19 Nov Microsoft Grows Big In Security With Partners

Managed detection and response provider eSentire differentiates

– David Braue

Melbourne, Australia – Nov. 18, 2021

The cybersecurity game was never going to be the same once Microsoft made a serious play for the space, and this year the company has lived up to that promise: with $10 billion in security business revenues last year and its August pledge to invest $20 billion more over the next five years, Microsoft’s partner-focused strategy is paying off big time for managed detection and response (MDR) partners.

Those partners have been a key consideration in the expanding security ecosystem of Microsoft, which has provided an extensive array of APIs to improve integration with its cloud-based security services.

The company has also been expanding its certifications and specializations to ensure partners can meet the increasingly sophisticated needs of enterprise customers struggling to secure their digitally transformed environments.

Partners increased their security business revenues by up to 130 percent year-on-year by buying into Microsoft’s security ecosystem, a Microsoft-commissioned Forrester Consulting survey found, while the company’s recent announcement of a 400 percent increase in partner program funding — including expansion of its Microsoft Intelligent Security Association (MISA), new skilling resources, and a new advanced specialization for security — suggests there are even bigger things to come.

Cybercrime Radio: Microsoft continues to lead

eSentire secures the ecosystem, stops the bad guys

For MDR provider eSentire, Microsoft’s API-driven strategy has been the key to delivering a core market differentiator — a guaranteed 4-hour response time, which was introduced earlier this year after the company’s acquisition of digital forensics company CyFIR.

“Direct API integration for being able to take a response action is how we get to those response times that are a differentiator for us,” Kurtis Armour, director of product management – endpoint and Microsoft security with eSentire, recently told Cybercrime Magazine.

Microsoft’s success in building a community of interconnected partners has positioned the company to become the dominant force in a security industry that has exploded over the past year, with Cybersecurity Ventures projecting that the market will grow 15 percent year-on-year to represent $1.75 trillion in spending from 2021 to 2025.

The Redmond giant’s recent commitment to invest $20 billion in its security ecosystem is designed to tap that growth — and Armour is confident that Microsoft’s steady innovation in areas like cloud-based next-generation SIEMs and zero-trust security will keep it a force to be reckoned with.

“We’re going to see Microsoft continue to be a leader in each of their categories,” he said. “With the interconnectivity of all the Microsoft products, aligned with delivering best-in-class security, we expect it to take over the cloud SIEM market and displace the likes of the Splunks, QRadars, and LogRhythms out there.”

Intelligence-powered response

Integration is particularly important for eSentire, which relies on API integrations to enable the continuous collection and analysis of threat-intelligence data to support its detection and response capabilities.

These capabilities are supported by eSentire’s Threat Response Unit (TRU), which maintains three core operations that work in concert to stay ahead of emerging threats.

The Tactical Threat Response Unit, for example, “is specifically for creating novel detections that are missed within the native products that we work with,” Armour explained.

Its Threat Intelligence operation “is an important part of being able to do retroactive analysis on threats that we’ve seen, as well as taking data that we get from industry and being able to pump that for indicators of compromise, indicators of attack, and looking for attack patterns within our customer base.”

The third arm of TRU, the Advanced Threat Analytics team, refines machine-learning models and “complex detections that you just can’t do in a query,” he said. “These are unique, high-fidelity detections that are sent through the SOC, where they do investigation and response.”

By integrating these capabilities with Microsoft’s broader identity-based security services, eSentire is expanding the reach of its solutions with a looming cloud application security broker (CASB) offering that will increase the company’s visibility and control of SaaS applications.

“There are a lot of cool things that we’re going to get to do with Microsoft,” Armour said, noting that the company recently achieved Gold Security partner status with Microsoft and is in the process of getting an Advanced Specialization in Identity and Access Management.

The company’s investment in understanding Microsoft’s evolving security services is seen as a key enabler of a business model that eSentire uses to differentiate itself against competitors by using API-based automation to proactively respond to incidents that others, Armour noted, might simply drop in the customer’s lap.

“We not only stop the bad guy and prevent business-interrupting events, but we also go in and kick out the bad guy,” he explained, noting that “when we think about Microsoft and the actions that we’re able to take tied to email, endpoint and identity, those are the main things for us to be able to take care of a specific threat within a customer’s environment.”

“If you can control visibility, detection and response across all those points, you’re able to deal with any threat that comes up.”

“We will make sure whatever access that [cybercriminal] had to execute their initial attack lifecycle, they no longer have that anymore — and the customer is in a healthy and clean state to be able to release that from isolation and go back to their normal business.”

– David Braue is an award-winning technology writer based in Melbourne, Australia.

Go here to read all of David’s Cybercrime Magazine articles.