While the RSA Conference isn’t hosted by Microsoft, the company took advantage of the five-day event to showcase its vision for the future of digital security.
RSA Conference 2022 was held at the Moscone Center in San Francisco this year and hosted over 600 speakers and 400 plus exhibitors and countless industry sessions and networking events. Microsoft attended this year’s RSA Conference with its own executives and security professionals to offer guests at the event a chance to get hands on with 20-plus Microsoft-led sessions as well as a chance to explore the latest company solutions that included Microsoft Entra, Sentinel, and Defender Experts for Hunting.
Microsoft CVP of Security, Compliance, Identity and Management Vasy Jakkal introduced the company’s attendance with a keynote on the future of cybersecurity, followed by CVP and CISO Bret Arsenault who gave a special fireside chat on managing the concept of Shadow IT along with CVP of Identity and Access Joy Chik.
Aside from keynotes and fireside chats, attendees were able to partake in immersive art installations as well as snag some treats to take home from Microsoft’s infamous swag bar. For anyone who couldn’t make it to Microsoft’s massive North Expo booth that hosted over 40 sessions with several of its security solutions on showcase such as Defender, Sentinel, Pureview, Priva, Entra, and Endpoint Manager, there were at least 20 sessions held elsewhere during the conference.
Microsoft highlighted the following as some of its “standout sessions” during RSA 2022.
Practical Learnings for Threat Hunting and Improving Your Security Posture: Hosted by Jessica Payne, Principal Security Researcher and Threat Intelligence Strategist at Microsoft, and Simon Dyson, Cyber Security Operations Centre Lead in NHS Digitals Data Security Centre, this 50-minute session addressed threat hunting and security posture improvements from a threat intelligence-informed perspective. Attendees gained insights from Jessica’s experience in demystifying and defusing real-world ransomware attacks. They also got a first-hand recounting of Simon’s work securing the complex network maintained by England’s National Health Service (NHS) during the pandemic, and how his team’s experience can benefit all of us.
Conti Playbook: Infiltrate the Most Profitable Ransomware Gang: Participants learned how a disgruntled affiliate exposed one of the most infamous ransomware gangs, divulging its ransomware-as-a-service (RaaS) secrets to help take them down. This immersive, hands-on workshop guided attendees through a typical Conti attack sequence and provided tips to defend against advanced persistent threats. Thanks to Tom D’Aquino, Fabien Guillot, and Arpan Sarkar of Microsoft partner Vectra AI for this presentation.
Microsoft Defender Experts for Hunting Has Got Your Back: Abhishek Agarwal, Chief Security and Technology Officer at Helix Biotech, examined threat hunting’s virtuous cycle: track, hunt, and analyze. Specifically, attendees learned how Microsoft Defender Experts for Hunting uses AI to accomplish all three components of the cycle faster, providing automated detection, hunting, and analysis to help the team track and stop threats across the company’s multi-national enterprise.
Microsoft Security Research—How We Responsibly Disclose Vulnerabilities to Apple, Google, and the Linux Community: Jonathan Bar Or, Principal Security Researcher at Microsoft, discussed how disclosing bugs makes the world safer and benefits users, as well as giving Microsoft Security a better understanding of the technologies we work to protect. The goal is to challenge our own detections and prove product truth—making Microsoft Defender stronger by challenging our own blue teams.
Solve Secure Access Needs for Workload Identities with Microsoft Entra: Microsoft Product Managers Nick Wryter and Sandy Jiang led this informative session on the phenomenon of exploding workload identities. Currently, workload identities outnumber user identities five to one; the challenge being that many traditional identity and access management solutions don’t manage these prevalent and frequently over-permitted identities. Nick and Sandy explained how the new Microsoft Entra addresses this problem by providing a comprehensive view of every action performed by any identity on any resource, detecting anomalous permission usage at cloud scale.
Tracking Highly Evasive APTs with Vectra Detect & Microsoft Sentinel: Tom D’ Aquino, Senior Security Engineer at Vectra AI, led this demonstration of real-life threat-hunting using Vectra Detect and Microsoft Sentinel. Tom demonstrated real-world workflows for threat tracking, including individual threat severity, lateral movement, threat targets, and more.
The Shift of “Why” and “How” of Ransomware Attacks; How Microsoft Helps Customers Survive Ransomware: Led by MacKenzie Brown of Microsoft’s Detection and Response Team (DART), this session examined the how and why behind the recent increase in ransomware attacks. Attendees learned how attackers have evolved their methods to exert minimum effort for maximum return on investment (ROI), and why DART’s methodology can help you defeat them.
Microsoft also offered its Security Excellence Awards to 10 winners this year covering a series of cross-functional security sectors. To read up on the details of the award categories, finalist and winners, Microsoft has published that info here.