DP-203 learning - Data Engineering on Microsoft Azure Updated: 2023

For undergraduates we offer a B.S. in Computer Science and Engineering that focuses on programming and building computer systems. For those looking to code and design for the Web, we also offer a B.S. in Web Design and Engineering that pairs a technical education in computing with courses in graphic arts, communication, and sociology.

By your senior year, you'll take on a major project that identifies a need, and then creates a product to address it. Past projects include apps to Improve health care in rural areas, virtual reality software for treating anxiety, and nanosatellite software.

Our graduate programs include an M.S. and Ph.D. in Computer Science and Engineering. The capstone and dissertation work of our grad students often leads to developing solutions that reach far beyond the Santa Clara campus.

Our faculty members have worked for companies like Google and LG, helped write state K-12 curriculum, and collaborated with organizations like the National Science Foundation and the Oak Ridge National Laboratory. During your time here, you'll have the chance to work in their labs or with them through the Sustainable Energy Initiative or Frugal Innovation Lab.

The past year has brought to the world an almost unparalleled and diverse array of technological change. Advances in artificial intelligence are accelerating innovation and reshaping the way societies interact and operate. At the same time, cybercriminals and nation-state attackers have unleashed opposing initiatives and innovations that threaten security and stability in communities and countries around the world.

In latest months, we’ve concluded within Microsoft that the increasing speed, scale, and sophistication of cyberattacks call for a new response. Therefore, we’re launching today across the company a new initiative to pursue our next generation of cybersecurity protection – what we’re calling our Secure Future Initiative (SFI).

This new initiative will bring together every part of Microsoft to advance cybersecurity protection. It will have three pillars, focused on AI-based cyber defenses, advances in fundamental software engineering, and advocacy for stronger application of international norms to protect civilians from cyber threats. Charlie Bell, our Executive Vice President for Microsoft Security, has already shared the Secure Future Initiative details with our engineering teams and what this action plan means for our software development practices.

I share below our perspective on the changes that have led us to take these new steps, as well as more information on each part of our Secure Future Initiative.

The changing threat landscape

In late May, we published information showing new nation-state cyber activity targeting critical infrastructure organizations across the United States. The activity was disconcerting not only because of its threat to civilians across the country, but because of the sophistication of the techniques involved. As we highlighted in May, the attacks involved sophisticated, patient, stealthy, well-resourced, and government-backed techniques to infect and undermine the integrity of computer networks on a long-term basis. We witnessed similar activities this summer targeting cloud services infrastructure, including at Microsoft.

These attacks highlight a fundamental attribute of the current threat landscape. Even as latest years have brought enormous improvements, we will need new and different steps to close the remaining cybersecurity gap. As we shared last month in our annual Microsoft Digital Defense Report, the implementation of well-developed cyber hygiene practices now protect effectively against a large majority of cyberattacks. But the best-resourced attackers have responded by pursuing their own innovations, and they are acting more aggressively and with even more sophistication than in the past.

Brazen nation-state actors have become more prolific in their cyber operations, conducting espionage, sabotage, destructive attacks, and influence operations against other countries and entities with more patience and persistence. Microsoft estimates that 40% of all nation-state attacks in the past two years have focused on critical infrastructure, with state-funded and sophisticated operators hacking into vital systems such as power grids, water systems, and health care facilities. In each of these sectors, the consequences of potential cyber disruption are obviously dire.

At the same time, improving protection has raised the barriers to entry for cybercriminals, but has enabled some market consolidation for a smaller but more pernicious group of sophisticated actors. Microsoft’s Digital Crimes Unit is tracking 123 sophisticated ransomware-as-a-service affiliates, which lock or steal data and then demand a payment for its return. Since September 2022, we estimate that ransomware attempts have increased by more than 200%. While firms with effective security can manage these threats, these attacks are becoming more frequent and complex, targeting smaller and more vulnerable organizations, including hospitals, schools, and local governments. More than 80% of successful ransomware attacks originate from unmanaged devices, highlighting the importance of expanding protective measures to every single digital device.

Today’s cyber threats emanate from well-funded operations and skilled hackers who employ the most advanced tools and techniques. Whether they work for geopolitical or financial motives, these nation states and criminal groups are constantly evolving their practices and expanding their targets, leaving no country, organization, individual, network, or device out of their sights. They don’t just compromise machines and networks; they pose serious risks to people and societies. They require a new response based on our ability to utilize our own resources and our most sophisticated technologies and practices.

AI-based cyber defense

The war in Ukraine has demonstrated the tech sector’s ability to develop cybersecurity defenses that are stronger than advanced offensive threats. Ukraine’s successful cyber defense has required a shared responsibility between the tech sector and the government, with support from the country’s allies. It is a testament to the coupling of public-sector leadership with corporate investments and to combining computing power with human ingenuity. As much as anything, it provides inspiration for what we can achieve at an even greater scale by harnessing the power of AI to better defend against new cyber threats.

As a company, we are committed to building an AI-based cyber shield that will protect customers and countries around the world. Our global network of AI-based datacenters and use of advanced foundation AI models puts us in a strong position to put AI to work to advance cybersecurity protection.

As part of our Secure Future Initiative, we will continue to accelerate this work on multiple fronts.

First, we are taking new steps to use AI to advance Microsoft’s threat intelligence. and the Microsoft Threat Analysis Center (MTAC) are using advanced AI tools and techniques to detect and analyze cyber threats. We are extending these capabilities directly to customers, including through our Microsoft security technologies, which collects and analyzes customer data from multiple sources.

One reason these AI advances are so important is because of their ability to address one of the world’s most pressing cybersecurity challenges. Ubiquitous devices and constant internet connections have created a vast sea of digital data, making it more difficult to detect cyberattacks. In a single day, Microsoft receives more than 65 trillion signals from devices and services around the world. Even if all 8 billion people on the planet could look together for evidence of cyberattacks, we could never keep up.

But AI is a game changer. While threat actors seek to hide their threats like a needle in a vast haystack of data, AI increasingly makes it possible to find the right needle even in a sea of needles. And coupled with a global network of datacenters, we are determined to use AI to detect threats at a speed that is as fast as the Internet itself.

Second, we are using AI as a gamechanger for all organizations to help defeat cyberattacks at machine speed. One of the world’s biggest cybersecurity challenges today is the shortage of trained cybersecurity professionals. With a global shortage of more than three million people, organizations need all the productivity they can muster from their cybersecurity workforce. Additionally, the speed, scale, and sophistication of attacks creates an asymmetry where it’s hard for organizations to prevent and disrupt attacks at scale. Microsoft’s Security Copilot combines a large language model with a security-specific model that has various skills and insights from Microsoft’s threat intelligence. It generates natural language insights and recommendations from complex data, making analysts more effective and responsive, catching threats that may have been missed and helping organizations prevent and disrupt attacks at machine speed.

Another vital ingredient for success is the combination of these AI-driven advances with the use of extended detection and response capabilities in endpoint devices. As noted above, today more than 80% of ransomware compromises originate from unmanaged or “bring-your-own devices” that employees use to access work-related systems and information. But once managed with a service like Microsoft Defender for Endpoint, AI detection techniques provide real-time protection that intercepts and defeats cyberattacks on computing endpoints like laptops, phones, and servers. Wartime advances in Ukraine have provided extensive opportunities to test and extend this protection, including the successful use of AI to identify and defeat Russian cyberattacks even before any human detection.

Third, we are securing AI in our services based on our Responsible AI principles. We recognize that these new AI technologies must move forward with their own safety and security safeguards. That’s why we’re developing and deploying AI in our services based on our Responsible AI principles and practices. We are focused on evolving these practices to keep pace with the changes in the technology itself.

While most of our cybersecurity services protect consumers and organizations, we are also committed to building stronger AI-based protection for governments and countries. Just last week, we announced that we will spend $3.2 billion to extend our hyperscale cloud computing and AI infrastructure in Australia, including the development of the Microsoft-Australian Signals Directorate Cyber Shield (MACS). In collaboration with this critical agency in the Australian Government, this will enhance our joint capability to identify, prevent, and respond to cyber threats. It’s a good indicator of where we need to take AI in the future, building more secure protection for countries around the world.

New engineering advances

In addition to new AI capabilities, a more secure future will require new advances in fundamental software engineering. That’s why Charlie Bell is sending to our employees this morning an email co-authored with his engineering colleagues Scott Guthrie and Rajesh Jha. This launches as part of our Secure Future Initiative a new standard for security by advancing the way we design, build, test, and operate our technology.

You can read Charlie’s entire email here. In summary, it contains three key steps:

First, we will transform the way we develop software with automation and AI. The challenges of today’s cybersecurity threats and the opportunities created by generative AI have created an inflection point for secure software engineering. The steps Charlie is sharing with our engineers today represent the next evolutionary stage of the Security Development Lifecycle (SDL), which Microsoft invented in 2004. We will now evolve this to what we’re calling “dynamic SDL,” or dSDL. This will apply systematic processes to continuously integrate cybersecurity protection against emerging threat patterns as our engineers code, test, deploy, and operate our systems and services. As Charlie explains, we will couple this with other additional engineering measures, including AI-powered secure code analysis and the use of GitHub Copilot to audit and test source code against advanced threat scenarios.

As part of this process, over the next year we will enable customers with more secure default settings for multifactor authentication (MFA) out-of-the-box. This will expand our current default policies to a wider band of customer services, with a focus on where customers need this protection the most. We are keenly sensitive to the impact of such changes on legacy computing infrastructure, and hence we will focus on both new engineering work and expansive communications to explain where we are focused on these default settings and the security benefits this will create.

Second, we will strengthen identity protection against highly sophisticated attacks. Identity-based threats like password attacks have increased ten-fold during the past year, with nation-states and cybercriminals developing more sophisticated techniques to steal and use login credentials. As Charlie explains, we will protect against these changing threats by applying our most advanced identity protection through a unified and consistent process that will manage and verify the identities and access rights of our users, devices, and services across all our products and platforms. We will also make these advanced capabilities freely available to non-Microsoft application developers.

As part of this initiative, we also will migrate to a new and fully automated consumer and enterprise key management system with an architecture designed to ensure that keys remain inaccessible even when underlying processes may be compromised. This will build upon our confidential computing architecture and the use of hardware security modules (HSMs) that store and protect keys in hardware and that encrypts data at rest, in transit, and during computation.

Third, we are pushing the envelope in vulnerability response and security updates for our cloud platforms. We plan to cut the time it takes to mitigate cloud vulnerabilities by 50%. We also will encourage more transparent reporting in a more consistent manner across the tech sector.

We no doubt will add other engineering and software development practices in the months and years ahead, based on learning and feedback from these efforts. Like Trustworthy Computing more than two decades ago, our SFI initiatives will bring together people and groups across Microsoft to evaluate and innovate across the cybersecurity landscape.

Stronger application of international norms

Finally, we believe that stronger AI defenses and engineering advances need to be combined with a third critical component – the stronger application of international norms in cyberspace.

In 2017, we called for a Digital Geneva Convention, a set of principles and norms that would govern the behavior of states and non-state actors in cyberspace. We argued that we needed to enforce and augment the norms needed to protect civilians in cyberspace from a broadening array of cyberthreats. In the six years since that call, the tech sector and governments have taken numerous steps forward in this space, and the precise nature of what we need has evolved. But in spirit and at its heart, I believe the case for a Digital Geneva Convention is stronger than ever.

The essence of the Geneva Convention has always been the protection of innocent civilians. What we need today for cyberspace is not a single convention or treaty but rather a stronger, broader public commitment by the community of nations to stand more resolutely against cyberattacks on civilians and the infrastructure on which we all depend. Fundamentally, we need renewed efforts that unite governments, the private sector, and civil society to advance international norms on two fronts. We will commit Microsoft’s teams around the world to help advocate for and support these efforts.

First, we need to stand together more broadly and publicly to endorse and reinforce the key norms that provide the red lines no government should cross.

We should all abhor determined nation-state efforts that seek to install malware or create or exploit other cybersecurity weaknesses in the networks of critical infrastructure providers. These bear no connection to the espionage efforts that governments have pursued for centuries and instead appear designed to threaten the lives of innocent civilians in a future crisis or conflict. If the principles of the Geneva Convention are to have continued vitality in the 21^st century, the international community must reinforce a clear and bright red line that places this type of conduct squarely off limits.

Therefore, all states should commit publicly that they will not plant software vulnerabilities in the networks of critical infrastructure providers such as energy, water, food, medical care, or other providers. They should also commit that they will not permit any persons within their territory or jurisdiction to engage in cybercriminal operations that target critical infrastructure.

Similarly, the past year has brought increasing nation-state efforts to target cloud services, either directly or indirectly, to gain access to sensitive data, disrupt critical systems, or spread misinformation and propaganda. Cloud services themselves have become a critical piece of support for every aspect of our societies, including reliable water, food, energy, medical care, information, and other essentials.

For these reasons, states should recognize cloud services as critical infrastructure, with protection against attack under international law.

This should lead to three related commitments:

• States should not engage in or allow any persons within their territory or jurisdiction to engage in cyber operations that would compromise the security, integrity, or confidentiality of cloud services.
• States should not indiscriminately compromise the security of cloud services for the purposes of espionage.
• States should construct cyber operations to avoid imposing costs on those who are not the target of operations.

Second, we need governments to do more together to foster greater accountability for nation states that cross these red lines. The year has not been lacking in hard proof of nation-state actions that violate these norms. What we need now is the type of strong, public, multilateral, and unified attributions from governments that will hold these states accountable and discourage them from repeating the misconduct.

Tech companies and the private sector play a major role in cybersecurity protection, and we are committed to new steps and stronger action. But especially when it comes to nation-state activity, cybersecurity is a shared responsibility. And just as tech companies need to do more, governments will need to do more as well. If we can all come together, we can take the types of steps that will supply the world what it deserves – a more secure future.

Tags: AI, cyberattacks, cybercrime, cybersecurity, Responsible AI, Secure Future Initiative, Security Copilot, SFI

key Responsibilities:

System Design and Implementation: Design, deploy, and maintain Microsoft server systems, including Windows Server, Active Directory, and related services, ensuring scalability and high availability.

Server Administration: Perform server administration tasks, such as installation, configuration, maintenance, and troubleshooting of Windows servers. Active Directory Management: Manage and maintain the Active Directory infrastructure, including user accounts, group policies, security, and authentication.

Email and Collaboration Services: Configure, administer, and troubleshoot Microsoft Exchange for email services and collaborate on tools like Microsoft Teams and SharePoint.

Security and Compliance: Implement security measures, compliance policies, and disaster recovery solutions to protect data and systems. Manage security features like Microsoft Defender and Azure Security Center.

Virtualization: Utilize Microsoft Hyper-V or Azure virtualization technologies for server virtualization and cloud integration.

Backup and Recovery: Develop and maintain backup and disaster recovery strategies using Microsoft technologies, such as Azure Backup and Azure Site Recovery.

Patch Management: Keep systems up to date by applying Windows Updates, service packs, and security patches.

Desired Skills:

• Azure
• Troubleshooting
• Microsoft Hyper-V
• MS SQL 2012
• MS SQL 2014
• MS SQL 2019
• MS SQL
• MS SharePoint
• ShareGate
• Adobe reader
• Attachmate
• Citrix client
• Cisco Jabber
• Webex
• Microsoft Azure AD

Desired Work Experience:

• 2 to 5 years [other] Information Technology
• 2 to 5 years Systems / Network Administration

Desired Qualification Level:

Learn more/Apply for this position

In the wake of a string of cyberattacks, Microsoft announced a new initiative today called the Secure Future Initiative (SFI). And it’s impossible not to think of its Trustworthy Computing initiative of two decades ago and how much the world has changed since then.

“In latest months, we’ve concluded within Microsoft that the increasing speed, scale, and sophistication of cyberattacks call for a new response,” Microsoft president Brad Smiths writes in a new post to Microsoft On the Issues. “This new initiative will bring together every part of Microsoft to advance cybersecurity protection.”

SFI is built on three pillars:

AI-based cyber defenses. Microsoft will “put AI to work to advance cybersecurity protection” and protect its customers worldwide with an “AI-based cyber shield,” Smith says. This will include using AI to advance Microsoft’s threat intelligence and extending these capabilities directly to its customers. “AI is a game changer,” he says. “Coupled with a global network of datacenters, we are determined to use AI to detect threats at a speed that is as fast as the Internet itself.”

Advances in fundamental software engineering. This is the bit that is most reminiscent of Trustworthy Computing: Charlie Bell, Microsoft’s executive vice president for Security, has informed the company’s employees how SFI will advance the way Microsoft designs, builds, tests, and operates its technology. It will use AI and automation to transform the way it develops software, strengthen identity protection against highly sophisticated attacks, and cut the time it takes to mitigate cloud vulnerabilities by 50 percent while being more transparent and consistent when reporting incidents.

Advocacy for stronger application of international norms to protect civilians from cyber threats. Reissuing Microsoft’s 2017 call for a Digital Geneva Convention, Smith says the need now is greater than ever. “What we need today for cyberspace is … a stronger, broader public commitment by the community of nations to stand more resolutely against cyberattacks on civilians and the infrastructure on which we all depend,” he writes. “Fundamentally, we need renewed efforts that unite governments, the private sector, and civil society to advance international norms on two fronts. We will commit Microsoft’s teams around the world to help advocate for and support these efforts.”

You can learn more about SFI in Charlie Bell’s email to Microsoft’s employees and on the Microsoft Secure Future Initiative website.

Jay Hack, an AI researcher with a background in natural language processing and computer vision, came to the realization several years ago that large language models (LLMs) — think OpenAI’s GPT-4 or ChatGPT — have the potential to make developers more productive by translating natural language requests into code.

After working at Palantir as a machine learning engineer and building and selling Mira, an AI-powered shopping startup for cosmetics, Hack began experimenting with LLMs to execute pull requests — the process of merging new code changes with main project repositories. With the help of a small team, Hack slowly expanded these experiments into a platform, Codegen, that attempts to automate as many mundane, repetitive software engineering tasks as possible leveraging LLMs.

“Codegen automates the menial labor out of software engineering by empowering AI agents to ship code,” Hack told TechCrunch in an email interview. “The platform enables companies to move significantly quicker and eliminates costs from tech debt and maintenance, allowing companies to focus on product innovation.”

So, one might wonder, what sets Codegen apart from code-generating AI like GitHub Copilot, Amazon CodeWhisperer and the Salesforce model with which Codegen shares a name? For one, the challenges that Codegen’s tackling, Hack says. Whereas Copilot, CodeWhisperer and others focus on code autocompletion, Codegen sees to “codebase-wide” issues like large migrations and refactoring (i.e. restructuring an app’s code without altering its functionality).

“Codegen leverages a multi-agent system for complex code generation,” Hack explained. “This entails orchestrating a swarm of agents that collaboratively decompose and solve large tasks. Many LLMs effectively deliberate and build upon each other’s work, [which] yields significantly better outputs.”

Image Credits: Codegen

Codegen’s core product is a cloud and on-premises tool that connects to codebases and project management boards, such as Jira and Linear, and automatically generates pull requests to address support tickets. The platform can even set up some of the necessary code infrastructure and logging, Hack says — although it wasn’t clear to this reporter what Hack meant by “infrastructure.”

“In contrast to other solutions, Codegen provides a higher level of automation in executing entire tasks on behalf of developers,” Hack said. “We scrape a company’s backlog, find the solvable tickets, then spin up an army of agents to find the relevant code and produce a pull request.”

Now, Codegen’s promising a lot considering even the best AI models today make major mistakes. For example, it’s well-established that generative coding tools can introduce insecure code, with one Stanford study suggesting that software engineers who use code-generating AI are more likely to cause security vulnerabilities in the apps they develop.

Hack says that Codegen, for its part, is trying to strike “the right balance” of human oversight and best practices surrounding monitoring LLM-generated code.

“This is important work, and the entire development ecosystem would benefit from a better understanding of how to evaluate and verify LLM output,” Hack said. “Significant advances will need to occur for there to be widespread developer trust in generalized, automated code generation systems.”

Investors seem to think that Codegen’s going places, for what it’s worth.

The company this week announced that it closed a $16 million seed round led by Thrive Capital with participation from angel investors including Quora CEO Adam D’Angelo and Instagram co-founder Mike Krieger. The tranche brings Codegen’s total raised to $16.2 million and values the startup at $60 million post-money, Hack claims.

Thrive’s Philip Clark had this to say via email: “In 2023, most developers still spend an unreasonable share of their time writing code to deal with low-level tasks like migrations, refactors, integrations and bug fixes. Companies like Codegen are leveraging LLMs to build AI agents that free engineers from this drudgery. Developers will soon be able to hand off jobs to agents so that they can stop worrying about software toil and stay focused on creating new products.”

San Francisco-based Codegen doesn’t have paying customers yet — it’s currently incubating the platform with two “large-scale” enterprise partners. But Hack’s anticipating growth into the next year.

“We’re raising significant capital as the opportunity to make such a substantial and ambitious product has only recently emerged, and we want to sprint full force towards the market,” he said, adding that Codegen plans to grow its workforce from six employees to 10 by the end of the year. “The funds will be used to scale our workforce and support our infrastructure.”

Attackers are turning to generative AI to hunt for the easiest endpoints to breach, combining their attacks with social engineering to steal admin identities so they don’t have to hack into networks — they walk right in. 

Endpoints overloaded with too many agents are just as unsecure as those that don’t have any. AI and machine learning (ML) are urgently needed in endpoint protection to identify the weakest endpoints, update their patches and harden detection and response beyond what’s available today.  

With endpoints becoming the focal point of more lethal, sophisticated attacks, it’s timely that Forrester published their Endpoint Security Wave for Q4, 2023. The research firm evaluated thirteen endpoint providers’ current offerings, strategy and market presence. Bitdefender, BlackBerry, Broadcom, Cisco, CrowdStrike, ESET, Microsoft, Palo Alto Networks, SentinelOne, Sophos, Trend Micro, Trellix and VMware are included in the Wave. 

Forrester notes in the report that “endpoint security vendors have evolved beyond simple malware prevention or “next-generation antivirus” to incorporate behavioral analysis and prevention, vulnerability and patch remediation and advanced threat preventions for data, identity and network, all of which have benefitted the customers using these products.”  

How AI and ML are boosting endpoint security

AI and ML provide a much-needed boost to endpoint security. Every provider in Forrester’s Wave is fast-tracking the technologies on their platform roadmaps to drive more sales through consolidation.

VentureBeat has learned that these roadmaps include new applications and tools that will deliver step-wise gains in behavioral analytics, real-time authentication, improved tools for closing the identity-endpoint gaps and AI-based indicators of attack (IOA) and indicators of compromise (IOAs). 

IOAs are designed to detect an attacker’s intent and to identify their goals regardless of the malware or exploit used in an attack. An IOC provides the forensics needed for evidence of a breach. IOAs must be automated to deliver accurate, real-time data on attack attempts to understand attackers’ intent and kill any intrusion attempt.

Of the providers profiled by Forrester, CrowdStrike is the first to deliver AI-based IOAs.  While not mentioned in the Wave, ThreatConnect, Deep Instinct and Orca Security also use AI and ML to streamline IOCs.

“AI is incredibly, incredibly effective in processing large amounts of data and classifying this data to determine what is good and what’s bad,” Vasu Jakkal, corporate VP for Microsoft Security, Compliance, Identity and Privacy, said during an insightful keynote at RSA Conference. “At Microsoft, we process 24 trillion signals every single day and that’s across identities and endpoints and devices and collaboration tools and much more.”

Trends driving the endpoint security market

Endpoint security providers are under pressure from customers to consolidate platforms while providing more functionality at a lower price and deliver step-change improvements in visibility and control.

A CISO responsible for protecting one of the nation’s largest insurance and financial services firms told VentureBeat that her teams’ first place to look for consolidation wins is endpoint security. Extended detection and response (XDR) shows the potential to deliver the consolidation CISOs have been asking for.

Forrester senior analyst Paddy Harrington writes that, “while many organizations are now looking to enhance their security operations with endpoint detection and response (EDR) or XDR solutions to allow for better threat and incident investigation, securing the endpoint starts with a strong endpoint protection platform, and that was the focus of this Forrester Wave evaluation.” 

Harrington points to three dominant trends driving the endpoint security market: 

A stronger focus on prevention to protect threat analysts’ time

Security analysts need more effective tools for preventing attacks to protect their time and break out of the endless cycle of responding to and recovering from attacks. Harrington points out that in previous years, the focus had been on detection and response — deprioritizing prevention — due to the belief that it was the best way to respond to incidents. He said that endpoint security solutions can help provide analysts with the opportunity to split time between investigation and recovery by making prevention more efficient.

Toolkits already play an important role in consolidation

CISOs tell VentureBeat that 2023 became the year of consolidation, coincident with rising interest rates and spiraling inflation. CrowdStrike and Palo Alto Networks were ahead of the curve, using their user events in 2022 to sell consolidation as a growth strategy. Forrester has written about today’s cybersecurity staffing challenges and the resulting consolidation security products protecting the endpoint. He points out that including vulnerability and patch remediation or secure configuration management in endpoint security reduces the number of tools needed to maintain a proper endpoint security posture, helping CISOs achieve their consolidation and cost-reduction goals.

Endpoint protection helps accelerate the transition from EDR or XDR

EDR platforms that support data independence and portability are critical for the long-term success of an endpoint strategy and the long-term success of any XDR platform. Harrington cautions that migrating from an EDR to an XDR platform should not require reconfiguring endpoints. The greater the coverage across different attack vectors, the simpler and more scalable incident correlation becomes, with the mean time to resolution shortened.

Forrester’s take on the market leaders

Wave leaders include CrowdStrike, Trend Micro, Bitdefender and Microsoft. Forrester broke down their strengths and weaknesses.

 CrowdStrike is a strong fit for enterprises migrating from EDR to XDR

Forrester writes in the report that “CrowdStrike is a good fit for customers who are interested in evolving to EDR or XDR, based off of a full set of prevention functions using a single endpoint agent.” CrowdStrike is well-known as an enterprise-ready endpoint security solution, and Forrester found that the company’s inclusion of functions like secure configuration management and reporting and extensive attack remediation capabilities has made this an attractive endpoint security solution even for small and medium-sized business (SMB) customers.

CrowdStrikes’ additional module pricing could make their solution higher-priced, and customers are concerned that their latest acquisitions may not integrate with the core platforms. CrowdStrike customers praised the core endpoint security capabilities and their ability to stop attacks quickly. 

Trend Micro: A Veteran in endpoint security with a strong focus on innovation and XDR

Forrester gives High Score to Trend Micro for their reputation with customers as an endpoint security solution “that just works.” Forrester found that Trend Micro’s move from the on-premises Apex One solution to the cloud-native Trend Vision One — Endpoint Security continues to support features across both environments.

Trend Micro also invests heavily in R&D, including for its XDR platform. Trend Micro customers rated the company as the best vendor to work with among all their security solution providers. Forrester found that “Trend Micro is a good fit for customers who want a consistently strong endpoint protection platform that can support evolving to XDR.”

Bitdefender: A prevention-first endpoint security tool with flexible pricing

Bitdefender’s expertise with prevention engines sets the company apart from other leaders, further strengthening their prevention-first mindset from product development to services. Forrester found that Bitdefender further differentiates itself in its expertise in mobile threat defense, integrated patching, vulnerability management and reliance on a single agent for all functions. Forrester notes that Bitdefender’s vision “is on par with most of the field on moving to XDR, but the roadmap doesn’t have the depth of others.”

Microsoft a strong fit with less experienced security staff

E3 and E5 are Microsoft licensing frameworks with which Defender for Endpoint is priced. The E5 license is designed for large organizations that require advanced security features and compliance capabilities. Forrester gives Microsoft credit for a strong roadmap for endpoint security that includes expanding Defender functionality to operational tech (OT) and IoT devices and continuing its strategy of building an extensive partner community. Microsoft’s vision for Defender is both simple for SMBs and detailed for global enterprises. Still, its licensing models are the most challenging in the industry, with advanced features requiring enterprise agreements.

The Collat School of Business Learning Community is for students who plan to or are interested in a business major. This community is for those interested in joining a community of students, faculty, and staff who are passionate about all areas of business. On-campus residents will work together to explore different business practices and engage in problem-solving and extracurricular activities that provide real-world context and experience. Programming within the Academic Learning Community is a partnership between the Office of Student Housing and Residence Life and the UAB Collat School of Business.

As a part of this community, students will be exposed to and be able to participate in various professional and recreational development activities that will assist in self-assessment, exploration of academic majors, career exploration, and networking. Students in the Business Learning Community will also be able to build strong connections while taking similar courses, forming study groups, and learning from upper-level peer mentors.

Benefits:

• Learn, lead, collaborate, and serve as you prepare to become future business and community leaders.
• Build a community of peers interested in and taking courses in similar topics.
• Network with other students and faculty in similar fields.
• Participate in programs designed to help students discover and strengthen their business-related knowledge and skills.

Eligibility:

• Must be an on-campus resident interested in or intending to major in Business.

Microsoft warns that the BlueNoroff North Korean hacking group is setting up new attack infrastructure for upcoming social engineering campaigns on LinkedIn.

This financially motivated threat group (tracked by Redmond as Sapphire Sleet) also has a documented history of cryptocurrency theft attacks targeting employees within cryptocurrency companies.

After picking their targets following initial contact on LinkedIn, the BlueNoroff hackers backdoor their systems by deploying malware hidden in malicious documents pushed via private messages on various social networks.

"The threat actor that Microsoft tracks as Sapphire Sleet, known for cryptocurrency theft via social engineering, has in the past few weeks created new websites masquerading as skills assessment portals, marking a shift in the persistent actor's tactics," according to Microsoft Threat Intelligence security experts.

"Sapphire Sleet typically finds targets on platforms like LinkedIn and uses lures related to skills assessment. The threat actor then moves successful communications with targets to other platforms."

Previously, the North Korean state hackers were seen distributing malicious attachments directly or using links to pages hosted on legitimate websites like GitHub.

However, Microsoft believes that swift detection and removal of the attackers' malicious files from legitimate online services prompted the BlueNoroff hackers to create their own websites capable of hosting malicious payloads.

These websites are password-protected to thwart analysis efforts and are camouflaged as skills assessment portals, urging recruiters to register for an account.

Earlier this week, Jamf Threat Labs' security researchers linked BlueNoroff to new ObjCShellz macOS malware used to backdoor targeted Macs by opening remote shells on compromised devices.

In latest years, Kaspersky linked BlueNoroff to a series of attacks against cryptocurrency startups and financial organizations worldwide, including in the U.S., Russia, China, India, the U.K., Ukraine, Poland, Czech Republic, UAE, Singapore, Estonia, Vietnam, Malta, Germany, and Hong Kong.

Additionally, the FBI attributed the largest crypto hack in history—the breach of Axie Infinity's Ronin network bridge—to the Lazarus and BlueNoroff hacking groups. The attackers stole 173,600 Ethereum and 25.5 million USDC tokens, amounting to over $617 million.

Four years ago, a United Nations report estimated that North Korean state hackers, including BlueNoroff, had already stolen around $2 billion in at least 35 cyberattacks targeting banks and cryptocurrency exchanges across more than a dozen countries.

In 2019, the U.S. Treasury also sanctioned BlueNoroff and two other North Korean hacking groups (Lazarus Group and Andariel) for channeling stolen financial assets to the North Korean government.