Why Security, Why Now?

Today, Apex announced the launch and availability of Aegis, our new managed security service based on the Microsoft 365 and Azure security and compliance portfolio. The service is designed to help both new and existing Microsoft customers manage, detect, respond, and continuously improve their maturity of critical security and compliance capabilities for a secure modern workforce.

Cybersecurity has been an important element in global business strategies for years, but it is now more important than ever. In this blog, we will highlight why it is critical for organizations to develop comprehensive security strategies and how Apex’s approach is uniquely positioned to empower you to secure your business.

In September 2020, Microsoft released a new annual report (Digital Defense Report) that covers cybersecurity trends over the past year. The conclusions from this report are clear – attacks have grown in both volume and sophistication. A few key highlights from the report are important to consider:

• While previously focusing on malware, more recently cybercriminals have shifted their focus to phishing attacks to harvest credentials from their targets (~70%)
• Attack campaigns are being rapidly adapted and changed to evade detection across sending domains, email addresses, content templates, and URL domains – already showing decreasing activity on subjects like COVID-19
• Ransomware continues to grow as a major threat to organizations
• Significant challenges presented from remote work and the new modern workforce – dramatic increase in attacks focused on identity and from sensitive data leakage

Let’s not just take Microsoft’s word for the increased threat landscape either – spend time going through the myriad of Annual and Industry Threat Intelligence Reports and you will see the same theme over and over; threats to organizations continue to rise at an alarming rate across all industries, sectors, and company sizes.

Security has never been more important to organizations than it is today – and organizations are looking to service providers at a growing rate to help solve this challenge.

First, let’s take a look at the technology being utilized. Aegis is focused and based on delivering services on top of the Microsoft security and compliance portfolio.  Over the last several years, Microsoft has been not so quietly developing their security stack that spans across identities, devices, applications, infrastructure, network, and data.

Admittedly, in the past, the market has overlooked Microsoft as a serious contender in the security space. That said, if you haven’t spent any time evaluating or testing the Microsoft security portfolio recently, then you are doing your organization a serious disservice.

Across Microsoft’s portfolio, they bring market-leading capabilities that can replace at least 26 other technologies including, but not limited to: advanced endpoint protection platforms (EPP) including endpoint detection and response (EDR) capabilities, single sign-on (SSO), multi-factor authentication (MFA), unified endpoint management (UEM), cloud access security broker (CASB), and data loss prevention (DLP). Many do not realize, but Microsoft is named a Leader in six (6) Gartner security & compliance Magic Quadrants across security and compliance.

Aside from the significant integration opportunity across all these platforms, the cost savings from a centralized security platform could provide significant opportunities to organizations.

Second, let’s think about the trends from the Microsoft threat report. Most Managed Detection and Response (MDR) providers focus monitoring across some combination of network, endpoint, log, or cloud. These are critical layers for monitoring but given today’s modern workforce and organizations’ transition to cloud-based services, these same providers lack visibility into key parts of the network to properly protect your identity, your email and documents, and, ultimately, your data.

Without visibility into email, they are handcuffed from protecting you from one of the most significant threats in phishing and credential harvesting. Without the ability to secure, monitor, and enforce identity protection, they are unable to protect a core foundational component to modern security. Without the control or visibility that CASB solutions can bring across a remote workforce and cloud platforms – including SaaS applications – these providers may lack required visibility into network traffic and activity.

Third, most MDR providers and Managed Security Service Providers (MSSPs) are almost entirely focused on external threats. Attacks from external threats (i.e. hackers) are only part of the challenge that organizations face today. Organizations also face significant threats from both malicious and well-intention insiders (employees or contractors). Providers that lack visibility or capability to monitor and respond to user-level activity captured by tools such as CASB, DLP, and others, are potentially missing a significant portion of organizational threats.  Prior to selecting a security provider, fully understand what they are doing to protect you from insider threats. 

Lastly, as part of this launch, Apex is also announcing Vantage, a proprietary capability and operational maturity model designed to help organizations measure, monitor, and mature their current security programs. Vantage helps identify and prioritize critical areas that organizations can improve over time through continuous assessment and re-assessment across core functional areas, including security. While most MDR providers are content with simply monitoring threat activity day-in-day-out, Aegis helps organizations improve their operational maturity and security posture over time.

Apex is extremely excited about the launch of Aegis and the opportunity to bring a Microsoft-centric security service to market. An opportunity to not only deliver better security coverage but also empower customers to continuously improve with Vantage to achieve better security outcomes now and into the future.