On Tuesday, Sept. 10, we hosted the Windows Endpoint Security Ecosystem Summit. This forum brought together a diverse group of endpoint security vendors and government officials from the U.S. and Europe to discuss strategies for improving resiliency and protecting our mutual customers’ critical infrastructure. Although this was not a decision-making meeting, we believe in the importance of transparency and community engagement. Therefore, we’re sharing the key themes and consensus points discussed during the summit, offering insights into our initial conversations. We want to thank every one of our summit attendees for dedicating their time to participating in these meaningful discussions. The CrowdStrike incident in July underscored the responsibility security vendors have to drive both resiliency and agile, adaptive protection. And it was inspiring to see the engagement throughout the event’s agenda and activities. Together with our Microsoft Virus Initiative (MVI) partners—companies who develop endpoint protection and additional security products for Windows, covering client, server and IoT—we discussed the complexities of the modern security landscape, acknowledging there are no simple solutions. A key consensus point at the summit was that our endpoint security vendors and our mutual customers benefit when there are options for Windows and choices in security products. It was apparent that, given the vast number of endpoint products on the market, we all share a responsibility to enhance resiliency by openly sharing information about how our products function, handle updates and manage disruptions. In the short term, we discussed several opportunities to improve how we support the safety and resiliency of our mutual customers. First, we spent time going into depth on how we employ Safe Deployment Practices (SDP) at Microsoft and where we can create shared best practices as a community, including sharing data, tools and documented processes. We face a common set of challenges in safely rolling out updates to the large Windows ecosystem, from deciding how to do measured rollouts with a diverse set of endpoints to being able to pause or rollback if needed. A core SDP principle is gradual and staged deployment of updates sent to customers. Microsoft Defender for Endpoint publishes SDPs and many of our ecosystem partners such as Broadcom, Sophos and Trend Micro have shared how they approach SDPs as well. This rich discussion at the Summit will continue as a collaborative effort with our MVI partners to create a shared set of best practices that we will use as an ecosystem going forward. Beyond the critical SDP work, there are several ways we can enhance our support for customers in the near term. Building on the MVI program we have today, we discussed how Microsoft and partners can increase testing of critical components, improve joint compatibility testing across diverse configurations, drive better information sharing on in-development and in-market product health, and increase incident response effectiveness with tighter coordination and recovery procedures. These are a sampling of the topics we plan to make rapid progress on, to improve our collective customers’ security and resiliency. In addition, our summit dialogue looked at longer-term steps serving resilience and security goals. Here, our conversation explored new platform capabilities Microsoft plans to make available in Windows, building on the security investments we have made in Windows 11. Windows 11’s improved security posture and security defaults enable the platform to provide more security capabilities to solution providers outside of kernel mode. Both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode which, along with SDP, can be used to create highly available security solutions. At the summit, Microsoft and partners discussed the requirements and key challenges in creating a new platform which can meet the needs of security vendors. Some of the areas discussed include:
Continue reading...
- Performance needs and challenges outside of kernel mode
- Anti-tampering protection for security products
- Security sensor requirements
- Development and collaboration principles between Microsoft and the ecosystem
- Secure-by-design goals for future platform
Continue reading...