Microsoft, a big part of the cybersecurity problem: Proofpoint exec

Microsoft’s technology is playing an important role in facilitating increasingly devastating cyber attacks, a senior executive at an email security firm said, accusing the Redmond giant of taking advantage of the existence of vulnerabilities.

In an editorial published by the American site FortuneRyan Kalember, executive vice president of cybersecurity strategy at Proofpoint, said Microsoft recently announced it will spend US $ 20 billion (AU $ 28 billion) on better cybersecurity tools over the next five years, an increase from the billion US dollars it had spent each year since 2015.

“This is another step in Microsoft’s quest to position itself as the global leader in cybersecurity,” he said. “But while this may sound like a noble endeavor, all is not quite as it seems. Microsoft technology is a major factor contributing to increasingly devastating cyber attacks.”

Kalember said Microsoft’s failure to consolidate known vulnerabilities would have exacerbated the recent SolarWinds hack.

“Meanwhile, its cybersecurity branch has grown 40% year over year, with revenues reaching $ 10 billion. This creates a rather uncomfortable dichotomy. Far from being a cybersecurity savior, Microsoft is effectively setting the house on fire and leaving organizations with the bill for shutting it down? ”He asked.

Kalember pointed out that email is the primary entry point for cyberthreats, and malicious messages sent from Office 365 are targeting around 60 million users in 2020.

“… this puts everyone at risk, not just Microsoft customers. Trusted delivery is critical to the success of ransomware, phishing and business email compromise attacks,” he said. he declares.

“With millions of messages sent from gold-plated domains like, many are sure to come through. Twitter cybersecurity was recently on fire when ransomware groups sent phishing attacks from compromised Exchange servers, pointing to malware hosted on OneDrive. Some of this malware stayed there for months before being removed. “

These platform vulnerabilities and abuse, according to Kalember, were just the beginning. “Microsoft has also made many catastrophic architectural decisions. The design of Active Directory, Office macros, PowerShell, and other tools has allowed successive generations of malicious actors to compromise entire environments undetected. This is one of the main reasons why ransomware attacks have spread from a single machine to entire organizations without control.

“Now many of these mistakes are repeating themselves in the cloud. We only have to look at the horribly insecure default configuration of Office 365 to see the proof. “

In his defense, Kalember said Microsoft has no plans to become a major contributor to security risks.

He compared the company’s software approach to that of Google and Apple. “If the company slowed down the delivery of more secure code, ditched old features (like Apple), or tried to bring its large customer base to a great security base (like Google) faster, it might do amazing things for the security community. But it’s not.”

And he accused the Redmond giant of taking advantage of vulnerabilities and exploitable configurations. “… on the one hand, the company distributes vulnerabilities and hosts malware, and on the other hand, it is responsible for ‘protecting’ users against these same vulnerabilities and threats.

“Add in the world’s most extensive incident response practice, and Microsoft is the arsonist, fire department and home inspector all rolled into one.”

On the bright side, Kalember said many companies are now looking beyond Microsoft to protect users and environments.

“Most security officials are reluctant to put all their eggs in the Microsoft basket, but all IT pros should both expect and demand that all of their vendors, even the largest ones, mitigate more than security risks than they create, ”he added.


iTWire TV offers unique value to the technology industry by providing a range of video interviews, news, views and reviews, and also offers vendors the ability to promote your business and marketing messages.

We work with you to develop the message and conduct the product interview or review in a safe and collaborative manner. Unlike other YouTube Tech channels, we create a story around your post and post it on the ITWire homepage, linked to your post.

Additionally, your interview post message can be displayed in up to 7 different post views on our site to drive traffic and readers to your video content and downloads. This can be a significant lead generation opportunity for your business.

We also provide 3 videos in one recording / sitting if you need them so that you have a series of videos to promote to your customers. Your sales team can add your emails to the sales materials and footer of their sales and marketing emails.

Get the latest tech news, views, interviews, reviews, product promotions and events. Plus fun videos from our readers and customers.


Source link

Comments are closed.