaaS, PaaS and SaaS can be daunting and complex. No one is immune to breaches, but through partnership, best practice sharing, and the transparent exchange of intelligence and IoCs, we can better protect our industries and organizations. https://lnkd.in/gRxgDB_E

Amid global IT outages, Microsoft’s Cybersecurity Summit highlights the need for Zero Trust, and odix’s file sanitization tools ensure threats are neutralized before they reach your network. In today’s cyber landscape, proactive protection is key. https://lnkd.in/diHBuw_p #Cybersecurity #ZeroTrust #odix #MicrosoftSummit #Reuters

AJ Grotto, former senior White House cyber policy director, thinks Microsoft's control over government IT is a big deal. He says getting even small changes from Microsoft is like pulling teeth. With Microsoft's grip on government software, Grotto says we need more options and to keep a close eye on Microsoft's slip-ups. After all, competition and public pressure might be the only things that get them to shape up. Why did the government consider Microsoft for their IT needs? Because when it comes to security, they thought Microsoft had all the "keys". Read here: https://lnkd.in/gyfz-Ytv #GovernmentIT #Cybersecurity #MicrosoftControl #NationalSecurity #TechDominance #ITInfrastructure #SecurityFailures #GovernmentOversight #Competition #PublicScrutiny #CyberThreats

Another Hack, Another Patch – The RATS are winning Here we go again, more serious Vulnerabilities to patch and yet more forensics on the potential damage that might have been done to the Enterprise network. This cycle will not change until investments in multi-hybrid, multi-cloud cyber technologies focus on “removing” vulnerabilities rather than “protecting” them. But is there such a technology? Is there a multi-hybrid “cloud-agnostic” access platform that actually removes network vulnerabilities? If so, who has it? AWS, Microsoft, Oracle, Google, IBM? Don’t count on any of them – they own the access method you signed up for – and you end up managing three or four stove-pipe access platforms in your enterprise or you pay “dearly” for someone to manage them for you. (aka OKTA) And those solutions are frequently hacked.  If there was a single vulnerability in the enterprise, it would not be technology, it would be people. We are fighting very sophisticated AI-based hacking techniques and technology with access and network practices that were designed 30 years ago. Where the “people” vulnerability plays a heavy role is the lack of most organizations to look for anything new – “innovation.” The major cloud providers and big tech will not be the ones to bring it to the market. There is just too much money in protecting the technology they have built their companies on. Zero Trust is a great concept, but I have problems understanding why we hand over (“trust”) hundreds of thousands of credentials to third party providers. In the process, we have created enormous costs and complexities and additional vulnerabilities in our enterprise. New concept to consider: ZeroKnowlege Networking. Remove vulnerabilities, remove costs, remove complexities, remove downstream headaches – FIX the problem. No inbound open ports (ADFS) and no credential replication to cloud providers. No attack surface! It exists #xiid  

NEW: Executive Director Ryan Triplette's statement regarding ProPublica's story on how Microsoft's anti-competitive business practices are stifling competition and hurting consumers. "This reporting is yet another example - just this week - of how Microsoft's anti-competitive business practices are stifling competition, hurting consumers, and compromising national security. Unfair licensing practices are central to Microsoft’s strategy for taking IT decision making out of the hands of its own public and private sector customers, which is why we’re calling on Microsoft and all vendors to do what’s right and adhere to the principles for fair software licensing.” #cybersecurity #cloudservices #softwarelicensing https://lnkd.in/eUGBf4VJ

Recent revelations from a scathing US government report shed light on the avoidable errors that led to a Chinese hacking group breaching Microsoft servers, compromising the emails of senior US officials. This really goes to show you that it doesn't matter how large the company, you still might not be safe! The Cyber Safety Review Board's investigation highlighted deficiencies in Microsoft's corporate culture and security practices, emphasizing the need for cloud service providers to prioritize security from the ground up. Software Security needs to be a priority! #LetsBeCarefulOutThere #flcc270 https://lnkd.in/e4BpzKUX

The recent article highlights a critical security flaw discovered by researcher Andrew Harris, working for Microsoft, which was exploited by Russian hackers during the SolarWinds hack. This breach is concerning for two main reasons: it targeted the company's cloud, where sensitive data is stored, and the attackers executed it in a stealthy manner, leaving minimal traces. As a result, unauthorized access was gained to vital data from federal agencies like the National Nuclear Security Administration and the National Institutes of Health. This incident contradicts Microsoft's claim that their products were immune to such exploits, emphasizing the essential role of cybersecurity and the immediate need to address vulnerabilities in the face of cyber threats. #Cybersecurity #DataBreach #SolarWindsHack

Microsoft convenes its Cybersecurity Summit following a major IT outage, the message to CISOs is clear: fortify your defenses. With the rise of sophisticated attacks, Zero Trust is no longer a buzzword—it’s essential. odix’s file sanitization solutions provide an extra layer of security by neutralizing threats before they reach your systems. odix #Cybersecurity #ZeroTrust #odix #MicrosoftSummit #Reuters