Cybersecurity teams are in a tough spot these days.
They are stuck between the pace of change in technology, the shortage of security professionals, and an overabundance of security tools all demanding their attention. It's a combination that should make the all-encompassing Microsoft Security product suite a compelling idea – if you can determine a migration strategy that makes sense for your company.
That's the challenge two seasoned security pros tackled in the webinar "Accelerating Value from Microsoft Defender XDR, Copilot, and Sentinel," the last in the five-part Trustwave webinar series, "Unlocking the Power of Microsoft Security" Kory Daniels, Trustwave's Chief Information Security Officer, and Jesse Emerson, the company's Senior Vice President of Product Management and Solutions Engineering, offered advice for how to take advantage of Microsoft Security products based on Trustwave's own experience adopting the tools and its long tenure as a Microsoft security partner, complete with access to preview versions of products.
Technologies such as artificial intelligence, including GenAI, profoundly impact both sides of the security equation. Bad actors use them to up their game, while security pros likewise employ AI to shore up defenses. That's on top of all the usual advances we're used to seeing in all areas of technology.
"We as security leaders ask a lot of our team members to keep up with the education of these technologies that we have, Microsoft included," Daniels said. "The technologies seem to be evolving at a pace that I can't really recall."
Vendor sprawl only compounds the issue, as companies average some 70 security tools in their arsenals. To say that makes it difficult to manage vendor relationships and required skills is an understatement.
"How do you keep up with vendor sprawl?" Daniels asked. "You can't."
The answer, then, is to reduce vendor sprawl. Chances are, you'll find plenty of security tools purchased years ago for a then-legitimate purpose that now overlaps in function with any number of other, more recent tools – including Microsoft Security solutions.
As a CISO, Daniels sees reducing vendor sprawl in favor of tools the company is already paying for under the Microsoft E5 license as a way to achieve cost savings, strengthening the cybersecurity team's role as a business entity. "This is a topic I get very excited about," he said.
The question then becomes how best to implement the Microsoft tools. The Microsoft suite has all the parts most companies need, including Defender for Endpoint, for endpoint detection and response (EDR), and other Defender tools for extended detection and response (XDR), identity management, cloud applications, and more. There's also the Sentinel security and information event management (SIEM) tool and more than a dozen others.
No company is likely to lift and shift from their existing security environment to an all-Microsoft world, Emerson said. Instead, companies can run the Microsoft tools in parallel with existing tools for a time, such as until the license expires on any given tool. Running two tools in parallel provides the security team time to learn the Microsoft tool and ensure it works as intended.
The same sort of strategy gives the security team time to ensure the Microsoft Security products work well with each other, which is a common concern, Daniels noted. "We've been able to demystify and debunk that fear on our journey," he said.
Still, adopting the Microsoft Security products is a significant undertaking given the sheer number of tools involved and the pace of change.
In just the last few months, Microsoft has debuted an integrated, unified security operations platform experience that has been in preview for some time, Emerson said.
"It's a combination of the workflow, telemetry, and ability to do automated responses across the [Microsoft Security] stack, which includes the Defender XDR suite, Copilot for Security, and Sentinel," he said. "It offers a tremendous value proposition for cybersecurity teams who are looking to simplify the way they work with the tools, the way they accelerate their investigation process, and get faster, more efficient, and more effective in the way they respond to threats."
Enlisting a Microsoft Security partner can help companies keep up with such developments and gain a deeper understanding of what the tools are capable of and the use cases they apply to, he said.
A partner can also help companies determine where to start, including determining the desired business outcomes, conducting a gap analysis, and mapping out how best to get there from the current state.
Trustwave has numerous options to help with Microsoft Security implementations, including a series of Accelerators that help you more quickly derive value from and improve security outcomes from Microsoft Defender XDR, Microsoft Sentinel, and Microsoft Copilot for Security. A series of managed security services, including MXDR for Microsoft, also enable you to outsource much of the day-to-day operations and monitor your security environment.
To learn more, check out the full webinar, "Accelerating Value from Microsoft Defender XDR, Copilot, and Sentinel".