Skip to main content
close search
site logo

CISA officials credit Microsoft security log expansion for improved threat visibility

CISA officials say they plan to hold Microsoft accountable to ensure the company lives up to its commitments.

Published Aug. 27, 2024
David Jones's headshot
Reporter
CISA, cybersecurity, agency
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images

Greater access to Microsoft event logs is paying off for U.S. government agencies and critical infrastructure providers, which have gained greater visibility into their network environments, the Cybersecurity and Infrastructure Security Agency said Saturday. 

Microsoft expanded free access to security logs in 2023 after a state-linked threat actor stole thousands of emails from the State Department after gaining access to Microsoft Exchange Online. 

"Yes, Microsoft has expanded access to the logging elements that were used by the State Department to detect the 2023 compromise to a vastly larger set of customers, including all federal agencies and numerous critical infrastructure organizations,” Jeff Greene, CISA executive assistant director for cybersecurity, confirmed via email.

“These new logs are being used by organizations today to detect threats,” Greene said. 

The Cyber Safety Review Board issued a report in April blasting Microsoft, saying that the attack was the result of years of neglect by the company and was entirely preventable. 

Earlier this year, Microsoft began taking steps to overhaul its internal security culture through a program dubbed the Secure Future Initiative.. The company has already taken steps to realign its security governance, putting security at the forefront of how it develops software and interacts with customers and the larger industry. 

Greene said that CISA plans to hold Microsoft accountable to make sure it lives up to its security commitments

“CISA will continue to work with Microsoft and other companies to ensure that their products are secure by design and that Microsoft lives up to the commitments it has publicly announced around improving the security of its products following the 2023 compromise,” Greene said.

Microsoft, through a spokesperson, declined to comment on the event logs issue. 

An event logging push

The win for the U.S. government comes as CISA, along with the FBI, National Security Agency and a group of foreign cybersecurity authorities led by Australia, released a best practices guide for event logging last week.

The new guide is part of an effort to combat sophisticated threat activity from state-linked threat groups, such as Volt Typhoon. The group uses living-off-the-land techniques to disguise its threat activities using normal security tools that won’t trigger alerts when moving around computer networks. 

Security researchers at Reliaquest have been tracking a ransomware actor known as Medusa, which has also used living-off-the-land techniques in multiple attacks. 

“By implementing the best practices for event logging and threat detection outlined in this guide, organizations can enhance their ability to identify and mitigate malicious activities, thereby protecting their networks, devices, and data from compromise,” Alex Capraro, cyber intelligence analyst at Reliaquest, said via email. 

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell