Microsoft adds ML-based data protection feature to Purview
Microsoft is adding a machine learning-based technology to its Purview data governance tool, hoping to appeal to customers who are worried about insider security risks.
The Adaptive Protection feature, which the enterprise software company is introducing at an online event today, uses machine learning to see how employees and other users are dealing with data and whether they are engaging in behavior that puts their identity at risk.
Adaptive Protection, currently in preview, will automatically put in place data loss prevention (DLP) controls based on the risk level applied to each user.
“With Adaptive Protection, DLP policies become dynamic, ensuring that the most effective policy – such as blocking data sharing – is applied only to high-risk users, while low-risk users can maintain their productivity,” Vasu Jakkal, corporate vice president for Microsoft Security, wrote in a blog post. “The result: your security operations team is now more efficient and empowered to do more with less.”
The new feature is designed to address what Jakkal said is a security problem created by the massive amounts of data being generated, the risking adoption of hybrid cloud and multicloud environments, and data protection tools that are focused on content, which generate a lot of alerts that security teams have to respond to.
The idea with Adaptive Protection is that a user with an elevated risk rating is blocked from such actions as printing a file with sensitive data, while another user deemed a minor security risk may simply see policy tips and be asked to file a business justification before being allowed to print the same document.
“Machine learning enables Adaptive Protection controls to automatically respond, so your organization can protect more (with less) while still maintaining workplace productivity,” Jakkal wrote.
In addition, Microsoft this week said it is integrating capabilities from Purview Compliance Manager and Defender for Cloud to address the evolving complex regulatory environment and the growing data security challenges fueled by more remote workers.
The integration “translates complex regulatory requirements into specific controls, allowing organizations to constantly assess, monitor, and improve their compliance posture,” wrote Daniel Hidalgo, global product marketing manager for security at Microsoft.
The new capabilities will go into public preview in March and will give security teams a single place to manage technical controls from Defender for Cloud – covering not only Azure services but also those from Amazon Web Services and Google Cloud Platform – and extends continuous assessment capabilities across clouds to ensure broad compliance.
“Continuous assessments help customers automate compliance processes by eliminating a big pain point – blind spots,” Hidalgo wrote. “With the help of automated testing, customers can automatically check whether a technical control has passed or failed.” ®