SC-100 syllabus - Microsoft Cybersecurity Architect Updated: 2023

By Narayan Annamalai

When cybersecurity measures fail, the results can be devastating and costly. In the past year, network security failures have led to downed websites, delayed flights, unavailable video games, and much more. Such incidents can erode customer, investor, and board member trust and result in the types of headlines you don’t want. Technology challenges and the growing frequency and sophistication of cyberattacks spur conversation—and understandable worry—across industries. CISOs and other C-Suite members, as well as security professionals, recognize how increased cloud adoption and the shift toward hybrid work have expanded the attack surface. Some leaders also mention the challenges represented by the dynamic and complex regulatory landscape.

Consider these security statistics:

Your network is the heart of your organization—and a tempting prize for bad actors. Network security puts controls in place to help prevent cybercriminals from breaching it. Let’s explore how.

Protecting your data and assets

Cloud network security can keep pace with modern cybersecurity threats in a way that’s not possible with conventional security tools. It can secure the data and applications that are essential to supporting hybrid workforces in cloud environments. And it enables you to protect organization assets from emerging attacks and secure both apps and infrastructure.

Network security in the cloud is important because all assets are accessed over a network. Here are the major components of effective network security in the cloud:

• Zero Trust approach: Zero Trust means using least-privilege access to limit user access, always authenticating identity, and minimizing blast radius and segment access by assuming a security breach. It helps you manage people, devices, data, and assets so you can enable a hybrid workforce, protect sensitive information, and manage multicloud assets with confidence.
• Network firewall: A network firewall helps prevent cybercriminals from accessing your network resources by monitoring and inspecting your network traffic and blocking malicious traffic.
• DDoS protection: Distributed denial of service (DDoS) attacks involve cybercriminals targeting a website or service by flooding it with traffic to disrupt network services. DDoS protection typically provides monitoring, attack mitigation, and other features as defenses.
• Web application protection: Web applications and application programming interfaces (APIs) are popular targets for cybercriminals, as they are accessible over the public internet and may provide access to sensitive data. Web application protection helps protect websites, applications, and APIs from attacks.

Network security in action

Manufacturers create a significant volume of sensitive data, including intellectual property and research and development data. The IoT devices they use are highly targeted in DDoS attacks. And their supply chains are frequent targets as well.

Manufacturers may be more willing than those in other sectors to pay criminals ransom because of the sensitivity of their data and their reliance on the supply chain to receive product components and to ship their products. Attacks that target the supply chain could bring operations to a standstill.

Let’s take a look at a common manufacturing use case—secure connected insights, which can be used for theft prevention, loss monitoring, warehouse optimization, and traffic flow insights across a city or in a retail environment to automate stock replenishment. Manufacturers can monitor the activities of their warehouse floors, assembly lines, production, and distribution in real time via a connected factory setup.

Along with machine learning and compute technologies for mission-critical analytics, manufacturers and other industries need cloud network security to ensure that data is secure and disruption is minimized. It secures your apps and network infrastructure against threats. The benefits of using network security include reducing security threats, improving operational efficiency, and increasing business agility.

Cloud network security services, like those of Azure Network Security, paired with Microsoft Azure Virtual Machines powered by AMD, ensure you can deliver secure connected insights efficiently. Features include:

• Operations scalability to maximize warehouse efficiency
• Faster issue resolution tracking products across the value chain
• Better safety and quality control
• On-time delivery of goods and services

Protect against modern threats

Cyber threats continually challenge traditional security methods. Modern network security can answer the call with a Zero Trust approach, network firewall, DDoS protection, and web application protection.

Microsoft and AMD share the objective of prioritizing network security services—fully secure modern network protection for Azure workloads. Network security can help you protect your people, data, and operations in any sector.

Narayan Annamalai leads the SDN product management group in Microsoft Azure that focuses on virtual networks, load balancing and network security.

Learn how AMD helps accelerate Azure workloads and how Azure Network Security can help your organization protect your data and assets.

The U.S. Department of Defense is quietly abandoning one of its longest running cybersecurity programs protecting its vast global IT network, and replacing it with off-the-shelf tools from Microsoft, despite internal opposition and criticism from experts who say it will make the nation more vulnerable to foreign hackers, enemy cyberwarriors and online spies, Newsweek has learned.

At a series of meetings with DOD Chief Information Officer John Sherman last fall, as the department's fiscal year 2024 budget request was being finalized, a clear majority of senior IT leaders from the military services opposed the move, a former senior defense official directly involved told Newsweek. They were concerned about the department's growing reliance on a single software vendor: "I was completely against it. A lot of us were, for the same reason: It felt like we were further embedding ourselves into this monopolistic (Microsoft) monoculture."

The potential risks were laid bare in March, when it was revealed that hackers suspected to be from Russian military intelligence had been stealthily exploiting a vulnerability in Outlook, Microsoft's email program, for almost a year. The incident, unreported except by the cybersecurity trade press, illustrates what experts say are the dangers of relying exclusively on Microsoft IT.

DOD's decision to push ahead with the move to Microsoft security tools, based on an assessment from the National Security Agency, has cast a new light on long-standing questions about the security of the software produced by the Redmond, Wash.-based technology giant, and the impact of its dominance in government technology markets. It could also run counter to the White House's new cybersecurity strategy, which calls on software companies to offer secure products in the first place rather than selling additional security measures on top.

The NSA declined to provide Newsweek with a copy of the assessment or to comment. The former official said the assessment was a decisive factor behind the decision because everyone understood it could have been informed by undisclosed secret intelligence. "You don't really get to argue that," said the former official, speaking on condition of anonymity because he was not authorized to speak to the media.

The Defense Department's IT network, one of the largest in the world, was already a poster child for what cyber experts call the Microsoft monoculture—an IT environment in which everyone uses the same software, meaning they are all potentially vulnerable to the same cyberattacks.

Since 2017, DOD has exclusively used the Microsoft Windows operating system on all its four million-plus desktop computers and is increasingly employing Microsoft's Azure cloud computing services. And most of its 2.1 million active duty and reserve military personnel and 750,000 civilian employees use Microsoft programs such as Outlook or Office for email, calendar, word processing and other administrative tasks.

Now, the department will use Microsoft Defender—a set of cybersecurity tools bundled with the company's higher-end software licenses—as well, Deputy CIO David McKeown, one of the Defense Department's top cyber officials, confirmed to Newsweek. "Microsoft Defender will provide DOD an integrated cybersecurity solution that promises to satisfy most, if not all, of the capabilities we require" to secure the military's networks, he said via email. He disputed the suggestion that using Microsoft security tools to protect Microsoft software would make the DOD more vulnerable, saying tools that were built from the ground up to integrate with the software they were protecting would be more secure.

In a statement to Newsweek, Microsoft said it was best placed to defend its own products because of the huge amount of data it can draw on from its billions of users all over the world.

"Our teams process and share up to 65 trillion cyber signals a day in order to enhance the security baseline for government and commercial entities. We ... will continue to invest in both integrated and standalone security products to help our government customers combat an increasingly complex threat environment."

But the DOD's move goes too far for some former career defense officials—even those who have led past roll-outs of Microsoft products in DOD. Three of them told Newsweek that over-reliance on the tech giant risks making the U.S. military's computer networks more vulnerable just as America is pivoting from fighting the war on terror to confront peer adversaries such as Russia and China with the technical capabilities to take advantage of those vulnerabilities.

And although there's continuing debate among cyber experts about how best to quantify the security of software, by some measures, Microsoft products do appear more vulnerable to hackers, although the company vigorously contests that analysis.

The U.S. government's Cybersecurity and Infrastructure Security Agency (CISA) keeps a running tally of all vulnerable code found to be weaponized by hackers or cyber criminals. Of 919 vulnerabilities exploited and catalogued up until April 2023, 258 of them, just over 28 percent, have been in Microsoft products. That 258 is more than the total number of exploited vulnerabilities in the products of the next five vendors combined: Cisco, Adobe, Apple, Google and Oracle.

When it comes to the 15 most commonly exploited vulnerabilities across the world in 2021, nine were in Microsoft products, according to data compiled by CISA and its international partners.

In other contexts, the company and its defenders have argued they are a victim of their own success: More vulnerabilities are found in their products because more security researchers are looking for them, they say, owing to their dominant position in so many marketplaces. And when vulnerabilities are found and responsibly disclosed, they are more likely to be exploited by hackers because of the ubiquity of Microsoft products. Just as Willie Sutton robbed banks because that was where the money was, goes the argument, hackers attack Microsoft products because they are used by most large companies and governments.

Microsoft's defenders also argue that counting vulnerabilities per vendor is a very crude measure, and that Microsoft suffers by it because of the high number of products it offers. If you look at vulnerabilities per product, they say, a different picture emerges, in which the most vulnerable products are not Microsoft ones—although many remain high on the list.

A single point of failure

Even setting aside the vulnerabilities question, many cybersecurity experts believe that over-reliance on any single vendor is bad for security. That's why three former Defense Department senior officials who led Microsoft roll-outs at DOD said they questioned the decision to scrap the Endpoint Security Solutions (ESS) program, which has since 2007 bought and customized commercial cybersecurity tools from different vendors, and replace it with Microsoft Defender tools.

"It scares the heck out of me that we're vertically integrating the endpoints, the software, the cloud, and now the security stack with a single vendor. To me, that's an unacceptable level of risk," said a second former senior DOD IT official who was involved in many deployments of Microsoft products.

"It could create a single point of failure," said a third former defense official who was involved in the early discussions that led to the decision last year. "If a single company is providing not just the software you use, but the cloud infrastructure you run it on as well and now the security stack too, that could be a problem" if hackers breach that single provider.

It's not just the Defense Department. Across the federal government, 85 percent of employees use Microsoft business software for tasks such as email and word processing. And former officials say the company is seeking to duplicate the Defense Department's move to Microsoft security products across civilian federal agencies as well.

By relying on Microsoft security tools to protect Microsoft software, the DOD is "putting all the nation's eggs in one basket, and a badly flawed basket at that," former career White House official Andrew Grotto told Newsweek. Now a fellow at Stanford University and a program director at its Cyber Policy Center, Grotto previously served as senior director for cybersecurity policy in the White House National Security Council staffs of Presidents Obama and Trump. Grotto currently consults for technology companies, including some that compete directly with Microsoft.

The DOD move has stoked concerns well beyond the circle of Microsoft's established critics.

John Zangardi, a former longtime government IT executive who was acting chief information officer of DOD in 2017 when the department enforced the roll-out of Windows across all of its desktops and other endpoints, declined to comment directly on the ESS decision. But he told Newsweek that in his tenure, he emphasized "removing single points of failure" and "the importance of security tool diversity and redundancy"—having more than one set of tools, even if that meant duplication.

"Today's digital infrastructures are incredibly complex, a bit like a modern commercial or military aircraft," said Zangardi, a former U.S. Navy pilot who is now CEO of Redhorse Corp, a data science consultancy. "Those aircraft are built with multiple backup systems. If one part of a system fails, the entire aircraft can still function safely with the backup systems. Redundancy is an added guarantee of safety and lets complex systems be more reliable than the sum of their parts. In the same way, security tool diversity can provide backup and redundancy for digital infrastructure."

Asked whether the change created a single point of failure, McKeown, the Defense Department's Deputy CIO, said he believed that an integrated system was a source of security strength, not weakness.

"When DOD buys an aircraft, it doesn't buy a box of parts that our mechanics have to put together, it buys the integrated aircraft," he said. "We need to start thinking about our networks as weapon systems by investing in integrated solutions rather than individual components that our IT and cyber personnel try to make work together."

He did not directly address detailed questions about technical evaluations that have compared ESS with Microsoft Defender, or about whether the newly purchased products are properly certified to run on DOD networks.

Microsoft says it is a great believer in diversity in security, using, for example, multiple sources of threat intelligence, including those licensed from its competitors, and developing partnerships with more than 15,000 security companies.

The half-billion security upsell

The DOD's decision to upgrade its Microsoft licenses to include the Defender security tools will cost $543 million over two years, said John Weiler, CEO of the IT Acquisition Advisory Council, a non-profit that works to Improve the way the federal government buys computer goods and services. The DOD itself did not provide a figure, but Weiler's number was confirmed by other sources with knowledge of the transaction.

It's not clear how much money the government hopes to save by winding down ESS, and potentially other DOD cybersecurity programs that duplicate Microsoft Defender tools, Weiler said, but added: "They just eliminated an entire market for competition and for innovation in DOD." He noted that about a dozen cybersecurity vendors competed to supply tools to ESS and the other cybersecurity programs likely to be wound down. "These companies will no longer innovate to the needs of DOD down the road because there's no revenue coming in to support that. And we all know that monopolists don't innovate, they put all their energy and money into maintaining their monopoly."

Weiler was an expert witness in the Justice Department's Microsoft antitrust proceeding almost a quarter century ago, which found the company had violated anti-trust laws by bundling its web browser, Internet Explorer, with its Windows operating system, to freeze out competing browsers such as Netscape. Weiler said Microsoft's current bundling of security tools with business software was "the same playbook" the company had used in the 1990s.

Microsoft's statement did not address accusations that its practices with security software could be seen as anti-competitive.

The Defense Department move highlights some other difficult questions for Microsoft about the $20 billion annual security business the company has built over the past five years.

The $2 trillion-plus company, the second most highly valued global company behind Apple, earns almost 10 percent of its $200 billion-plus annual revenue from selling security products and services, and that revenue stream is in double-digit growth even as other areas of the company's business are growing slowly if at all.

Critics charge they are making that money selling customers who've already bought Microsoft business software additional security tools—which they only need because the business software is so insecure.

"This is like a water company, who, when their customers complain: 'This water you're selling us is contaminated,' they reply, 'Well, we have some filters and other equipment we can sell you that will get rid of most of that,'" said John Pescatore, director of emerging security trends at the prestigious SANS Institute, a cybersecurity training organization. "Why aren't they selling clean water in the first place? Why isn't their software secure in the first place?"

Privately, Microsoft executives say that they entered the security market in response to customer demand. There was already a thriving marketplace for other companies' security tools to protect Microsoft products from hackers, they say. Why shouldn't the company bring its software expertise, and all the data it gets about attacks from the billions of computers its software is installed on, to that market?

A vulnerable architecture

But critics say the greater preponderance of vulnerabilities in Microsoft is no accident. It's the result of design decisions taken over decades, said Ryan Kalember, executive vice president at cybersecurity company Proofpoint, which competes with Microsoft in the security tools market.

Above all, Kalember told Newsweek, Microsoft has focused on backwards compatibility, a design principle that means updated versions of the software must still work with all the programs the previous, un-updated versions worked with. The concept is very popular with consumer and business users, but comes at a high price for security.

"They end up creating more and more risk because they're just building layers on top of layers," Kalember said, retaining code for features that had been buggy and insecure a generation ago.

A vulnerability in Outlook revealed last month illustrates the issue, Kalember said. A hacker could, just by sending a specially crafted email, obtain a copy of the target user's digital signature that they could then employ to impersonate that user on their corporate network. Read their email. Steal data they had access to. Worse, it was a so-called "zero-click" attack. The target didn't need to click a link or an attachment, or even open the email.

The Outlook vulnerability lives in a 30 year-old mechanism for verifying identity called NTLM. It has been obsolete for 25 years, but it remains embedded in Microsoft code because removing it would break backwards compatibility.

"All of a sudden you're back in 2002," Kalember said, "It's crazy how thin the veneer is."

The company's defenders say Microsoft customers rely on backwards compatibility, because not all of them can afford to upgrade to the latest products.

In its statement to Newsweek, the company said, "Security is woven into the digital fabric of our applications and services, and has been since day one."

When Microsoft revealed and patched the NTLM vulnerability on March 14, hackers suspected to be from the Russian military intelligence agency GRU had been exploiting it for almost a year. But it attracted little attention outside of the cyber trade press: Just another vulnerability announced, as is now traditional, on Patch Tuesday, the second Tuesday of every month, when Microsoft and other vendors release security updates and improvements to their software.

In that same March update, Microsoft included patches for 80 different software vulnerabilities, nine of them rated "critical" and 60 "important."

And it's likely that a significant proportion of Microsoft customers, especially in government, may not yet have applied those patches, according to Roger Cressey, a veteran cybersecurity executive who worked on some of the federal government's first cyber efforts more than two decades ago, and has continued to consult and work in the federal space since.

Microsoft has for 20 years been able to force its government and commercial clients to absorb the costs of the constant security updates needed to protect its products, Cressey said.

"Software is the only industry where government and consumers are asked to absorb the costs of unsafe, flawed vendor products as the cost of doing business," said Cressey, now a partner with Mountain Wave Ventures, a cybersecurity and risk management consulting firm, where he occasionally consults for Microsoft competitors.

And the result is that many software patches are applied weeks or months after they are issued, or sometimes not at all. In April 2021, the FBI had to get a court order to allow it to remotely remove malware that was present on the IT networks of more than 60,000 Microsoft customers worldwide, more than six weeks after the company issued a patch.

The company says it works with CISA, other government agencies and its private sector partners to publicize the importance of applying security updates that patch vulnerabilities being actively exploited by hackers.

Microsoft's unique role

The widespread concerns in the cybersecurity community about Microsoft's role are reflected in the Biden administration's National Cybersecurity Strategy, released in March. Pillar three, one of five the high-level document lays out, aims to push the responsibility for cybersecurity back onto software companies, especially the dominant ones such as Microsoft.

Launching the strategy, officials said software manufacturers needed to build security into the original design of their products, rather than leaving it to the end users, their customers, to buy additional software to try and secure it.

The White House declined to address questions about whether the DOD decision was pulling in a different direction.

"The whole point of pillar three [of the strategy] is to move to a place where you have security built-in to software from the get-go, not bolted on afterwards through additional tools," Grotto said.

Microsoft's multiple roles in the IT marketplace, he added, means it can use security as what sales executives call an "upsell"—getting the customer to spend more for extra features.

All vendors try to upsell, Grotto acknowledged, but Microsoft is in a unique position because of its massive dominance of the business software segment—think email, calendar and word processing—in the federal government.

"When you've got one vendor supplying 85 percent of the productivity tools for the federal government, they are in an extraordinarily powerful position," Grotto said, especially if that makes agencies think it would be expensive and difficult to change vendors.

In the course of a 2021 contract dispute, the U.S. Department of Agriculture (USDA) spelled out in rare detail what it would mean for the department to transition away from Microsoft products.

The agency justification, cited in a decision by government auditors, states that "96 percent of USDA systems run Windows operating systems." And that USDA provides Microsoft software tools to 7,500 field offices supporting more than 120,000 users.

Even though the cost of Microsoft Office licenses for the USDA workforce was $170 million while the cost of licenses for competitor Google Workspace would have been as low as $58 million, the agency wanted to stay with Microsoft.

Switching to other products would take at least three years, USDA said, adding, "An undertaking of this magnitude would be a ... multi-million-dollar effort during which time there would likely be an impact to the IT workforce and customer satisfaction across the board."

The USDA's situation is only remarkable in that it became public, Michael Garland, a government procurement attorney specializing in IT, told Newsweek. "The USDA protest provides a rare window into the reality of how entrenched and locked-in some of these software giants, including Microsoft, are all across the U.S. government's software estate," he said.

Fixing the problem: The car analogy for software

With its new strategy, the Biden administration wants to flip the script on cybersecurity, CISA Executive Assistant Director for Cybersecurity Eric Goldstein told Newsweek, pushing security responsibility "upstream," back to the companies shipping insecure products.

"If we keep blaming only the victims, we know that's not a recipe for scalable improvements, because so many victims, school districts, small hospitals, local water utilities, are never going to be able to defend themselves standing alone against the threats that they're facing," he said.

But absent congressional action to impose security requirements by regulation, officials plan to rely on market forces to incentivize Microsoft and other tech vendors to Improve security. "We know that most customers want to install, run and rely upon products that are safe and secure by design and default," Goldstein said. But buyers do not know what to ask for, he said.

To help educate the market, CISA has produced a set of design principles for secure products, and a key requirement is ending the practice of security upsell.

Charging extra for basic security measures "is not OK," Goldstein said, using the example of seatbelts in a car.

"If one of us rented a car, got it, and there were no seatbelts because they were charging extra for that, we would not accept that ... We need to get to the same model with technology, where there's a basic (security) threshold that technology is expected to meet," he said.

An upcoming White House deadline for federal agencies to have new security capabilities—such as the ability to preserve logs of computer activity that can help in the response to a cyberattack—will be an important test case for large government vendors like Microsoft, Goldstein said.

Historically, agencies have had to pay as much as 40 percent extra for such capabilities, but Goldstein said it was time for vendors to step up and do the right thing—by providing their federal customers with products that didn't require expensive add-ons to be secure.

Microsoft executives say the company has a right to charge extra for high-end security measures—whether to the Department of Defense or to anyone else.

"We are a for-profit company," Microsoft Vice President Brad Smith told a congressional committee in 2021, when asked whether security should be treated as an upsell. "Everything that we do is designed to generate a return other than our philanthropic work."

Shaun Waterman can be reached at s.waterman@newsweek.com. Follow him on Twitter @WatermanReports.

Copyright © 2023 IDG Communications, Inc.

Abu Dhabi, United Arab Emirates – The Cyber Security Council United Arab Emirates (CSC UAE) and Microsoft have signed a Memorandum of Understanding (MoU) to enhance cooperation and collaboration in the field of cybersecurity. The MoU outlines a framework for the two parties to work together towards the establishment of a secure global information society.

Commenting on the MoU, H.E. Dr Mohammed Hamad Al-Kuwaiti, Head of the UAE Cybersecurity Council, expressed his pleasure to have Microsoft joining the Council’s efforts to establish a secure and global information community. He said that the MoU is an important step toward building a strong cybersecurity framework that would protect critical infrastructure and prevent cyberthreats.

H.E. Dr Mohammed Al-Kuwaiti explained that information and communication technologies (ICTs) have opened new windows of opportunities for socioeconomic development, but they have also introduced new types of threats, such as cybercrimes, cyberespionage, and cyberterrorism. He added that these threats are becoming increasingly sophisticates and require a coordinated response from all stakeholders.

“Over the past few years, organizations across the region have made significant changes to their cybersecurity strategy to accommodate the growing number of users needing access to mission critical data and applications,” said Naim Yazbeck, General Manager, Microsoft UAE. "This has resulted in a new wave of threats that are targeting organizations across industries. We are committed to working with CSC UAE to enhance cybersecurity capabilities across the UAE and share knowledge to help prevent cyber threats. This MoU is a testament to our commitment to promoting a secure global information society."

Under the terms of the MoU, Microsoft and CSC UAE will cooperate and conduct information exchanges in cybersecurity-related fields, with particular attention to national cooperation, deterrence, prevention, and responses to cyber-attacks. The two parties will also work together to promote awareness-building through educational programs, as well as exploring business and economic exchanges for cybersecurity.

The agreement is also expected to foster greater collaboration between CSC UAE and Microsoft in the field of cybersecurity and promote the exchange of best practices and expertise to prevent and respond to cyber threats.

-Ends-

About Microsoft

Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more. Microsoft opened its Dubai-based headquarters in 1991, which, today, oversees operations across the region.

For more information (Press only):
Magdalena Stepien, Microsoft UAE
E : mastepie@microsoft.com

Husain Gandhi, ProGlobal Media
E: h.gandhi@proglobal.ae

• Increase in remote work leaves user endpoints exposed to unprecedented cyberattack vulnerability.
• Proven data management/backup and data security solutions for Azure and OneDrive for Business help enterprises protect and manage remote endpoints, on-premises, and cloud-based data assets.
• Multi-year agreement tightly integrates engineering, go-to-market, and co-selling efforts.
• Innovative technology, cost-efficient collaboration also sets foundation for future AI enhancements.

FREMONT, Calif., May 15, 2023 /PRNewswire/ -- Parablu, a global provider of SaaS-based data protection and management solutions for endpoints, on-premises, and cloud environments, today announced a multi-year agreement with Microsoft that integrates engineering, go-to-market activities, and co-selling of Parablu's BluVault and the Ransomware Defense Suite Software-as-a-Service (SaaS) offerings.

Parablu will leverage Microsoft Cloud infrastructure and services –– Microsoft Azure and Microsoft 365 to deliver scalable, secure, cost-efficient, and cyber-resilient data management and protection solutions. Parablu's patent-protected zero- and low-cost storage options will not only help businesses effectively address today's economic challenges, but also deliver proven data security for endpoints and Microsoft 365 –– backed by the global scale, durability, and security of the Microsoft cloud. Parablu's BluVault offering in combination with the Ransomware Defense Suite is designed to quickly detect and recover from cyber-attacks such as ransomware using early detection techniques, accelerated recovery options, file/device quarantining features, as well as e-Discovery, ­­making it easier for customers as well as AI tools to find and use this data effectively.

"With more knowledge workers now working remotely, the number of endpoints has grown exponentially –– increasing the likelihood of ransomware and other malicious threats," said Parablu Chief Strategy Officer Randy De Meno. "This alliance empowers Microsoft and its ecosystem of partners to deliver proven heterogeneous data management, backup and data security solutions built for OneDrive for Business and Microsoft Azure, while giving customers a proactive defense against malicious actors. Today's announcement proves that innovation and cost efficiency in data security can be accomplished in collaborative fashion with Microsoft using their proven infrastructure."

Allison West Hughes, Microsoft CVP of Digital Acquisition added, "Parablu's focus on delivering innovative, cyber-resilient, data management and protection SaaS capabilities using Microsoft Azure and Microsoft 365 instantly equips all of our customers with best-of-breed options to manage and protect their most used devices and applications –– their endpoints and Microsoft 365. We've been greatly impressed by Parablu's innovation and their "All-In" approach with the Microsoft cloud infrastructure while enabling customers to securely store and AI-leveraged functionality using protected copies of their data."

"This collaboration with Microsoft enables Parablu to deliver best-of-breed solutions combining zero-trust security, zero-knowledge encryption, and zero-cost storage from the best data centers leveraging leading-edge, scalable, and highly secure infrastructure," said Anand Prahlad, CEO of Parablu. "We look forward to collaborating with Microsoft to innovate and expand our offering to cover more data sources, while continuing to leverage the Microsoft Azure cloud and the cutting-edge services it provides."

This collaboration builds on Parablu's accurate recognition by G2 as the best online solution compared to 158 other backup products in nearly all key categories and robust experience with storage, data management and security, while leveraging the capabilities of Azure and Microsoft 365. BluVault's cutting edge features such as platform independent granular restores, point-in-time recovery, cloud-cloud restores, rapid recovery, as well as new innovations that automatically tier data across OneDrive and Azure, will all be served out of the Microsoft cloud. The new agreement includes plans to enhance Parablu's SaaS offering with various Azure Services including Azure OpenAI Service.

Brian Bellows, analyst at Piper Sandler said, "Frequently abrasive economic times often spark innovation and growth. Microsoft's partnering with Parablu while enabling robust technical and secure data capabilities may be another example of Microsoft sparking ecosystem success and growth within the tech sector."

For more information on Parablu's suite of data security and resiliency solutions for the digital enterprise, visit Parablu.com, Follow us on Twitter, Connect with us on LinkedIn, Like us on Facebook, and Subscribe to us on YouTube.

Related Parablu News

About Parablu

Parablu is a leading provider of data security and resiliency solutions for the digital enterprise. These solutions protect enterprise data completely and provide total visibility into all data movement through centrally managed intuitive dashboards. Parablu's products include: BluVault, a suite of powerful and secure data backup solutions designed for the cloud; and BluSync™, a suite of solutions designed for secure managed file transfer, secure collaboration, and file services. Both solutions holistically address enterprise data protection needs and can be easily bridged with existing infrastructure to provide cost-effective data protection. To learn more about Parablu visit www.Parablu.com.

View original content to get multimedia:https://www.prnewswire.com/news-releases/parablu-to-deliver-microsoft-azure-hosted-cybersecurity-and-data-resiliency-saas-solutions-301824192.html

SOURCE Parablu

• Increase in remote work leaves user endpoints exposed to unprecedented cyberattack vulnerability.

• Proven data management/backup and data security solutions for Azure and OneDrive for Business help enterprises protect and manage remote endpoints, on-premises, and cloud-based data assets.

• Multi-year agreement tightly integrates engineering, go-to-market, and co-selling efforts.

• Innovative technology, cost-efficient collaboration also sets foundation for future AI enhancements.

FREMONT, Calif., May 15, 2023 /PRNewswire/ -- Parablu, a global provider of SaaS-based data protection and management solutions for endpoints, on-premises, and cloud environments, today announced a multi-year agreement with Microsoft that integrates engineering, go-to-market activities, and co-selling of Parablu's BluVault and the Ransomware Defense Suite Software-as-a-Service (SaaS) offerings.

Parablu will leverage Microsoft Cloud infrastructure and services –– Microsoft Azure and Microsoft 365 to deliver scalable, secure, cost-efficient, and cyber-resilient data management and protection solutions. Parablu's patent-protected zero- and low-cost storage options will not only help businesses effectively address today's economic challenges, but also deliver proven data security for endpoints and Microsoft 365 –– backed by the global scale, durability, and security of the Microsoft cloud. Parablu's BluVault offering in combination with the Ransomware Defense Suite is designed to quickly detect and recover from cyber-attacks such as ransomware using early detection techniques, accelerated recovery options, file/device quarantining features, as well as e-Discovery, ­­making it easier for customers as well as AI tools to find and use this data effectively.

"With more knowledge workers now working remotely, the number of endpoints has grown exponentially –– increasing the likelihood of ransomware and other malicious threats," said Parablu Chief Strategy Officer Randy De Meno. "This alliance empowers Microsoft and its ecosystem of partners to deliver proven heterogeneous data management, backup and data security solutions built for OneDrive for Business and Microsoft Azure, while giving customers a proactive defense against malicious actors. Today's announcement proves that innovation and cost efficiency in data security can be accomplished in collaborative fashion with Microsoft using their proven infrastructure."

Story continues

Allison West Hughes, Microsoft CVP of Digital Acquisition added, "Parablu's focus on delivering innovative, cyber-resilient, data management and protection SaaS capabilities using Microsoft Azure and Microsoft 365 instantly equips all of our customers with best-of-breed options to manage and protect their most used devices and applications –– their endpoints and Microsoft 365. We've been greatly impressed by Parablu's innovation and their "All-In" approach with the Microsoft cloud infrastructure while enabling customers to securely store and AI-leveraged functionality using protected copies of their data."

"This collaboration with Microsoft enables Parablu to deliver best-of-breed solutions combining zero-trust security, zero-knowledge encryption, and zero-cost storage from the best data centers leveraging leading-edge, scalable, and highly secure infrastructure," said Anand Prahlad, CEO of Parablu. "We look forward to collaborating with Microsoft to innovate and expand our offering to cover more data sources, while continuing to leverage the Microsoft Azure cloud and the cutting-edge services it provides."

This collaboration builds on Parablu's accurate recognition by G2 as the best online solution compared to 158 other backup products in nearly all key categories and robust experience with storage, data management and security, while leveraging the capabilities of Azure and Microsoft 365. BluVault's cutting edge features such as platform independent granular restores, point-in-time recovery, cloud-cloud restores, rapid recovery, as well as new innovations that automatically tier data across OneDrive and Azure, will all be served out of the Microsoft cloud. The new agreement includes plans to enhance Parablu's SaaS offering with various Azure Services including Azure OpenAI Service.

Brian Bellows, analyst at Piper Sandler said, "Frequently abrasive economic times often spark innovation and growth. Microsoft's partnering with Parablu while enabling robust technical and secure data capabilities may be another example of Microsoft sparking ecosystem success and growth within the tech sector."

For more information on Parablu's suite of data security and resiliency solutions for the digital enterprise, visit Parablu.com, Follow us on Twitter, Connect with us on LinkedIn, Like us on Facebook, and Subscribe to us on YouTube.

Related Parablu News

About Parablu

Parablu is a leading provider of data security and resiliency solutions for the digital enterprise. These solutions protect enterprise data completely and provide total visibility into all data movement through centrally managed intuitive dashboards. Parablu's products include: BluVault, a suite of powerful and secure data backup solutions designed for the cloud; and BluSync™, a suite of solutions designed for secure managed file transfer, secure collaboration, and file services. Both solutions holistically address enterprise data protection needs and can be easily bridged with existing infrastructure to provide cost-effective data protection. To learn more about Parablu visit www.Parablu.com.

View original content to get multimedia:https://www.prnewswire.com/news-releases/parablu-to-deliver-microsoft-azure-hosted-cybersecurity-and-data-resiliency-saas-solutions-301824192.html

SOURCE Parablu