0:00

A couple of statistics. Overall,

0:02

ransomware attacks have been

0:04

up almost 300 percent in

0:06

the past year and over 50 percent

0:09

targeting small businesses. The

0:11

economic cost of these attacks

0:13

for small and medium business can be

0:15

catastrophic. With over 60

0:18

percent of small businesses, uh,

0:20

are not being able to operate

0:23

after they have been experienced a cyber

0:25

attack. This is a painful reality

0:27

and this is where Microsoft

0:29

as a company, together with our partner

0:32

ecosystem, want to reach out to the

0:34

SMB customers and engage

0:36

them to accelerate their digital transformation

0:39

journey with security.

0:41

Is your engineering team focused on efficiency,

0:44

but struggling with inaccessible or costly

0:46

Dora metrics. Insights into the health

0:48

of your engineering team, don't have to be complicated

0:50

or expensive. That's why LinearB

0:53

is introducing free door metrics for all.

0:55

Say goodbye to spreadsheets and manual

0:57

tracking or paying for your door and metrics.

1:00

LinearB is giving away a free. Comprehensive

1:03

Dora dashboard pack the central insights,

1:05

including all Forkey Dora metrics

1:07

tailored to your team's data. Industry

1:09

standard benchmarks for gauging performance and

1:12

setting data-driven goals. Plus

1:14

additional leading metrics, including emerge, frequency,

1:16

and pull request size. Empower your team

1:18

with the metrics they deserve. Sign up for your

1:20

free Dora dashboard today at LinearB dot

1:22

IO slash Dora. Or follow

1:24

the link in the show notes.

1:28

Welcome back to Dev Interrupted, everyone. I'm

1:30

your host, Conor Bronsdon, and I'm here today

1:32

with Benil Pillai. Benil is

1:34

the worldwide SMB security strategy

1:36

head at Microsoft. Thanks so much for joining me, Benil.

1:39

Thanks for having me here. Thank you.

1:40

Yeah, it's great to catch up with you. We've had

1:42

some amazing conversations on security in the past,

1:45

and I'm so glad to have you on this show because

1:47

this conversation's importance

1:49

continues to grow. The evolving

1:52

threat landscape that we're seeing in cybersecurity

1:54

today can be really concerning,

1:56

and it's hard to know how

1:58

AI is going to impact that.

2:01

And it's, we're really seeing that change

2:03

how security, uh, functions in today's

2:05

digital space. The space is changing so rapidly

2:08

and the threats, but also opportunities for businesses

2:10

are evolving. And this is a topic

2:12

that I don't think we address often enough

2:15

here on Dev Interrupted. It's an area of risk

2:17

for many companies that are hyper focused on building

2:19

new features and delivering customer value, but

2:21

maybe underestimating the risks of

2:23

their security posture. Uh, and with

2:25

that in mind, but no, I'd love to ask you

2:27

to introduce yourself so the audience gets to know you

2:29

before we dive into the meat of why this matters

2:31

so much.

2:33

Absolutely. Again, thank you so much for having

2:35

here. My name is Binal Pillai,

2:38

and I lead the Microsoft security

2:40

business for small and medium customer

2:42

segments worldwide. I've been with

2:44

Microsoft for almost 12 years,

2:47

helping customers transform digitally

2:49

with security value proposition.

2:51

Fantastic, and Benil, I know this is

2:53

something you're really passionate about because,

2:56

uh, you've seen, and I know Microsoft has seen this, where

2:59

security in SMB

3:01

has not always been a priority,

3:03

and it seems like that's a major concern

3:05

for you and the work you've done.

3:07

Absolutely, so this is this is an area

3:09

for a high interest, not only from

3:12

a Microsoft as a company

3:14

point of view, it's from a worldwide stand.

3:16

This is a combined responsibility, including

3:19

Microsoft to address the need

3:22

for the customer and help them to improve their

3:24

security posture. So we took it as a mission.

3:26

How we can help customers to improve the security posture.

3:29

At the same time, how we can help the community

3:31

to understand much about security.

3:34

So their position is much better

3:36

in terms of ensuring as

3:38

a consumer, as an enterprise, or

3:40

as a small and medium business owners. So

3:42

that's the big mission that we have

3:44

in place at Microsoft today.

3:46

Why is it that you see SMB as

3:49

particularly at risk for security compared

3:51

to other segments?

3:53

Yeah, I think you see small

3:55

and medium business account for the majority

3:58

of businesses worldwide and

4:00

are important contributors to job creation

4:02

and global economic development.

4:05

They represent about 90 percent

4:07

of businesses and more than 50

4:10

percent of employment worldwide. If

4:12

you look at in the U. S., we have nearly

4:15

32 million small businesses, which

4:17

account 99 percent of

4:19

all U. S. businesses. So

4:22

in this small and medium business driven

4:24

world, things are rapidly changing

4:26

due to an urgency in digital transformation

4:29

enabled by cloud and AI services.

4:33

After COVID 19, majority

4:35

of SMBs are following a hybrid

4:37

work environment where their workers

4:40

are increasingly distributed, able

4:42

to work on. Kind of more flexible

4:45

schedules in a variety of places

4:47

with increased mobility and

4:49

across more and more devices that

4:52

might be company provided or personal

4:54

devices. For example, iPhone. All

4:57

this newfound freedom is refreshing

5:00

and great for the workforce. But

5:02

this distributed landscape can also

5:04

pose security challenges. A couple

5:06

of statistics. Overall, ransomware

5:09

attacks have been up almost 300

5:12

percent in the past year and

5:14

over 50 percent targeting small businesses.

5:17

The economic cost of these

5:19

attacks for small and medium business

5:21

can be catastrophic. With over

5:24

60 percent of small businesses,

5:26

uh, are not being able to operate

5:29

after they have been experienced a cyber

5:31

attack. This is a painful reality

5:34

and this is where Microsoft

5:36

as a company, together with our partner

5:38

ecosystem, want to reach out to the

5:40

SMB customers and engage

5:42

them to accelerate their digital transformation

5:45

journey with security.

5:47

It feels like a lot of small

5:49

and medium sized businesses underestimate

5:51

this because they're so focused on

5:53

delivering value to their customers and

5:56

they think, oh well I can worry about this later. It's the

5:58

enterprises that really have to worry about security. They're

6:00

the targets, but Uh, to your point,

6:03

there are significant threats that are facing

6:05

SMB businesses and, uh,

6:08

it sounds like ransomware is a major one of, Do

6:10

you view like zero trust

6:12

as a concept that can help a lot

6:14

of small businesses improve on

6:17

this by saying, okay, look, we have these devices

6:19

that our employees are using to access,

6:21

you know, work data, you know, maybe distribute

6:24

across the country or even worldwide, We

6:26

need to accelerate our kind

6:28

of like baseline security or what, how are the,

6:31

how are you thinking about the postures that are, are really

6:33

gonna be impactful for, SMBs?

6:35

Yeah, absolutely. You mentioned a very interesting

6:38

point about zero trust, right? I think that

6:40

is the, the principle that we

6:42

want every organization to

6:44

understand and adopt. And there are multiple

6:47

layers when you look at zero trust, right? One

6:49

is, uh. Uh, you know, you know, in Microsoft

6:51

terminology, we say that assume breach

6:54

and then move on to really measure, develop

6:56

the right cyber security measurements

6:58

to really do the right thing, one, to improve

7:00

your security posture, and two, how

7:03

do we react to something happens,

7:05

uh, you know, to your environment from a security

7:07

breach standpoint. So I

7:09

think what is important is for understanding

7:12

at the leadership level for every small,

7:14

medium business, as well as enterprise,

7:17

What does it mean, you know, Zero Trust mean

7:19

for them. How do we adopt that principle

7:22

into the organization? And what kind

7:24

of technology and tools that they should

7:26

adopt? There are a variety of methodologies

7:28

and framework available for organizations

7:30

to develop and design their

7:32

own Zero Trust architecture

7:35

within the within their organization

7:37

limits, right? So that is a key piece.

7:40

You have to define your own Zero Trust journey

7:43

and make sure you take the right action to improve

7:45

your security posture. So again,

7:48

a summary, I would say that it's a leadership

7:50

decision. It's the development

7:52

and implementation of your version of

7:54

Zero Trust that makes sense for you, and

7:56

then make sure how do you really enable the

7:58

tools and framework and technology to

8:00

make that happen. So for me, it's a journey

8:03

and that's exactly I was kind of a Writing

8:05

up in the book to explain, uh,

8:07

in a variety of organizations, including

8:10

enterprises, small, medium business,

8:12

and even consumer, right? To understand the methodology

8:15

and how do we learn and leverage these to

8:17

adopt, to minimize the risk in

8:19

a day to day business standpoint.

8:21

Are there other key challenges that you

8:23

see SMBs having around

8:25

security today?

8:26

I think that there are two primary challenges.

8:29

One is definitely, like I said, the

8:31

SMBs are unfortunately being a

8:33

target from an attacker's point

8:36

of view because it's their less

8:38

effort, you know, because easy to enter

8:40

and they can really do their You

8:42

know, kind of work to really get maximum output

8:45

from a small uh, company

8:47

point of view. So that's a, that's a one big

8:49

challenges. The, the second

8:51

challenge is in the adoption of the tool,

8:54

uh, you know, probably something SMBs

8:56

need to, you know, to completely

8:58

leverage on, uh, partners. And

9:01

the idea Microsoft would love to bring in,

9:03

we have a partner ecosystem

9:05

that is available to support our SMBs

9:08

to make sure. How do we get the

9:10

customer access to the best tools and technologies

9:14

from a proactive, you know, threat

9:16

protection standpoint? So the partners can provide

9:18

the best, you know, tools and solution, like

9:21

we know, Endpoint Detection and Response

9:24

Service or Managed Detection and Response

9:26

Service and, you know, Security

9:28

Operations Center type of services. That

9:30

could be a huge value for SMB because

9:33

we know that majority of the SMBs

9:35

do not have the right

9:37

level of resources. I mean the cyber

9:39

security resources in place, so they

9:41

have to heavily, you know, rely

9:43

on the partner. So we would love to encourage

9:46

every SMP to work with the partner

9:48

ecosystem, um, you know, so that they

9:50

get maximum coverage from a security perspective

9:53

through the services they provided today.

9:54

So this is really interesting in the context

9:57

of our two audiences of

9:59

this podcast. We have the leadership

10:02

audience, which is, you know, VPs of engineering

10:04

at those SMBs, maybe a director of engineering enterprise.

10:06

And then we have the senior software engineer

10:08

who wants to become a leader, the junior software

10:10

engineer who sees these opportunities.

10:13

And one of the big things that we've

10:15

heard about, you know, both

10:17

broadly in software development in society

10:20

and definitely in security is generative AI

10:22

and its impact. I know it's having a major

10:24

impact on the security landscape,

10:26

particularly for SMB. How should

10:29

those two kind of audiences who

10:31

are listening be thinking about leveraging

10:33

AI within software

10:35

development and within the security landscape

10:38

in particular?

10:38

Small and medium businesses are

10:41

are at an increased risk of cyber

10:43

attacks due to their lack of

10:45

basic security measure. As I explained

10:47

earlier, uh, cybercriminals

10:50

are drawn into this business as an easy

10:52

target for low risk high reward

10:54

attack point of view. And SMBs are

10:57

keen to explore the possibilities

11:00

that generative AI can bring

11:02

to to accelerate their growth beyond

11:04

what they could significantly add value

11:06

from a cybersecurity perspective. As

11:09

a branch of artificial intelligence,

11:11

generative AI offered several

11:13

benefits for SMBs in general.

11:16

As AI technologies become more

11:18

perversive across various domains, Ensuring

11:21

their security becomes crucial, uh,

11:23

even though we believe AI powered security

11:26

solutions offer cost effective

11:28

alternatives for SMBs with

11:30

limited, uh, with limited budget and

11:33

resources. In another aspect,

11:35

generative AI can be crucial in

11:37

SMB cybersecurity by providing

11:40

advanced capabilities. to detect,

11:42

analyze, and respond to potential

11:44

threat. Putting aside these

11:47

risks, Generative AI offers

11:49

an outstanding opportunity to change

11:51

the balance between attackers and defenders,

11:54

especially for SMBs that lack

11:56

resources. I think to the audience you mentioned

11:59

earlier, I just wanted to call out some of

12:01

the examples how this really

12:03

make it happen in real time. Let's

12:05

take some of the, uh, let's take some of the,

12:08

uh, cool example. Number one

12:10

is anomaly detection. Uh,

12:12

Gen AI can be used as a tool

12:15

to discover patterns and behaviors

12:17

of normal network traffic and

12:19

user activities or even system

12:21

operations within IT infrastructure.

12:24

The second one is a rapid monitoring.

12:26

It can also help a security

12:28

analyst doing the work to

12:31

reason over the massive data stores

12:33

and detect and respond faster. The

12:36

last one, but not the least, is

12:38

fast learning. It can enhance

12:40

education and quicker understanding

12:43

of the people they do have working

12:45

in IT and security. This

12:47

will be a great advantage, especially for

12:50

SMBs lack skilled

12:52

cyber security resources. what

12:54

actually Microsoft does in this

12:56

space is basically we kind

12:59

of bring these insights into

13:01

our existing product. For example,

13:04

for SMBs, if they are interested in

13:06

AI, we do have existing capabilities

13:08

such as automatic attack disruption

13:11

and automated investigation

13:13

and remediation in Microsoft Defender

13:15

for Business, Business Premium, and

13:18

MME3. Maybe we'll go a little

13:20

bit detail into those capabilities to

13:22

to share some insight for the audience here. The

13:25

first one is, automatic attack

13:27

disruption is designed to contain

13:29

attacks in progress, limit

13:31

the impact on organization

13:33

asset and provide more time

13:35

for the SOC analyst to remediate the

13:38

attack fully. It identifies

13:40

assets controlled by the attacker

13:42

and used to spread the attack. It

13:45

automatically takes responses, uh,

13:47

action across relevant Microsoft

13:49

Defender products to contain the

13:51

attack in real time by isolating

13:53

affected assets. You know, assets. This

13:56

is a game changing capability,

13:58

uh, limits a threat actor's

14:00

progress early on and dramatically

14:03

reduces the overall impact of an attack

14:06

from associated cost to loss

14:08

of productivity. The, the

14:10

second capability is automated

14:12

investigation and remediation. This

14:15

uses a variety, uh, and various

14:17

inspection algorithm and is based

14:19

on A process is that are used

14:21

by security analyst, AIR,

14:25

you know, capabilities are designed to examine

14:28

alerts and take immediate action to resolve

14:30

breaches. It operates in

14:33

three key, three key stages. The

14:35

first one, it starts when an alert

14:37

is triggered and incident is created.

14:40

For example, suppose a malicious

14:42

file is, uh, file resides on a device.

14:45

When that file is detected, an

14:47

alert is triggered and an incident

14:49

is created. While the

14:51

investigation is running, uh, any

14:54

other alerts generated from the device

14:56

are added to the ongoing automated

14:58

investigation until that investigation

15:00

is completed. In addition,

15:03

if the same thread is seen on

15:05

other devices, those devices

15:07

are also added to the investigation. That

15:10

is how it expands the

15:12

scope while running. And

15:15

as alerts are triggered and an automated

15:17

investigation runs, a verdict

15:19

is generated for each piece of

15:21

evidence investigated. Verdicts

15:24

can be malicious, suspicious, or

15:26

no threat found. As verdicts

15:29

are reached, automated investigation

15:32

can result in one or more remediation

15:34

action. So I have gone through some of the

15:36

existing capability, I mean security,

15:38

AI capability, that we have

15:40

in our current products. With these

15:42

capabilities, we can act now together

15:45

with our partner ecosystem as they

15:47

have a significant role to play

15:49

in today's business.

15:52

This is really interesting because, uh,

15:54

I mean, this is something you and I wrote about and

15:56

talked about a lot back in 2018

15:59

2019 when we were working together at Microsoft

16:01

was this possibility of how

16:03

AI can extend the capability

16:05

of security and

16:07

engineering leaders worldwide. Now

16:10

it feels like it's all kind of coming to fruition

16:12

and there's this huge opportunity

16:15

from, from what you're saying for, uh,

16:17

SMB technical leaders to,

16:20

uh, level up and leverage AI solutions

16:22

to, uh, make a bigger impact

16:25

for themselves, make their companies more secure and

16:27

maybe get promoted in the process.

16:30

Absolutely. I think that's a, that's an evolution,

16:32

we have been going through, especially

16:34

in the last three, four years, the

16:36

AI become a predominant, focus

16:39

and driving that motion in a high

16:41

impactful way, uh, and customer

16:44

point of view, partner point of view, as well

16:46

as the technology provider point of view. And,

16:49

uh, this is going to be a game changing, uh,

16:51

in the future of cybersecurity for sure.

16:53

So if I was a technical

16:56

leader at an SMB and

16:58

I'm listening to this and I'm saying, okay, uh,

17:01

maybe I, I run our engineering team

17:03

or I'm the CTO and our security team reports

17:05

into my org. And

17:07

I'm thinking, how should I

17:09

be leveraging AI for

17:11

security? What's the strategy approach

17:14

I should be taking? What would be kind of the framework

17:16

that you would suggest to that CTO,

17:18

that VP of engineering as they think

17:20

through. Um, how

17:22

to take advantage of these new technical

17:25

capabilities and also how to address

17:27

these new threats.

17:29

Yeah, absolutely. So that's a good question.

17:31

The first one is to really, um, you

17:33

know, understand and unlock, uh,

17:36

the product capability. That's the first thing. would,

17:38

I would ask from a CTO

17:41

and technology leader perspective, understand

17:43

the security posture is

17:45

the step zero. Um, there

17:47

are various ways you can do that. The first one

17:49

is, you know, run a maturity

17:52

or, uh, you know, posture assessment.

17:55

Where they are in the security maturity

17:58

are they in one or two? Maybe

18:00

we can have it like one to five ranking and

18:02

that will help us to understand the gap in

18:05

your current security

18:07

maturity. That's the first step and then

18:09

the second step is potentially look at. The conversation

18:11

we had a few minutes ago about the

18:13

zero trust architecture to bring

18:16

that in to really make sure how do we really

18:18

address and build a plan

18:20

to address the gap, right? Based on the maturity

18:22

assessment or cyber security solution assessment,

18:25

whatever, uh, and based on

18:27

the outcome. A recommendation

18:29

from that assessment we can identify what

18:31

is the next step in order to address the gap in your

18:34

security posture. And the third

18:36

element I would really suggest is basically

18:38

uh, you know, work with the partner ecosystem.

18:40

Basically this is a big step for SMBs.

18:43

Like I said, they may not have the right

18:45

resources in place to do internally,

18:47

so they need the skill resources from

18:49

an expert and who does

18:51

all this on a day to day basis. So

18:53

that is the third element to bring the partner ecosystem

18:56

into it. And. you know, provide

18:59

that technology solution to

19:01

address the gap, as well as how do

19:03

we maintain that technology from

19:06

a day to day security coverage

19:08

standpoint, right? Because the threat can

19:11

happen anytime to anyone. So

19:13

we have to have a constant monitoring of

19:15

your environment, both from internally

19:17

as well as externally, so that someone

19:19

who does that job from a regular monitoring

19:22

standpoint is super important. And that

19:24

also comes with threat hunting, threat

19:26

monitoring. As well as remediation action,

19:29

right? So that's actually the third step.

19:31

So from a technology leader,

19:33

to have that end to end picture is super important.

19:36

So they can actually lean in and support

19:38

where they need to prioritize things across

19:41

the organization and across the technology

19:43

they have in place. Now, interestingly,

19:46

uh, like typically in SMB

19:48

world, you may not have

19:50

an individual like a CTO or

19:52

CIO. And perhaps what

19:54

I see in majority of the cases, the

19:57

owner of the company himself or herself

19:59

is kind of a CTO and

20:01

technology leader. So it's, it's important

20:04

for them to really learn and understand

20:06

the challenges and how do we minimize the risk

20:08

from a business angle and then

20:10

leverage the technology, including AI

20:13

to mitigate the risk and improve the security

20:15

portion. I think that's what I would encourage for

20:17

the leaders to consider. And

20:19

then. Pull all delivers tools

20:22

and technologies and framework to support you

20:24

in order to improve your security

20:26

posture, as well as minimize the risk.

20:29

Thank you for those actionable

20:31

takeaways. I hope that, you know, they help

20:33

some leaders in this audience to kind

20:35

of take these next steps and think through their strategy

20:37

here, because to your point, it's

20:40

always easier to Understand

20:43

and address security at the baseline

20:46

level to, you know, have endpoint defense,

20:48

to set that zero trust posture,

20:50

to do these things before you build

20:52

a lot, before you, uh,

20:54

push forward, because otherwise you may

20:56

have a breach that you have to address. You may have to

20:58

come back and, and fix something that's already broken.

21:01

It's better to Build with,

21:03

uh, security in mind and have

21:05

it be like a basic principle of the organization

21:07

of how you're, you know, developing software, how you're transitioning

21:09

in the cloud, whatever it may be. An area

21:12

that I know a lot of our audience

21:14

is already investing time and resources in

21:16

is leveraging GitHub Copilot to

21:19

improve the speed of code generation and,

21:21

uh, improve the ROI of

21:23

their engineering teams by just increasing

21:25

efficiency across the board. And

21:28

I've heard that Microsoft Security

21:30

Copilot is very soon going

21:32

to be launching to public availability, maybe even by the

21:34

time this episode actually publishes. Uh,

21:37

could you share some information and maybe insights

21:39

with our audience about what they can expect

21:41

from that.

21:42

Like all of you, I'm also super excited to see

21:44

that product coming up. Just to give you

21:46

a little bit of a, you know, overview about the

21:48

security co pilot. It is the first

21:51

generative AI security product

21:53

designed to defend our customers

21:56

at machine speed and scale. It

21:59

combines the most advanced GPT

22:02

4 model from OpenAI With

22:04

a Microsoft developed security

22:07

specific model powered by Microsoft

22:09

Security's unique expertise, global

22:12

threat intelligence, and comprehensive security

22:14

product portfolio. Security Co Pilot

22:17

is designed to help security operations

22:19

center analysts to be more effective

22:22

and efficient at all roles

22:24

they play across security. That's a key.

22:27

And I think, uh, from our early

22:29

customer experience. Feedback on the product

22:31

is very exciting and very interesting. They

22:33

see huge value in the natural

22:36

language model we use because

22:38

with security copilot, the

22:40

analysts don't need to write

22:42

a complex script. They can simply

22:45

ask questions in English. And

22:47

Security Co Pilot understand the context,

22:50

set the plan in motion, and provide

22:53

prescriptive guidance resulting in

22:55

significant productivity gains. And

22:58

what I kind of learned, uh, you know,

23:00

the Microsoft Security Co Pilot advantage is

23:02

a few things. Number one, uh, the

23:04

design behind Security Co Pilot is

23:06

not just about talking OpenAI

23:09

and rolling it with, with it. Microsoft

23:11

Mechanics And the second one is SecurityCopilot

23:13

runs on our security and privacy

23:17

compliant hyperscale infrastructure

23:19

that is unique to Microsoft and brings

23:21

the full benefit of being on the

23:24

Azure cloud. And the

23:26

third one, if we add our cyber

23:28

specific model, which works to create

23:30

a cloud loop learning system

23:33

that has an ever growing set of security

23:35

specific skill. Microsoft And finally,

23:37

the security co pilot is at the heart

23:40

of Microsoft's security product

23:42

portfolio. It deeply integrates

23:45

with our existing product experiences

23:47

and workflow across Defender,

23:50

Sentinel, Intune, Entra,

23:53

Purview, and Priva so

23:55

that security professionals see the

23:57

full benefit of Uh, you know, security,

24:00

uh, co pilots, assistants as they

24:02

go about daily work. I'm super excited

24:04

to see the product coming to reality, for

24:06

addressing the world's problem, for

24:09

our customers and partners.

24:10

It sounds like we could even see Security

24:12

Co Pilot enable less senior engineers

24:15

and less senior security analysts to increase

24:17

their effectiveness, which, particularly

24:19

for SMBs, can be hugely

24:22

impactful given that,

24:24

you know, SMB may not have several

24:26

security analysts at the road a problem.

24:28

Yeah, I'm with you. Absolutely. If I look at the product

24:30

capability, it helps a lot for the

24:32

customers as well as partners. I

24:34

think one, it's a one product.

24:36

It can actually provide a lot of value

24:39

from an end to end customer point of view, end to end security

24:41

threat point of view. For the partner, it's

24:44

a tool they're going to definitely leverage a lot,

24:46

uh, to have an insightful

24:48

view in the product Customer environment,

24:51

connecting whatever the product they are on.

24:53

It's pull the information and provide the end

24:55

to end, uh, you know, capability

24:57

to analyze the data and

24:59

then provide the right practice step. So it's kind

25:02

of a game changing tool for everyone,

25:04

um, uh, you know, as a solution.

25:08

This has been a wonderful conversation, Benil.

25:10

I think there's a lot of value in here

25:13

for our audience as they think about security,

25:15

particularly for folks in the SMB. Could

25:17

you share where the best place

25:19

for folks to go to learn more

25:22

from you and about Microsoft security

25:24

strategy?

25:25

The first thing I would love to encourage and

25:27

look at the Microsoft security

25:30

landing page. And we have a blog

25:32

site for security and

25:35

we'll. I'll see a lot of Microsoft

25:37

tall leadership documents, uh, and

25:40

from a from a looking forward

25:42

perspective that what we see in

25:44

the market in every market

25:47

today and what we can do better to support

25:49

the customer needs. That's

25:51

number one. We have a product

25:53

portfolio that categorized by

25:55

capability as well as by segment.

25:58

Uh, majority of the products are available

26:00

for enterprise customers. We do have

26:03

a special, uh, product designed

26:05

for small medium business customers. Like

26:07

I mentioned, uh, Business Premium is

26:09

a great example. Microsoft Defender

26:12

for Business is another product designed for,

26:14

uh, small and medium business. So,

26:17

uh, yes, absolutely Microsoft security

26:19

product portfolio landing page, uh,

26:21

provide the entire portfolio

26:23

view of, uh, infra Microsoft. I

26:25

think that may be a better place. The other one

26:27

I will encourage, uh, an audience to look

26:29

at it, especially from SMB point of view.

26:32

We have a cybersecurity solution

26:34

assessment that's available for, customers.

26:37

And what it does is basically it's

26:39

a, it's a self-service. Cyber

26:42

Security Solution Assessment means

26:44

the customer can, click on it and

26:47

answer a few questions and, you

26:49

will get a report from, uh, Microsoft,

26:51

approved vendor in terms of providing

26:53

what actually the security posture of

26:56

your, uh, Your environment and

26:58

if you don't have a, you know, security,

27:01

you know, personal in your organization

27:03

and definitely your partner can also

27:05

do a cyber security assessment

27:08

on behalf of you and that is

27:10

also available in our, you

27:12

know, cyber security assessment in

27:14

our public website.

27:15

Great, we'll be sure to include links to that in the episode

27:18

description. Banil, do you have any closing

27:20

advice for our audience around security?

27:23

Yeah, absolutely. So I wanted to say that

27:25

security is a foundational capability

27:28

for successful business and operations.

27:31

And we hate to see a situation

27:33

where customers business operations

27:36

are being interrupted and

27:38

their reputation is being challenged due to

27:40

lack of security capability. For

27:43

small, medium business customers, they

27:45

may not have a second chance if something

27:47

similar happened to them. So first,

27:50

we wanted to make sure customers

27:52

assess their security posture so

27:54

that you take the right step to mitigate,

27:57

uh, you know, their risk. Uh, and

27:59

gaps. So please make sure

28:02

security hygiene as a first step.

28:05

The second one, we have AI capabilities

28:07

in our existing solution. Security

28:09

products for SMB, uh, we

28:11

discussed some of them briefly, like

28:14

automatic attack disruption and,

28:16

uh, and others. Uh, AI

28:19

and automation, uh, can be

28:21

implemented to ensure speedy

28:23

investigation and remediation routines.

28:26

We believe AI powered security solutions

28:28

offer cost effective alternatives

28:31

for SMBs with limited budget and

28:33

resources. So, by embracing

28:36

AI capabilities, SMBs can can

28:38

harness the power of generative AI

28:41

to enhance cyber security resiliency.

28:44

Our partners can ensure their support

28:46

for SMP customers by leveraging cyber

28:48

security based AI product.

28:50

Perfect. Well, Banil, I've really enjoyed this conversation.

28:53

It's great to catch up with you and to see

28:55

the fruits of kind of all this labor these last

28:57

years come thank you to,

29:00

uh, you know, fruition for, for Microsoft

29:02

here, because it's clear there's a huge opportunity

29:04

to improve the security of businesses worldwide,

29:07

particularly in SMB, uh, given the

29:09

attack surfaces they're seeing. So thank you so much

29:11

for joining me for this conversation.

29:13

Thanks a lot, Conor. Really appreciate and thanks

29:15

for having me here.

29:16

And if you want to get more conversations like this

29:18

and get in depth articles as well,

29:20

remember to check out our Substack at devinterrupted.

29:22

substack. com. And that's

29:24

all for this week. We'll talk soon all..