Simplify and Clarify • Improve cybersecurity architecture and strategy • Align security to business and humans
The long-awaited Microsoft Cybersecurity Reference Architecture (MCRA) update is now live! https://aka.ms/MCRA In addition to having the latest products and names, this is the first MCRA version integrated natively into the Microsoft Security Adoption Framework (SAF). The popular diagrams are still there, but now there is much more context on how these capabilities fit into an end to end security architecture including why this complete approach is important, how to prioritize security, and much more. This update also includes several vendor neutral diagrams that can be used immediately by any organization without needing to change/remove Microsoft product names. The MCRA also includes Zero Trust models for NIST and Open Group and the mapping of Microsoft capabilities to help you plan those initiatives. As always, don't forget to check out the slide notes (and hovertext /links for each product box) to learn more + to help you present to your teams, peers, customers, partners, and others. Share and Enjoy!
Dear Mark, awesome content as always. I would love to have an slide with your approach to perform security operations under agile premises. How do you feel about it? Makes sense?
Awesome work Mark Simos! But now I have to update all my presentation decks! :-)
Thanks. Key word "Microsoft" A reference model of tools and controls. Are we ever going to build our own reference models? one that is conceptual and not physical, has context and which everyone in our organization can use? I guess not.☹️
Massive amount of work in here - thank you Mark Simos
Thanks for posting, I just looked 3 days ago and was surprised to not see these updates.
Thank you for all the hard work on this, Mark!!
Mark, when I look at https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide, it does not include Defender for Cloud and Sentinel like slides 40 and 46. What is the best way to resolve this discrepancy? I would vote for updating the docs page because the integration shown on your slides is a more comprehensive depiction of the extended detection and response products sold by Microsoft.
Well 95 Slides (95 rings a bell) and we suspect the Applications on OS, Smartphone, and Cloud are leaking our data and secrets by default. Companies are under-configured for cyber security best practices because they are under resourced to plan, or cybersecurity is not a priority and someone else's job. Alexandre BLANC Cyber Security
CTO | Strategy Executive | Cybersecurity Leader | SIEM / SOAR / TIP / ASM / XDR / Threat Intelligence / OASIS / OCA / Open
11moHow is Threat Intelligence not present?