David Weston, the Deputy Chief Security Officer of Microsoft’s Operating System Security division, revealed details of the Windows Endpoint Security Ecosystem meeting, which saw several cybersecurity companies come together to prevent future CrowdStrike-like incidents.
Participating and disclosed companies include Broadcom (current owner of Symantec Enterprise), CrowdStrike, ESET, SentinelOne, Sophos, Trellix (the new name for McAfee Enterprise + FireEye), and Trend Micro. These companies are already members of the Microsoft Virus Initiative (MVI) program.
The summary of the meeting delineated plans into short and long-term strategies.
Short-term plans involve implementing Secure Deployment Practices (SDP), such as staggered updates for user groups, known as “rings,” facilitating the ability to halt updates in case of issues. Companies within this group often face similar challenges, enabling them to share insights and experiences. Some companies have already made their SDP documentation public, including Microsoft, Sophos, and Trend Micro.
Aside from sharing SDP practices, companies will engage in testing critical software, joint compatibility testing, and incident response processes.
Long-term plans entail MVI partners requesting Microsoft to establish secure channels outside kernel mode, addressing various technical requirements and challenges like non-kernel mode performance and security data sensor operation guidelines.
Subsequently, Microsoft will redesign and develop a new security platform, seeking feedback from partner companies.
Source: Microsoft
TLDR: The Windows Endpoint Security Ecosystem meeting brought together leading cybersecurity companies to enhance security measures and prevent future incidents similar to CrowdStrike. Companies are collaborating on short-term strategies, including sharing Secure Deployment Practices (SDP), and are planning long-term initiatives focusing on advanced security features outside kernel mode. Microsoft is seeking feedback from partner companies for the development of a new security platform.
Leave a Comment