Welcome to the Talking Security podcast. We will talk about items related to Microsoft Security. Hi, welcome again to a new episode of the Talking Security podcast. This is the first episode in a brand new series. My previous series on Defender for Endpoints ended. To wrap that series up, I'll try to do another recording with Microsoft MVP Jeffrey Appel. He's from the Netherlands. He has written a lot on that topic. But if you have questions, don't hesitate or other remarks.
Don't hesitate to contact me. Let's see if we can cover that in that recording, but that will follow. Afterwards, but now a new series taking a deep dive into Microsoft Defender for Cloud. Defender for Cloud is not a standalone solution, as probably most of the people know, but it's much more different guests, people from Microsoft, but also people from the field. We will take you into that area.
Solutions such as Defender for Service, Defender for Containers, Defender for DevOps, etc. will be covered in this series. First, I want to introduce some new co-hosts that is on this series, Pujan. Pujan, maybe you can have a little introduction of yourself. Yeah, thank you, friends. Yes, my name is Pujan Kobazzi. I'm the co-host on this series of Defender for Cloud. Well, on this series, we would love to introduce the whole idea behind Cloud and Cloud Security MoogsLagroom Cloud.
Our background on automation, DevOps, Security and Cloud. So it's a mix of different backgrounds. I'm also the co-founder and director at 8F Security. Nice, thank you. Together, we have a very special guest for the introduction of Defender for Cloud. I'm happy to have you in the show, Rod. Maybe you can have a little introduction of yourself. Let's see. I'm Rod Trent. I am a Cloud security advocate at Microsoft. So kind of a weird title.
It's literally just a program manager, but in advocacy, if I could say that, effectively. One of the things that I do at Microsoft, obviously, is what we're doing here. And that's talking about Cloud security. I don't know how to deal with this just a little bit. Since I'm the first guest, I guess I kind of have to set the bar. I'll set it really, really low for everybody else. So thank you for having me. We'll see how I can accomplish it. Yeah, and I talked to some guys here in the Netherlands.
And you're a long time Microsofty. Well, I'll tell you the truth. I'm not. I have been actually, what is today, the 11th? Okay, so four days. Four days from now, I will celebrate my fourth birthday at Microsoft. So I've been at Microsoft for four years. Prior to Microsoft, I worked alongside Microsoft in a number of ways.
Some folks might, if you're old enough, you might remember a event called the Microsoft Management Summit, which was obviously about System Center and Microsoft Management, endpoints and things like that, which eventually got merged into Microsoft Ignite, along with TechEd and some other events. But like I said, I've worked alongside Microsoft for most of my career with Microsoft as a Microsoft employee for the past four years.
But I kicked myself every single day thinking about all the opportunities I had to join Microsoft. All I had to do was move to Seattle at some point, and I turned it down all those years. I guess, kind of really had to wait for just the right time, but still, I wish I had done it a long time ago. Yeah, well, it's great to have you, but also in the community, you were active, and you're still active.
So also, participating in this recording, but also, we talked a little bit about your own recording that you do, your own webcast, Microsoft Security Insights. Yeah, so every Wednesday evening, Eastern time, 5 p.m., sometimes 4 p.m., sometimes 5, depends on our guests. The Microsoft Security Insights show goes for about an hour, hour and a half sometimes, just depending on how deep we get into discussions.
We have guests every week talking about the Microsoft Security Stack, all the way from Defender stuff to the new Threat Intelligence stuff to Sentinel, obviously, Microsoft Defender for Cloud. But we've been running this series for almost three years. So we're up to 150 some episodes. Last month, we had, oh my goodness, it was amazing. We had a Women in Cybersecurity Month last month. I don't know if anybody recognized that or not.
We had some big names on there, Ann Johnson, Vasuja Kahl, Maria Thompson, some folks, other folks from government, Microsoft government and things like that, just to talk about Women in Cybersecurity Diversity Insights. That was a super month. This month, we are in the lead up to RSA, the RSA conference, which happens in San Francisco at the end of the month.
We are having what's called MISA Month, the Microsoft Intelligent Security Association, which is the partner association for Microsoft Security. We are having episodes this month, all month this month. Yeah, MISA, it's MISA Month. We have a lot of co-workers to talk to. So you have to search for the security insights webcast and let's have a look on that. But chat, GPT and OpenAI, very interesting topic, security co-pilot. Maybe we can have a discussion on that later.
I can give you one short sentence on everything. Okay, two sentences. Number one, best practice, don't use the public chat GPT. Microsoft has their own implementation, cognitive services, Azure OpenAI, which has access to chat GPT at 3.5 Turbo and also 4.0, which enables customers and enterprises to actually use the guardrails of Azure. If you're using the public version, it's kind of like the Wild West. You don't know where's that API stream going, et cetera, et cetera.
But if you use the Microsoft version, again, you're going to have that Microsoft security implemented it and part of it and you can take advantage of that. That's super awesome. You mentioned security co-pilot. I'm going to be very quick and terse on that one. It's going to be great. Yeah, that's all I'll say on that. And everybody's waiting to just get their fingers on it, right? I had a question today in just minutes before this our time together today.
Someone asked me, said, hey, can I get access to co-pilot? Yeah. That was it. And I said, what do you mean? Being co-pilot, office co-pilot, security co-pilot, what else do we have now? Oh, the office co-pilot. I already said office co-pilot. There's one other one. GitHub co-pilot. And because it, unfortunately, I think in this instance, we've not been very clear and communicative about our Azure AI services and how co-pilot fits into that. It's going to be super awesome.
It's just not ready yet, right? It's still going. It's still in preview. It's not ready for public consumption. I mean, I'm sure it is ready for public consumption, but we're not going to do it until it's time. So let's dive in some cloud background, Pujan. Let's see if we can get some questions for all of our defender for cloud. Yeah, we already kicked off with a lot of cloud stuff. We immediately went to the AI part. Everybody does these things. Everybody.
That's the first question out of everyone's mouth. But I think in general, it's good to put out, and I'm also curious about how you see that, Rod, is what is cloud and how is that changing the whole IT infrastructure before we dive in to see how we can protect it or detect what's happening there? Yeah. Well, I think it kind of, I think it'll help, at least for those listening, maybe those that aren't kind of cloud savvy at the moment to kind of understand what the history of this cloud thing is.
I had to actually go back and look at myself at when this was. I mentioned the Microsoft Management Summit earlier that I've been, I was part of for years. It was, I had to go look this up. It was 2009 when Microsoft came out at the Microsoft Management Summit of all places and said, at Microsoft, we're all in. And we're all in this cloud thing. Everybody just kind of looked at them and scratched their heads and like, we don't know what this cloud thing is. Could you please explain it to us?
And I think even in that respect over, and that was 2009, right? So we're 10 years plus. The cloud is kind of a significant investment. It's a significant value for our customers, but there's still customers that don't quite understand. And the reason why I say that, I was having a discussion earlier today, listening to someone say that some customers are actually have gone to the cloud and some are actually moving back from the cloud, right? And moving back on premises.
I think in some respects, customers get a misapprehension about what the cloud is. The cloud is a way to migrate and utilize sources in the cloud where you, you know, it's better security, better availability, kind of centralized for all the users to be able to access and things like that.
And what a lot of customers have done is they've taken their on premise, on premises mentality, and they've literally just taken it and stuck it in the cloud and expected to work exactly the same as it did on premises. And by doing so, they've missed some things, right? It's not a great experience because they've missed some things in that migration, some gaps, some knowledge, there's knowledge gaps, there's skill gaps and all kinds of things.
So again, it's not been a great experience. So they're trying to pull back just a little bit. So the cloud actually gives us actually a better way of doing things. One of the best examples I can use just to have, you know, people listening kind of think about it. GPO, group policy, right?
If you've used group policy, which initially was super amazing, gives you the ability to create policies around, you know, guidance for your organization, how it should operate, how you can manage devices, users, etc, etc, etc. But over time, over those 20 plus years that you've used GPO on premises, you have GPOs that negate other GPOs because you forgot that they were there, right? So you've been, we've become technology hoarders at some point.
Oh, that GPO, I loved it. It worked great. I'm not getting rid of that one.
So over time, but moving to the cloud, instead of just taking all those GPOs and all those same policies and sticking them in the cloud, which kind of really creates a mess, what a lot of organizations should do is look at this migration, migrating workloads to the cloud as the ability and their chance to start fresh, start new, kind of start over, get rid of that hoarding kind of idea and concept that they're holding on to and do it better in the cloud,
because obviously with the cloud and how the cloud works, we can do things better. We can monitor things better. We can secure things better. So it's kind of a mentality change that customers kind of have to go through. Yeah, I think it's amazing, Rob, because what you mentioned before was like regarding the GVT, be careful what you do with your data. You don't know what happens with it.
And I have always personally the feeling that once we are on the data center side and we talk on zero trust, everybody goes to the networking and it is, okay, we have it done. But once it goes to the cloud, things change. And in my opinion, even how we use ChetGBT is part of that. It's also cloud solution in that sense, and we should treat it as a cloud. Yeah.
Yeah, and security really kind of changes the way that things have kind of worked on premises. Somebody needs access to something. They complain enough, they're going to get access to it, probably too much access to it, right? And so again, we find organizations are taking that same mentality and stick it in the cloud. The cloud can be a little bit, you think that security on premises can be tough and allowing people into that environment.
In the cloud, this is a public entity. You have to put better security measures in place. Otherwise, the public's going to have access to your stuff, right? And people with too much access, how do you know? How do you know you're giving them too much access? You just have to be extremely careful with it.
Interesting. Exactly. Everything has a public IP in this storage account or a VM by default. It's all, of course, in that sense. And then, of course, we have also the fact that multi-cloud, the different cloud vendors also plays a role. Do you also see that with the customers that they are struggling with one maybe and that they are already in the second and the third cloud?
A lot of those customers, yeah. And it really kind of boils down to how long the customer has been, has had cloud implemented in the organization. The early days, right, even before cloud was a term, Amazon was around. Amazon Web Services, right? It wasn't even cloud. It's Amazon Web Services. So a lot of organizations and a lot of companies, software vendors, created their solutions to work in one specific cloud or another.
So a lot of the organizations that I know and that I've worked with, whether it's edu.gov or commercial or whatever, they'll use multi-clouds because that application that is a requirement for their operation works in only one or the other, right? I find a lot of customers have found, at least though, that from an identity perspective, Azure Active Directory is the identity that they want.
And that's where they kind of invest their time because, you know, Azure Active Directory accounts are Office 365 accounts and most every organization uses Office 365. But they'll still use that identity to access things in AWS and GCP. And I think even IBM still has a cloud. I don't know what it's called, but I think everybody has a cloud these days. I believe you have Alibaba even these days has a cloud. Yeah, yeah, IBM Oracle still has a cloud.
Yeah, but cloud is just another one's computer and that's connected to the internet that you can use. Well, basically, kind of it is. But cloud is kind of its own, its own model. It's how those services and things, how they function, it's a little bit different.
If I tried to run cloud services, if I tried to run a KQL query, Kustel query on my system, the way that I run it in Azure, it's going to barf at me because KQL requires, you know, the clustering services and things to be able to return data and very, very quickly, because we're monitoring for security purposes. So it needs the cloud. So cloud actually provides that additional value other than just somebody else's computer.
But what about, you're mentioning on-prem, where we're coming from, people are moving into the cloud with the mindset of the on-prem skill. What about extending your on-prem environment within clouds? Probably with another mindset, hopefully. But if we do that, what challenges do we face? Well, you face similar challenges, right? Still from a security perspective, you're adding one additional thing that you have to monitor, right, other than on-prem and cloud.
And I would hesitate to probably say, but I think there are a lot of organizations. I don't, I'm positive there are organizations that are 100% cloud. But I'm also positive that that's not everybody, right? It's not a huge percentage of all cloud. There are people that still do things on-premises, and that's just the way it's going to be, right? So again, they really kind of have to take the approach where you migrate things where it's necessary and only migrate things where it's necessary.
You have a virtual machine that you've been running on-premises. You don't want to have the expenditure for a new server with more storage and all this stuff. Hey, let's just spin up a VM and let's do it this way. That makes sense, right? So you kind of have this hybrid model where you're using the cloud. Eventually, my guess is they'll have this last VM running on-prem. They're like, let's just move it to the cloud, right?
But still, do it where it makes sense. There's some time, some, you know, it's unnecessary to do. I know a lot of people sometimes, even Microsoft folks, will go into an account and say, got to move to the cloud. You got to do, you know, but there's a lot more difficulty to it than just putting your thumb down and saying, yep, we're doing it today. There's a lot more to it.
Yeah, basically, if you're using a SaaS service or a service that can be used from the cloud, it's probably better to use it from a cloud service provider instead of having a VM running it locally instead of running it on Azure or Google or Amazon or whatever.
Yeah, yeah. Yeah, and I would hesitate to, I mean, you think about the cloud as production workloads. If you want to spend something up, you know, in a test environment or something like this, there's a lot of companies use a cloud for that. But, you know, if I'm thinking about it, I want to put something in place that's not going to impact too much. I have an old server sitting there. I'm going to spend up a VM and test something probably.
It's not taking me extra time because I have to make sure that server works and all that good kind of stuff. But, you know, Yeah, mostly from a security perspective, if I want to use a Kali Linux machine, a machine, for example, in Azure, it could be problematic sometimes if you are doing stuff that is not the purpose from an Azure because there is everything in place to defend on that platform to have people on that with that sort of stuff that they can attack, yeah, customers or whatever.
Yeah, yeah. Well, there's also, you know, if you use cloud services, Azure and things, there's a way to kind of separate that stuff and segregate, right, your test environment versus your production environment stuff. Okay. And I think to add to that, I think it starts the challenges regarding definitely security starts if you are having that Azure and South solutions and then you have on the data center, you have your own environment.
But the moment that you need to go over the private endpoints and private networking, then often what I see personally then the security challenges start because then you are opening a South solution or a past solution immediately to networking.
Yeah, where, yeah, and then the challenges keep coming like definitely from an Azure site because you trust that stores account to be accessible but once there's a VM with a public IP also a role in that it suddenly your network is into the bounded without you knowing anything about it. Yeah. Well, and I think this really, and that's, I think that was a really good segue to talk about what our actual topic is today, which is defender for cloud. Yeah.
No, that's, that's perfect because when customers whether they're just kind of sticking their toe in the water and testing cloud or they're migrating workload after workload. The thing that I always suggest as best practice is turn on defender for cloud for every workload that you stick into the cloud because this like I mentioned earlier this
migrating workers to cloud is this chance for that company that organization to kind of figure out the cloud, figure out how to do security, a modern security properly. And one of the only ways to do that is to enable defender for cloud as you migrate each workload, enable defender for cloud on that workload and what that's going to accomplish is it's going to give you those guard rails it's going to give you those guidelines.
If you roll something out of a virtual machine with ports that shouldn't be open, the fender for cloud is going to tell you about it, right, it's going to give send an alert, it's going to say hey look, you could, you could have done this better. So not only is it going to tell you and enable you to kind of close down those ports and deploy that thing securely because it's going to yell at you, but it's also a teaching tool.
So as these organizations are migrating workloads to the cloud instead of using that old mentality defender for cloud is going to say you know what, you could do that better.
And if you do it better this time you're going to remember to do it better next time so anytime that you roll out a new workload, it's going to be rolled out under those recommendations, because defender for cloud, obviously applies Microsoft recommendations right, but it also supplies industry recommendations and compliance and things like this depending on what industry that the organization is in health care.
What's some other things but yeah we have compliance that compliance templates that can be applied. So how is it like out of the box available defender for cloud is how what does people need to do to to get it on board. Yep, with an Azure account and because obviously you're migrating things to Azure and not any any other cloud.
Yeah, what does where you say something. No. So you just go into the search and look for defender for cloud right and open up the vendor for cloud and then go into that initial screen and if you've never opened it before it's going to walk you through enabling the defender plans that you want to enable depending on what it is that you are deploying what workload and what you will have within the cloud what you will operate within the cloud so we have.
I don't know I don't know the number of workloads that we have currently but all the way from servers to containers. Storage accounts databases whether it says or pass. So there's there's all kinds of different workloads that you can enable. There are a lot of defenders within defender for cloud actually there are a lot of customers I think sometimes you know why do you have so many or why do you keep adding more. In a perfect world customers would use every single Azure service that we have.
They don't sometimes they're you know huge with database SQL server and things like that sometimes they just you know just VM servers and things like that. So I think it's a little bit obvious we have a lot of different workloads but in their separate and each workload costs you know something additional or there's a small price to it but. This enables customers to select the one that they you know the workload that they have enabled within Azure so.
But for Azure it's really easy to put it on defender for cloud is not only for Azure it's can also manage Amazon Google. It's what is the difference between defending Azure resources and the others. No real difference in fact that's one of the things I think we've tried really hard at Microsoft to accomplish is to provide this kind of multi cloud hybrid type of model for all of our security solutions right.
Defender for cloud I think we'll talk about sent a little bit later but in all of our defender stuff defender for every defender for everything will have a defender for everything eventually I was. I asked for the next product. I asked the other day what we should what features would and functions would be in a product called defender for time travel who knows I don't know the vendor for time machine. Because we will eventually call everything defender I guess I actually heard.
It's comical we rebrand every I don't know three or four months whether we need to or not I don't know why you're sent to know. Yeah, we all know you're sending the right. So it's Microsoft Sentinel right at this moment yeah. At this moment yeah. That's far as I go with that. But I mean going on defender for cloud is interesting because it is indeed the cloud is in the name and it is for Azure and it's for multi cloud.
But it's also for on-prem right you mentioned sequel for example but also servers. It's for servers right. So any server that you have on premises obviously the Azure Arc agent also has to be installed for those that aren't familiar the Azure Arc agent is the agent that ties or at least gives the conduit ability to be able to tie on prem with cloud.
Everybody remembers the old Windows server manager this you know the old MMC snapping console thing where you can manage all servers across your environment. Azure Arc enables customers do the same thing one single console to manage all servers no matter where they are at AWS. GCP Azure on premises and what have you that's what that that that agent is for so with the Azure Arc agent installed with to provide that management plane then yes you can install defender for cloud on the servers.
For on premises obviously for workstations and things like that we have defender for endpoint and in tune and things like that but yeah defender for cloud is for the servers. And that's that's that's a nice topic for the next recording where we have one of the specialist within the defender for server team. We will catch up with him to see if we can have a more deep dive on that. What is you're already mentioning Sentinel. We have defender for cloud multiple defenders within defender.
What why should I use Sentinel in addition to defender for cloud. So I look at these different products as providing different capabilities. Again, it's the same model we have here with defender for cloud all those different workloads you apply the proper workload to the proper, the proper service. Defender for cloud in one of the best descriptions I can give for what it is is it it's a recommendation engine.
It's going to surface and produce alerts based on some of those security misconfigurations we talked about. So it's not necessarily kind of this centralized what people are familiar with the security information event management system or a seam or some how we pronounce it. It's going to produce alerts to enable customers to educate them on how to deploy securely right so it's going to provide those recommendations on how to do that.
Defender for endpoint obviously is going to you know help defend for those those customer devices and defender for identity is going to work with user accounts and things like that. So everything kind of has its mode and what it works with Sentinel on the other hand. What is this Tuesday it is Tuesday. So tonight. One of my favorite TV shows of all time will be on it's called the curse of Oak Island. Right. There's these two brothers, they grew up reading this story this this legend about this.
Templar treasure that's buried on an island in Nova Scotia called Oak Island. Right. People have been searching for this treasure for 300 years. In the 10th season, I think they're getting ready to end the season next week is probably the last one for this season. So they will will absolutely be in 11th season. They found things they just not found at all. But what they do is they bring in these huge pieces of equipment right that that dig up the earth. I'm looking for this thing.
I'm just going to get these huge back of everything and dig up the earth. What they do with that dirt all that those big mounds of dirt is they take that dirt and they shove it through what's called a sluice box. If you're familiar with what a sluice box is it literally takes the earth runs water through it and through these little filters it throws out the big stuff and you know retains all the stuff that they're actually looking for the the treasure or gems what whatever happens to be.
That's what Sentinel does for us. Right. It's great. These awesome tools like defender for cloud that has all works with all these different workloads. We have defender for endpoint defender for identity for everything. They do a very specific job. Then we filter it into Microsoft Sentinel Sentinel looks through that filters through it and finds the things that potentially the other things couldn't find because there's some new threat that's been identified within the past 24 hours.
So there's going to be detections and indication it works like a standard modern scene security information management system. The other thing that it does defender for cloud has one to I pull it up 12345678 workloads right now. All right. And that's the things that it works with and in and then AWS GCP and stuff like that and of course all the other defender stuff.
But defender for endpoint doesn't work with Cisco devices or Palo Alto devices right you still need to be able to filter your entire environment into something into this loose box and connect it with everything else all these other defender products. So when something is exposed as potentially dangerous or harmful within your environment whatever it happens to be it's going to be able to tie the entire storyline together from user open an email they probably shouldn't.
It was all capitals nobody does that they clicked on a link that they probably shouldn't we've told them not to click on stupid links they went out to a website that you know they probably wouldn't have visited something in the background downloaded and installed on their system and set dormit for three months because that's the way threat actors do these days set dormit for three months and then it just got all the users information of where they log in and you know took over that user account.
It's going to tell that entire story because we have it connected to the entire environment through our sluice box. Amazing. Amazing comparison as I think one of the best ways that I have heard it being explained right. Thanks for that. Oh you're welcome. Yeah. So, going to think a step back is is. Once if we are talking about defender for cloud. So, you utilize it as an enrichment for Sentinel. What's in your opinion the most. Most interesting solution from defender for cloud.
The most interesting or are you asking what what produces the most interesting things. Both are good questions. Let's go for both of them. What produces the most interesting stuff. I have to tell you, you know, I, that's a difficult one to answer but I, what I think is most valuable and again it really depends on the customer and the workloads that they're utilizing for some customers you know containers is they they're all in for
containers so that's going to be extremely useful for them. To me, I like to see what's going on with the servers. Right.
I want to know where the ports are open. I want to know when something is a little bit anomalous because those servers have been stood up and they operate very critical business services right so that's something but that's not the, you know, discount any of the other services that we have but I do see a lot of stuff come through the defender for cloud for the servers quite a bit more.
But we talking about defenders and so a defender for cloud also help defend if there is something going on, but it also gives us valuable information about configuration that we need to do to heart hardening to do some hardening on the on the total and for him.
Right so through things like security score and things like this. It's a great way. Again a teaching tool right it's a great way to kind of gamify security right you can whatever is connected through defender for cloud is going to be represented there in the reporting
and the cloud score and things like that. Security score to allow customers to identify those potential misconfigurations or something. Obviously the larger and more the organization is in the more workloads that are deployed to the cloud.
As we all know, everybody likes to be admin in whatever area that that is and unfortunately, not everyone is of the same mind when it comes to security or deployment or what have you they'll do it differently because they have different police for every reason.
So it's good to kind of expose that stuff and look at that score and look at that environment holistically to determine where where there are gaps or where things have been deployed which you had no idea it was going to be deployed because they're not part of your team right they still have appropriate access but it's not part of your team but they didn't kind of follow the security guidelines.
So security scores one of those things it's going to show you your your security posture management today or last week and over time right so this is really great for organizations, particularly those security teams that are tasked with ensuring that the organization is secure because everybody
knows on a security team, their manager is going to come to him probably at least once a month. How are we doing. Give me something I got to go back to leadership and tell them how we're doing from a security perspective so this gives them the ability to be able to kind of track it. Over time and hand them a report and say here's how we're doing.
Obviously if they're doing poorly maybe you don't want to hand them report but it gives you the ability to be able to accomplish that because in the past on premises. You had to deploy a lot of different tools doing a lot of different things to pull those types of reports together Defender for cloud kind of brings all of that together and one and one tool. I'm talking about course that I think cloud security posture management that the basics that is free to use if you are using cloud services.
So I think definitely if you're using Azure turn it on and you get insights about the current state of your environment and what you need to do isn't it. Yep that one is free so like I said when you start migrating as we're close to the cloud enable this and able to free portion of it obviously yeah there are depending on whatever service it is there are additional pricing I'm hesitant always to discuss pricing because I'm not a sales person.
I just as soon as I start I'll screw it up and somebody like Rod, you need to stop talking about costs. Yeah that's for me it's mostly the same because but on the other hand that's what I get the feedback that I get from from some other people.
Defender for cloud and turn it on you get insights and that's in the free version and if you want to use and want to defend and you have to pay for for all the other services as well but yeah definitely there is a lot of you guys from Microsoft you have done a lot of efforts to make that the things work so it definitely needs some some prices on that. If you look at the future regarding Defender for cloud is a lot of new services are coming in.
Within Azure with an old cloud solutions is is there something definitely missing at the moment where you say we need something for that. There has been a huge outcry for the next workload next service that will be coming out. I think we're going to announce it around the RSA timeframe.
I know you all know what it is I know most people listening I'm just going to I don't want to steal their thunder when they make the I don't want to steal their announcement so there is something a significant workload that's been in process and been in development for quite a while and I think a lot of customers will be hugely happy to see this. Announcement released during RSA. A lot of a lot of work is done.
Not only for a specific workload but also on the other workloads announcements are done still. What we're looking still at the future but not specific Defender for cloud but security in general for cloud. Yeah, is there something or what is your vision about the next year. In general, so every time I pull up my outlook every day at Microsoft for the past. I don't know three months. Okay, everything I see in my inbox is about what. Yes. What is it. AI. Artificial intelligence.
Microsoft we have made and we announced it our our our brand new. Event was a two weeks ago now Microsoft secure our brand new first party event that's going to be annual Microsoft secure super awesome. We announced it Microsoft secure this upcoming security co pilot deal everything that we have so as.
Every security product we have has the word defender on it. It won't be long that every product we have at Microsoft ends in co pilot right so we have office co pilot get up co pilot security co pilot. I think you're going to see a lot within the next year because that's where our investments are not just time and money but also development right everything that is going on with Microsoft right now.
Is all focused on trying to figure out how we can best deliver the value of artificial intelligence to our customers through our products in a kind of a seamless way right. A lot of people look at today like you know chat GPT I'm going to go out and ask it questions I'm going to get answers to things like this. Over the next year all these different co pilots that will show up in our products and our services. I'm kind of harken back to the old days when Apple first started and the whole idea.
Was that technology should just kind of blend in to your life into the background you should you should be able to use this technology whenever you want but it just should be part of your life and not something you have to go get and you have to go using you have to kind of figure out. And I think that's what's going to happen with AI there's going to be a lot of things supplied particularly from a security perspective.
A year from now you won't even think about anymore you'll just be going okay I need to do this this whatever it is whatever this thing is is going to supply that information for you or potentially even do it for you in. Without even having to ask or think about it so yeah I think security is headed down that route as well it's going to help streamline things it's going to help customers be more secure.
Also help educate customers quite a bit more we talked about the front of the crowd I look at these tools is highly. They're tools to be able to educate and build skill sets and knowledge and I think AI is going to kind of be able to accomplish the same thing I think you're going to see utilizing AI for things like co pilot for GitHub and and our visual studio and visual code and things like this. Customers almost over the past two or three years have gotten whiplash.
And so we're going to be using this pipeline and developing products and features and stuff like this it's really helped accelerate development cycles I believe over the next six months six months to a year. And so utilizing the power of artificial intelligence is actually let's say double or triple.
And I'm not saying it's going to happen I have no no knowledge of this but I can just imagine customer because one of my primary roles in my job right now is to engage with the security community engage with our customers and take that feedback from them the things they like the things they don't like the things they would like to see better.
And so we're going to take it directly back to the product teams and we discuss how that we're going to accomplish and deliver that in the future customer says, man it wouldn't be nice that this thing did this because this is kind of annoyance. And then it just fixes itself for that customer and then potentially for the rest for everybody else just imagine a world like that. So, I don't know.
Maybe that's too much but there's no. And if we can use this technology from the blue team, the blue side. Yeah, we can also we can also use that from a red team side. And people hackers from all over the world can use also AI and so make it more difficult to us to defend our customers and our end users. What about that that challenge what do you think about that. Well, you know, it's really I think we're at a kind of a junction point here where almost anything is possible.
But I kind of, you know, you have kind of to pause for just a second as well when you think about this this is all great stuff, right and the capability that it can bring. But you have to be extremely wary and careful. I have to say that the things that I'm working on right now so I'm the lead on our security AI on my team. And I'm asking those questions nobody else has been asking those questions. Is AI secure. Can we deliver responsible AI.
How do we so here's the other thing right is a secure. Okay, so maybe we can find the answer that but how do we ensure that it's secure how do we monitor that it's secure. Does AI get mad. When we monitor it will it try to hide itself will try to hide what it's doing. There's all kinds of questions that you kind of have to ask I'm not. And I don't do that in a way to make people fearful because it's not fearful it's something that we can utilize to our value.
And to with, you know, exception in our daily lives, however, we still have to ask those questions and as long as we have the answers to those questions I think we can move on. Definitely, definitely. I think we can have a full podcast only on the AI story besides. So I have a couple sessions at MMS MOA in about three weeks. So I think I think they're still taking registration for that. So, probably we can we can make an arrangement.
And if we are closing this series with the defender for cloud let's let's close that one with artificial intelligence and and cloud security and probably a road can be one of them to join us again and probably we can have one or two others from the fields to fill that gap in. So, yeah, definitely. We do you have one last question. How are we done.
I think we have covered everything we went from cloud to on prem to cloud back to recap it a little bit we we touch a little bit all the defenders within the defender for cloud. Also, of course, the perfect example on Sentinel how it integrates and how what the added value. Good to hear so I think yeah, from my side, I want to thank Rod for his time. I don't know if you have any questions from now what what maybe you have one last message for our viewers or listeners regarding cloud security.
Well, and yeah, I appreciate that because I think it's really, really important to highlight. Obviously, we want customers to be successful in their operations right. We want customers. We want to enable customers be successful in securing their environment. As they are migrating workloads to the cloud we mentioned it earlier but do the necessary things right.
Don't wake up tomorrow and decide I'm moving everything because of some discussion you heard or, you know, the Azure's grade or something like this or maybe some sales person is like, oh, please do it. I got to meet my quota. Do it because it's necessary, but do it securely. We talked about defender for cloud today, right. That to me as much as I love Microsoft Sentinel.
Defender for cloud is the one thing that I would recommend to customers as they migrate anything to the cloud that they utilize that they enable and utilize for those workloads and resources because again that is going to set those guardrails and those guidelines for you to deploy securely so you don't have to worry about it. And don't have to worry about, you know, who has access and what's going on with it and things like that.
Again, and it's just going to make you a better organization and more skilled and more knowledgeable about security for the cloud. Nice. Thank you for having you on the show. It was a pleasure to have you. Well, I appreciate it. I, you know, you can probably tell I always enjoy talking about security in the cloud and whatever. If you wanted to talk about pop tarts, I could talk about that too. You know that.
Yeah, that's right. Maybe maybe we can put a link to the pop tarts in the show notes as well. So nice. And of course, you as a listener or as a viewer, thank you for listening and for viewing to this episode. See and watch the our stream to see our blog post to see the next recording, probably about Defender for Service. If you want to know more about that, tune in next time and let's have a wait and see what comes. Thank you.