Microsoft cloud service customers will now have access to expanded cloud logging capabilities at no additional cost, thanks to a new collaborative partnership announced today between the tech company and the Cybersecurity and Infrastructure Security Agency (CISA).
Access to the new logging by default capabilities will be available starting in September and will work to enhance cyber defense and incident response, CISA said in its July 19 press release.
“Microsoft’s decision is a significant step toward advancing security by design principles and a strong example of effective partnership resulting in better cybersecurity at a national scale,” the agency said.
The collaboration between the two organizations comes exactly one week after Microsoft announced that it had squelched China-based cyberattacks against Federal email accounts on its server.
Microsoft said it acted in recent weeks to mitigate China-based cyberattacks that exposed email account information of U.S. government agencies and other organizations, along with customer accounts of people tied to those agencies and organizations. CISA and the FBI confirmed that at least one Federal civilian agency was a target of the attacks but did not identify the agency.
A senior CISA official emphasized that the attack appeared to have been narrowly scoped, quickly rooted out, and that classified information was not exposed.
Microsoft identified the attacker as a China-based threat actor that it follows under the name Storm-0558.
Beginning on May 15, “Storm-0558 gained access to email accounts affecting approximately 25 organizations including government agencies as well as related consumer accounts of individuals likely associated with these organizations,” Microsoft said last week. The company began investigating after receiving information from a customer on June 16.
The company emphasized that since then, “Microsoft has completed mitigation of this attack for all customers.”
CISA’s announcement today noted that the Microsoft cyberattack announced last week was discovered by an affected government agency that used available logging data – which it had to pay for – to “quickly enable remediation actions to limit damage.”
“Over the past several years, operational teams at CISA identified several security logs critical for detecting and preventing threat activity that cost extra for organizations utilizing the Microsoft basic enterprise license,” the agency said.
Because of the organizations’ new collaboration going forward, these additional logging capabilities will now be available at no extra cost to Federal government customers and Microsoft commercial customers beginning in September.
“After working collaboratively over the past year, I am extremely pleased with Microsoft’s decision to make necessary log types available to the broader cybersecurity community at no additional cost,” CISA Director Jen Easterly said in a statement. “While we recognize this will take time to implement, this is truly a step in the right direction toward the adoption of Secure by Design principles by more companies.”
Today’s collaboration is a part of CISA’s push to encourage use of products that are secure-by-design and -default – creating an environment where technology products are designed with secure features built in for the benefit of all customers.
“Today’s announcement comes as a result of our close partnership with CISA, who have called for the industry to take action in order to better protect itself from potential cyber-attacks,” said Vasu Jakkal, Microsoft’s corporate VP of security, compliance, identity, and management. “It also reflects our commitment to engaging with customers, partners, and regulators to address the evolving security needs of the modern world.”
