Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
A couple of statistics. Overall,
0:02
ransomware attacks have been
0:04
up almost 300 percent in
0:06
the past year and over 50 percent
0:09
targeting small businesses. The
0:11
economic cost of these attacks
0:13
for small and medium business can be
0:15
catastrophic. With over 60
0:18
percent of small businesses, uh,
0:20
are not being able to operate
0:23
after they have been experienced a cyber
0:25
attack. This is a painful reality
0:27
and this is where Microsoft
0:29
as a company, together with our partner
0:32
ecosystem, want to reach out to the
0:34
SMB customers and engage
0:36
them to accelerate their digital transformation
0:39
journey with security.
0:41
Is your engineering team focused on efficiency,
0:44
but struggling with inaccessible or costly
0:46
Dora metrics. Insights into the health
0:48
of your engineering team, don't have to be complicated
0:50
or expensive. That's why LinearB
0:53
is introducing free door metrics for all.
0:55
Say goodbye to spreadsheets and manual
0:57
tracking or paying for your door and metrics.
1:00
LinearB is giving away a free. Comprehensive
1:03
Dora dashboard pack the central insights,
1:05
including all Forkey Dora metrics
1:07
tailored to your team's data. Industry
1:09
standard benchmarks for gauging performance and
1:12
setting data-driven goals. Plus
1:14
additional leading metrics, including emerge, frequency,
1:16
and pull request size. Empower your team
1:18
with the metrics they deserve. Sign up for your
1:20
free Dora dashboard today at LinearB dot
1:22
IO slash Dora. Or follow
1:24
the link in the show notes.
1:28
Welcome back to Dev Interrupted, everyone. I'm
1:30
your host, Conor Bronsdon, and I'm here today
1:32
with Benil Pillai. Benil is
1:34
the worldwide SMB security strategy
1:36
head at Microsoft. Thanks so much for joining me, Benil.
1:39
Thanks for having me here. Thank you.
1:40
Yeah, it's great to catch up with you. We've had
1:42
some amazing conversations on security in the past,
1:45
and I'm so glad to have you on this show because
1:47
this conversation's importance
1:49
continues to grow. The evolving
1:52
threat landscape that we're seeing in cybersecurity
1:54
today can be really concerning,
1:56
and it's hard to know how
1:58
AI is going to impact that.
2:01
And it's, we're really seeing that change
2:03
how security, uh, functions in today's
2:05
digital space. The space is changing so rapidly
2:08
and the threats, but also opportunities for businesses
2:10
are evolving. And this is a topic
2:12
that I don't think we address often enough
2:15
here on Dev Interrupted. It's an area of risk
2:17
for many companies that are hyper focused on building
2:19
new features and delivering customer value, but
2:21
maybe underestimating the risks of
2:23
their security posture. Uh, and with
2:25
that in mind, but no, I'd love to ask you
2:27
to introduce yourself so the audience gets to know you
2:29
before we dive into the meat of why this matters
2:31
so much.
2:33
Absolutely. Again, thank you so much for having
2:35
here. My name is Binal Pillai,
2:38
and I lead the Microsoft security
2:40
business for small and medium customer
2:42
segments worldwide. I've been with
2:44
Microsoft for almost 12 years,
2:47
helping customers transform digitally
2:49
with security value proposition.
2:51
Fantastic, and Benil, I know this is
2:53
something you're really passionate about because,
2:56
uh, you've seen, and I know Microsoft has seen this, where
2:59
security in SMB
3:01
has not always been a priority,
3:03
and it seems like that's a major concern
3:05
for you and the work you've done.
3:07
Absolutely, so this is this is an area
3:09
for a high interest, not only from
3:12
a Microsoft as a company
3:14
point of view, it's from a worldwide stand.
3:16
This is a combined responsibility, including
3:19
Microsoft to address the need
3:22
for the customer and help them to improve their
3:24
security posture. So we took it as a mission.
3:26
How we can help customers to improve the security posture.
3:29
At the same time, how we can help the community
3:31
to understand much about security.
3:34
So their position is much better
3:36
in terms of ensuring as
3:38
a consumer, as an enterprise, or
3:40
as a small and medium business owners. So
3:42
that's the big mission that we have
3:44
in place at Microsoft today.
3:46
Why is it that you see SMB as
3:49
particularly at risk for security compared
3:51
to other segments?
3:53
Yeah, I think you see small
3:55
and medium business account for the majority
3:58
of businesses worldwide and
4:00
are important contributors to job creation
4:02
and global economic development.
4:05
They represent about 90 percent
4:07
of businesses and more than 50
4:10
percent of employment worldwide. If
4:12
you look at in the U. S., we have nearly
4:15
32 million small businesses, which
4:17
account 99 percent of
4:19
all U. S. businesses. So
4:22
in this small and medium business driven
4:24
world, things are rapidly changing
4:26
due to an urgency in digital transformation
4:29
enabled by cloud and AI services.
4:33
After COVID 19, majority
4:35
of SMBs are following a hybrid
4:37
work environment where their workers
4:40
are increasingly distributed, able
4:42
to work on. Kind of more flexible
4:45
schedules in a variety of places
4:47
with increased mobility and
4:49
across more and more devices that
4:52
might be company provided or personal
4:54
devices. For example, iPhone. All
4:57
this newfound freedom is refreshing
5:00
and great for the workforce. But
5:02
this distributed landscape can also
5:04
pose security challenges. A couple
5:06
of statistics. Overall, ransomware
5:09
attacks have been up almost 300
5:12
percent in the past year and
5:14
over 50 percent targeting small businesses.
5:17
The economic cost of these
5:19
attacks for small and medium business
5:21
can be catastrophic. With over
5:24
60 percent of small businesses,
5:26
uh, are not being able to operate
5:29
after they have been experienced a cyber
5:31
attack. This is a painful reality
5:34
and this is where Microsoft
5:36
as a company, together with our partner
5:38
ecosystem, want to reach out to the
5:40
SMB customers and engage
5:42
them to accelerate their digital transformation
5:45
journey with security.
5:47
It feels like a lot of small
5:49
and medium sized businesses underestimate
5:51
this because they're so focused on
5:53
delivering value to their customers and
5:56
they think, oh well I can worry about this later. It's the
5:58
enterprises that really have to worry about security. They're
6:00
the targets, but Uh, to your point,
6:03
there are significant threats that are facing
6:05
SMB businesses and, uh,
6:08
it sounds like ransomware is a major one of, Do
6:10
you view like zero trust
6:12
as a concept that can help a lot
6:14
of small businesses improve on
6:17
this by saying, okay, look, we have these devices
6:19
that our employees are using to access,
6:21
you know, work data, you know, maybe distribute
6:24
across the country or even worldwide, We
6:26
need to accelerate our kind
6:28
of like baseline security or what, how are the,
6:31
how are you thinking about the postures that are, are really
6:33
gonna be impactful for, SMBs?
6:35
Yeah, absolutely. You mentioned a very interesting
6:38
point about zero trust, right? I think that
6:40
is the, the principle that we
6:42
want every organization to
6:44
understand and adopt. And there are multiple
6:47
layers when you look at zero trust, right? One
6:49
is, uh. Uh, you know, you know, in Microsoft
6:51
terminology, we say that assume breach
6:54
and then move on to really measure, develop
6:56
the right cyber security measurements
6:58
to really do the right thing, one, to improve
7:00
your security posture, and two, how
7:03
do we react to something happens,
7:05
uh, you know, to your environment from a security
7:07
breach standpoint. So I
7:09
think what is important is for understanding
7:12
at the leadership level for every small,
7:14
medium business, as well as enterprise,
7:17
What does it mean, you know, Zero Trust mean
7:19
for them. How do we adopt that principle
7:22
into the organization? And what kind
7:24
of technology and tools that they should
7:26
adopt? There are a variety of methodologies
7:28
and framework available for organizations
7:30
to develop and design their
7:32
own Zero Trust architecture
7:35
within the within their organization
7:37
limits, right? So that is a key piece.
7:40
You have to define your own Zero Trust journey
7:43
and make sure you take the right action to improve
7:45
your security posture. So again,
7:48
a summary, I would say that it's a leadership
7:50
decision. It's the development
7:52
and implementation of your version of
7:54
Zero Trust that makes sense for you, and
7:56
then make sure how do you really enable the
7:58
tools and framework and technology to
8:00
make that happen. So for me, it's a journey
8:03
and that's exactly I was kind of a Writing
8:05
up in the book to explain, uh,
8:07
in a variety of organizations, including
8:10
enterprises, small, medium business,
8:12
and even consumer, right? To understand the methodology
8:15
and how do we learn and leverage these to
8:17
adopt, to minimize the risk in
8:19
a day to day business standpoint.
8:21
Are there other key challenges that you
8:23
see SMBs having around
8:25
security today?
8:26
I think that there are two primary challenges.
8:29
One is definitely, like I said, the
8:31
SMBs are unfortunately being a
8:33
target from an attacker's point
8:36
of view because it's their less
8:38
effort, you know, because easy to enter
8:40
and they can really do their You
8:42
know, kind of work to really get maximum output
8:45
from a small uh, company
8:47
point of view. So that's a, that's a one big
8:49
challenges. The, the second
8:51
challenge is in the adoption of the tool,
8:54
uh, you know, probably something SMBs
8:56
need to, you know, to completely
8:58
leverage on, uh, partners. And
9:01
the idea Microsoft would love to bring in,
9:03
we have a partner ecosystem
9:05
that is available to support our SMBs
9:08
to make sure. How do we get the
9:10
customer access to the best tools and technologies
9:14
from a proactive, you know, threat
9:16
protection standpoint? So the partners can provide
9:18
the best, you know, tools and solution, like
9:21
we know, Endpoint Detection and Response
9:24
Service or Managed Detection and Response
9:26
Service and, you know, Security
9:28
Operations Center type of services. That
9:30
could be a huge value for SMB because
9:33
we know that majority of the SMBs
9:35
do not have the right
9:37
level of resources. I mean the cyber
9:39
security resources in place, so they
9:41
have to heavily, you know, rely
9:43
on the partner. So we would love to encourage
9:46
every SMP to work with the partner
9:48
ecosystem, um, you know, so that they
9:50
get maximum coverage from a security perspective
9:53
through the services they provided today.
9:54
So this is really interesting in the context
9:57
of our two audiences of
9:59
this podcast. We have the leadership
10:02
audience, which is, you know, VPs of engineering
10:04
at those SMBs, maybe a director of engineering enterprise.
10:06
And then we have the senior software engineer
10:08
who wants to become a leader, the junior software
10:10
engineer who sees these opportunities.
10:13
And one of the big things that we've
10:15
heard about, you know, both
10:17
broadly in software development in society
10:20
and definitely in security is generative AI
10:22
and its impact. I know it's having a major
10:24
impact on the security landscape,
10:26
particularly for SMB. How should
10:29
those two kind of audiences who
10:31
are listening be thinking about leveraging
10:33
AI within software
10:35
development and within the security landscape
10:38
in particular?
10:38
Small and medium businesses are
10:41
are at an increased risk of cyber
10:43
attacks due to their lack of
10:45
basic security measure. As I explained
10:47
earlier, uh, cybercriminals
10:50
are drawn into this business as an easy
10:52
target for low risk high reward
10:54
attack point of view. And SMBs are
10:57
keen to explore the possibilities
11:00
that generative AI can bring
11:02
to to accelerate their growth beyond
11:04
what they could significantly add value
11:06
from a cybersecurity perspective. As
11:09
a branch of artificial intelligence,
11:11
generative AI offered several
11:13
benefits for SMBs in general.
11:16
As AI technologies become more
11:18
perversive across various domains, Ensuring
11:21
their security becomes crucial, uh,
11:23
even though we believe AI powered security
11:26
solutions offer cost effective
11:28
alternatives for SMBs with
11:30
limited, uh, with limited budget and
11:33
resources. In another aspect,
11:35
generative AI can be crucial in
11:37
SMB cybersecurity by providing
11:40
advanced capabilities. to detect,
11:42
analyze, and respond to potential
11:44
threat. Putting aside these
11:47
risks, Generative AI offers
11:49
an outstanding opportunity to change
11:51
the balance between attackers and defenders,
11:54
especially for SMBs that lack
11:56
resources. I think to the audience you mentioned
11:59
earlier, I just wanted to call out some of
12:01
the examples how this really
12:03
make it happen in real time. Let's
12:05
take some of the, uh, let's take some of the,
12:08
uh, cool example. Number one
12:10
is anomaly detection. Uh,
12:12
Gen AI can be used as a tool
12:15
to discover patterns and behaviors
12:17
of normal network traffic and
12:19
user activities or even system
12:21
operations within IT infrastructure.
12:24
The second one is a rapid monitoring.
12:26
It can also help a security
12:28
analyst doing the work to
12:31
reason over the massive data stores
12:33
and detect and respond faster. The
12:36
last one, but not the least, is
12:38
fast learning. It can enhance
12:40
education and quicker understanding
12:43
of the people they do have working
12:45
in IT and security. This
12:47
will be a great advantage, especially for
12:50
SMBs lack skilled
12:52
cyber security resources. what
12:54
actually Microsoft does in this
12:56
space is basically we kind
12:59
of bring these insights into
13:01
our existing product. For example,
13:04
for SMBs, if they are interested in
13:06
AI, we do have existing capabilities
13:08
such as automatic attack disruption
13:11
and automated investigation
13:13
and remediation in Microsoft Defender
13:15
for Business, Business Premium, and
13:18
MME3. Maybe we'll go a little
13:20
bit detail into those capabilities to
13:22
to share some insight for the audience here. The
13:25
first one is, automatic attack
13:27
disruption is designed to contain
13:29
attacks in progress, limit
13:31
the impact on organization
13:33
asset and provide more time
13:35
for the SOC analyst to remediate the
13:38
attack fully. It identifies
13:40
assets controlled by the attacker
13:42
and used to spread the attack. It
13:45
automatically takes responses, uh,
13:47
action across relevant Microsoft
13:49
Defender products to contain the
13:51
attack in real time by isolating
13:53
affected assets. You know, assets. This
13:56
is a game changing capability,
13:58
uh, limits a threat actor's
14:00
progress early on and dramatically
14:03
reduces the overall impact of an attack
14:06
from associated cost to loss
14:08
of productivity. The, the
14:10
second capability is automated
14:12
investigation and remediation. This
14:15
uses a variety, uh, and various
14:17
inspection algorithm and is based
14:19
on A process is that are used
14:21
by security analyst, AIR,
14:25
you know, capabilities are designed to examine
14:28
alerts and take immediate action to resolve
14:30
breaches. It operates in
14:33
three key, three key stages. The
14:35
first one, it starts when an alert
14:37
is triggered and incident is created.
14:40
For example, suppose a malicious
14:42
file is, uh, file resides on a device.
14:45
When that file is detected, an
14:47
alert is triggered and an incident
14:49
is created. While the
14:51
investigation is running, uh, any
14:54
other alerts generated from the device
14:56
are added to the ongoing automated
14:58
investigation until that investigation
15:00
is completed. In addition,
15:03
if the same thread is seen on
15:05
other devices, those devices
15:07
are also added to the investigation. That
15:10
is how it expands the
15:12
scope while running. And
15:15
as alerts are triggered and an automated
15:17
investigation runs, a verdict
15:19
is generated for each piece of
15:21
evidence investigated. Verdicts
15:24
can be malicious, suspicious, or
15:26
no threat found. As verdicts
15:29
are reached, automated investigation
15:32
can result in one or more remediation
15:34
action. So I have gone through some of the
15:36
existing capability, I mean security,
15:38
AI capability, that we have
15:40
in our current products. With these
15:42
capabilities, we can act now together
15:45
with our partner ecosystem as they
15:47
have a significant role to play
15:49
in today's business.
15:52
This is really interesting because, uh,
15:54
I mean, this is something you and I wrote about and
15:56
talked about a lot back in 2018
15:59
2019 when we were working together at Microsoft
16:01
was this possibility of how
16:03
AI can extend the capability
16:05
of security and
16:07
engineering leaders worldwide. Now
16:10
it feels like it's all kind of coming to fruition
16:12
and there's this huge opportunity
16:15
from, from what you're saying for, uh,
16:17
SMB technical leaders to,
16:20
uh, level up and leverage AI solutions
16:22
to, uh, make a bigger impact
16:25
for themselves, make their companies more secure and
16:27
maybe get promoted in the process.
16:30
Absolutely. I think that's a, that's an evolution,
16:32
we have been going through, especially
16:34
in the last three, four years, the
16:36
AI become a predominant, focus
16:39
and driving that motion in a high
16:41
impactful way, uh, and customer
16:44
point of view, partner point of view, as well
16:46
as the technology provider point of view. And,
16:49
uh, this is going to be a game changing, uh,
16:51
in the future of cybersecurity for sure.
16:53
So if I was a technical
16:56
leader at an SMB and
16:58
I'm listening to this and I'm saying, okay, uh,
17:01
maybe I, I run our engineering team
17:03
or I'm the CTO and our security team reports
17:05
into my org. And
17:07
I'm thinking, how should I
17:09
be leveraging AI for
17:11
security? What's the strategy approach
17:14
I should be taking? What would be kind of the framework
17:16
that you would suggest to that CTO,
17:18
that VP of engineering as they think
17:20
through. Um, how
17:22
to take advantage of these new technical
17:25
capabilities and also how to address
17:27
these new threats.
17:29
Yeah, absolutely. So that's a good question.
17:31
The first one is to really, um, you
17:33
know, understand and unlock, uh,
17:36
the product capability. That's the first thing. would,
17:38
I would ask from a CTO
17:41
and technology leader perspective, understand
17:43
the security posture is
17:45
the step zero. Um, there
17:47
are various ways you can do that. The first one
17:49
is, you know, run a maturity
17:52
or, uh, you know, posture assessment.
17:55
Where they are in the security maturity
17:58
are they in one or two? Maybe
18:00
we can have it like one to five ranking and
18:02
that will help us to understand the gap in
18:05
your current security
18:07
maturity. That's the first step and then
18:09
the second step is potentially look at. The conversation
18:11
we had a few minutes ago about the
18:13
zero trust architecture to bring
18:16
that in to really make sure how do we really
18:18
address and build a plan
18:20
to address the gap, right? Based on the maturity
18:22
assessment or cyber security solution assessment,
18:25
whatever, uh, and based on
18:27
the outcome. A recommendation
18:29
from that assessment we can identify what
18:31
is the next step in order to address the gap in your
18:34
security posture. And the third
18:36
element I would really suggest is basically
18:38
uh, you know, work with the partner ecosystem.
18:40
Basically this is a big step for SMBs.
18:43
Like I said, they may not have the right
18:45
resources in place to do internally,
18:47
so they need the skill resources from
18:49
an expert and who does
18:51
all this on a day to day basis. So
18:53
that is the third element to bring the partner ecosystem
18:56
into it. And. you know, provide
18:59
that technology solution to
19:01
address the gap, as well as how do
19:03
we maintain that technology from
19:06
a day to day security coverage
19:08
standpoint, right? Because the threat can
19:11
happen anytime to anyone. So
19:13
we have to have a constant monitoring of
19:15
your environment, both from internally
19:17
as well as externally, so that someone
19:19
who does that job from a regular monitoring
19:22
standpoint is super important. And that
19:24
also comes with threat hunting, threat
19:26
monitoring. As well as remediation action,
19:29
right? So that's actually the third step.
19:31
So from a technology leader,
19:33
to have that end to end picture is super important.
19:36
So they can actually lean in and support
19:38
where they need to prioritize things across
19:41
the organization and across the technology
19:43
they have in place. Now, interestingly,
19:46
uh, like typically in SMB
19:48
world, you may not have
19:50
an individual like a CTO or
19:52
CIO. And perhaps what
19:54
I see in majority of the cases, the
19:57
owner of the company himself or herself
19:59
is kind of a CTO and
20:01
technology leader. So it's, it's important
20:04
for them to really learn and understand
20:06
the challenges and how do we minimize the risk
20:08
from a business angle and then
20:10
leverage the technology, including AI
20:13
to mitigate the risk and improve the security
20:15
portion. I think that's what I would encourage for
20:17
the leaders to consider. And
20:19
then. Pull all delivers tools
20:22
and technologies and framework to support you
20:24
in order to improve your security
20:26
posture, as well as minimize the risk.
20:29
Thank you for those actionable
20:31
takeaways. I hope that, you know, they help
20:33
some leaders in this audience to kind
20:35
of take these next steps and think through their strategy
20:37
here, because to your point, it's
20:40
always easier to Understand
20:43
and address security at the baseline
20:46
level to, you know, have endpoint defense,
20:48
to set that zero trust posture,
20:50
to do these things before you build
20:52
a lot, before you, uh,
20:54
push forward, because otherwise you may
20:56
have a breach that you have to address. You may have to
20:58
come back and, and fix something that's already broken.
21:01
It's better to Build with,
21:03
uh, security in mind and have
21:05
it be like a basic principle of the organization
21:07
of how you're, you know, developing software, how you're transitioning
21:09
in the cloud, whatever it may be. An area
21:12
that I know a lot of our audience
21:14
is already investing time and resources in
21:16
is leveraging GitHub Copilot to
21:19
improve the speed of code generation and,
21:21
uh, improve the ROI of
21:23
their engineering teams by just increasing
21:25
efficiency across the board. And
21:28
I've heard that Microsoft Security
21:30
Copilot is very soon going
21:32
to be launching to public availability, maybe even by the
21:34
time this episode actually publishes. Uh,
21:37
could you share some information and maybe insights
21:39
with our audience about what they can expect
21:41
from that.
21:42
Like all of you, I'm also super excited to see
21:44
that product coming up. Just to give you
21:46
a little bit of a, you know, overview about the
21:48
security co pilot. It is the first
21:51
generative AI security product
21:53
designed to defend our customers
21:56
at machine speed and scale. It
21:59
combines the most advanced GPT
22:02
4 model from OpenAI With
22:04
a Microsoft developed security
22:07
specific model powered by Microsoft
22:09
Security's unique expertise, global
22:12
threat intelligence, and comprehensive security
22:14
product portfolio. Security Co Pilot
22:17
is designed to help security operations
22:19
center analysts to be more effective
22:22
and efficient at all roles
22:24
they play across security. That's a key.
22:27
And I think, uh, from our early
22:29
customer experience. Feedback on the product
22:31
is very exciting and very interesting. They
22:33
see huge value in the natural
22:36
language model we use because
22:38
with security copilot, the
22:40
analysts don't need to write
22:42
a complex script. They can simply
22:45
ask questions in English. And
22:47
Security Co Pilot understand the context,
22:50
set the plan in motion, and provide
22:53
prescriptive guidance resulting in
22:55
significant productivity gains. And
22:58
what I kind of learned, uh, you know,
23:00
the Microsoft Security Co Pilot advantage is
23:02
a few things. Number one, uh, the
23:04
design behind Security Co Pilot is
23:06
not just about talking OpenAI
23:09
and rolling it with, with it. Microsoft
23:11
Mechanics And the second one is SecurityCopilot
23:13
runs on our security and privacy
23:17
compliant hyperscale infrastructure
23:19
that is unique to Microsoft and brings
23:21
the full benefit of being on the
23:24
Azure cloud. And the
23:26
third one, if we add our cyber
23:28
specific model, which works to create
23:30
a cloud loop learning system
23:33
that has an ever growing set of security
23:35
specific skill. Microsoft And finally,
23:37
the security co pilot is at the heart
23:40
of Microsoft's security product
23:42
portfolio. It deeply integrates
23:45
with our existing product experiences
23:47
and workflow across Defender,
23:50
Sentinel, Intune, Entra,
23:53
Purview, and Priva so
23:55
that security professionals see the
23:57
full benefit of Uh, you know, security,
24:00
uh, co pilots, assistants as they
24:02
go about daily work. I'm super excited
24:04
to see the product coming to reality, for
24:06
addressing the world's problem, for
24:09
our customers and partners.
24:10
It sounds like we could even see Security
24:12
Co Pilot enable less senior engineers
24:15
and less senior security analysts to increase
24:17
their effectiveness, which, particularly
24:19
for SMBs, can be hugely
24:22
impactful given that,
24:24
you know, SMB may not have several
24:26
security analysts at the road a problem.
24:28
Yeah, I'm with you. Absolutely. If I look at the product
24:30
capability, it helps a lot for the
24:32
customers as well as partners. I
24:34
think one, it's a one product.
24:36
It can actually provide a lot of value
24:39
from an end to end customer point of view, end to end security
24:41
threat point of view. For the partner, it's
24:44
a tool they're going to definitely leverage a lot,
24:46
uh, to have an insightful
24:48
view in the product Customer environment,
24:51
connecting whatever the product they are on.
24:53
It's pull the information and provide the end
24:55
to end, uh, you know, capability
24:57
to analyze the data and
24:59
then provide the right practice step. So it's kind
25:02
of a game changing tool for everyone,
25:04
um, uh, you know, as a solution.
25:08
This has been a wonderful conversation, Benil.
25:10
I think there's a lot of value in here
25:13
for our audience as they think about security,
25:15
particularly for folks in the SMB. Could
25:17
you share where the best place
25:19
for folks to go to learn more
25:22
from you and about Microsoft security
25:24
strategy?
25:25
The first thing I would love to encourage and
25:27
look at the Microsoft security
25:30
landing page. And we have a blog
25:32
site for security and
25:35
we'll. I'll see a lot of Microsoft
25:37
tall leadership documents, uh, and
25:40
from a from a looking forward
25:42
perspective that what we see in
25:44
the market in every market
25:47
today and what we can do better to support
25:49
the customer needs. That's
25:51
number one. We have a product
25:53
portfolio that categorized by
25:55
capability as well as by segment.
25:58
Uh, majority of the products are available
26:00
for enterprise customers. We do have
26:03
a special, uh, product designed
26:05
for small medium business customers. Like
26:07
I mentioned, uh, Business Premium is
26:09
a great example. Microsoft Defender
26:12
for Business is another product designed for,
26:14
uh, small and medium business. So,
26:17
uh, yes, absolutely Microsoft security
26:19
product portfolio landing page, uh,
26:21
provide the entire portfolio
26:23
view of, uh, infra Microsoft. I
26:25
think that may be a better place. The other one
26:27
I will encourage, uh, an audience to look
26:29
at it, especially from SMB point of view.
26:32
We have a cybersecurity solution
26:34
assessment that's available for, customers.
26:37
And what it does is basically it's
26:39
a, it's a self-service. Cyber
26:42
Security Solution Assessment means
26:44
the customer can, click on it and
26:47
answer a few questions and, you
26:49
will get a report from, uh, Microsoft,
26:51
approved vendor in terms of providing
26:53
what actually the security posture of
26:56
your, uh, Your environment and
26:58
if you don't have a, you know, security,
27:01
you know, personal in your organization
27:03
and definitely your partner can also
27:05
do a cyber security assessment
27:08
on behalf of you and that is
27:10
also available in our, you
27:12
know, cyber security assessment in
27:14
our public website.
27:15
Great, we'll be sure to include links to that in the episode
27:18
description. Banil, do you have any closing
27:20
advice for our audience around security?
27:23
Yeah, absolutely. So I wanted to say that
27:25
security is a foundational capability
27:28
for successful business and operations.
27:31
And we hate to see a situation
27:33
where customers business operations
27:36
are being interrupted and
27:38
their reputation is being challenged due to
27:40
lack of security capability. For
27:43
small, medium business customers, they
27:45
may not have a second chance if something
27:47
similar happened to them. So first,
27:50
we wanted to make sure customers
27:52
assess their security posture so
27:54
that you take the right step to mitigate,
27:57
uh, you know, their risk. Uh, and
27:59
gaps. So please make sure
28:02
security hygiene as a first step.
28:05
The second one, we have AI capabilities
28:07
in our existing solution. Security
28:09
products for SMB, uh, we
28:11
discussed some of them briefly, like
28:14
automatic attack disruption and,
28:16
uh, and others. Uh, AI
28:19
and automation, uh, can be
28:21
implemented to ensure speedy
28:23
investigation and remediation routines.
28:26
We believe AI powered security solutions
28:28
offer cost effective alternatives
28:31
for SMBs with limited budget and
28:33
resources. So, by embracing
28:36
AI capabilities, SMBs can can
28:38
harness the power of generative AI
28:41
to enhance cyber security resiliency.
28:44
Our partners can ensure their support
28:46
for SMP customers by leveraging cyber
28:48
security based AI product.
28:50
Perfect. Well, Banil, I've really enjoyed this conversation.
28:53
It's great to catch up with you and to see
28:55
the fruits of kind of all this labor these last
28:57
years come thank you to,
29:00
uh, you know, fruition for, for Microsoft
29:02
here, because it's clear there's a huge opportunity
29:04
to improve the security of businesses worldwide,
29:07
particularly in SMB, uh, given the
29:09
attack surfaces they're seeing. So thank you so much
29:11
for joining me for this conversation.
29:13
Thanks a lot, Conor. Really appreciate and thanks
29:15
for having me here.
29:16
And if you want to get more conversations like this
29:18
and get in depth articles as well,
29:20
remember to check out our Substack at devinterrupted.
29:22
substack. com. And that's
29:24
all for this week. We'll talk soon all..
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More