Security Unlocked 2.17.21
Ep 15 | 2.17.21

Enterprise Resiliency: Breakfast of Champions

Show Notes

Prior to the pandemic, workdays used to look a whole lot different. If you had a break, you could take a walk to stretch your legs, shake the hands of your co-workers, or get some 1-on-1 face time with the boss. Ahh... those were the days. That close contact we once had is now something that many of us yearn for as we’ve had to abruptly lift and shift from living in our office to working from our home. But communicating and socializing aren’t the only things that were easier back then. The walls of your office have expanded, and with them, the boundaries of your security protocols. Small in-office tasks like patching a server have now become multi-step processes that require remote management, remote updates, and remote administrative control. With that comes the prioritization of resilience and what it means for enterprises, customers, and security teams alike. That’s where remote enterprise resiliency comes into play.  

Today on the pod, we explore the final chapter of the MDDR. Irfan Mirza, Director of Enterprise Continuity and Resilience at Microsoft, wraps up the observations from the report by giving hosts Nic Fillingham and Natalya Godyla the rundown on enterprise resiliency and discusses how we can ensure the highest levels of security while working from home. Irfan explains the Zero trust model and how Microsoft is working to extend security benefits to your kitchen or home office, or...  that make-shift workspace in your closet.  

In the second segment, Andrew Paverd, Senior Researcher on the Microsoft Security Response Center Team and jack of all trades, stops by… and we’re not convinced he’s fully human. He’s here to tell us about the many hats he wears, from safe systems programming to leveraging AI to help with processes within the MSRC, and shares how he has to think like a hacker to prevent attacks. Spoiler alert: he’s a big follower of Murphy’s Law.   

In This Episode, You Will Learn:  

  • How classical security models are being challenged 
  • What the Zero Trust Model is and how it works  
  • The three critical areas of resilience: extending the enterprise boundary, prioritizing resilient performance, and validating the resilience of our human infrastructure.  
  • How hackers approach our systems and technologies 

Some Questions We Ask: 

  • How has security changed as a product of the pandemic? 
  • Do we feel like we have secured the remote workforce? 
  • What frameworks exist to put a metric around where an organization is in terms of its resiliency? 
  • What is Control Flow Guard (CFG) and Control-Flow Integrity? 
  • What’s the next stage for the Rust programming language?  

Resources: 

Microsoft Digital Defense Report

Irfan’s LinkedIn

Andrew’s LinkedIn

Microsoft Security Blog

Related:

Listen to: Afternoon Cyber Tea with Ann Johnson

Listen to: Security Unlocked: CISO Series with Bret Arsenault 


Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.