On Tuesday, Sept. 10, we hosted the Windows Endpoint Security Ecosystem Summit. This forum brought together a diverse group of endpoint security vendors and government officials from the U.S. and Europe to discuss strategies for improving resiliency and protecting our mutual customers’ critical infrastructure. Although this was not a decision-making meeting, we believe in the importance of transparency and community engagement. Therefore, we’re sharing the key themes and consensus points discussed during the summit, offering insights into our initial conversations.
We want to thank every one of our summit attendees for dedicating their time to participating in these meaningful discussions. The CrowdStrike incident in July underscored the responsibility security vendors have to drive both resiliency and agile, adaptive protection. And it was inspiring to see the engagement throughout the event’s agenda and activities.
Together with our Microsoft Virus Initiative (MVI) partners—companies who develop endpoint protection and additional security products for Windows, covering client, server and IoT—we discussed the complexities of the modern security landscape, acknowledging there are no simple solutions.
A key consensus point at the summit was that our endpoint security vendors and our mutual customers benefit when there are options for Windows and choices in security products. It was apparent that, given the vast number of endpoint products on the market, we all share a responsibility to enhance resiliency by openly sharing information about how our products function, handle updates and manage disruptions.
In the short term, we discussed several opportunities to improve how we support the safety and resiliency of our mutual customers. First, we spent time going into depth on how we employ Safe Deployment Practices (SDP) at Microsoft and where we can create shared best practices as a community, including sharing data, tools and documented processes. We face a common set of challenges in safely rolling out updates to the large Windows ecosystem, from deciding how to do measured rollouts with a diverse set of endpoints to being able to pause or rollback if needed. A core SDP principle is gradual and staged deployment of updates sent to customers. Microsoft Defender for Endpoint publishes SDPs and many of our ecosystem partners such as Broadcom, Sophos and Trend Micro have shared how they approach SDPs as well. This rich discussion at the Summit will continue as a collaborative effort with our MVI partners to create a shared set of best practices that we will use as an ecosystem going forward.
Beyond the critical SDP work, there are several ways we can enhance our support for customers in the near term. Building on the MVI program we have today, we discussed how Microsoft and partners can increase testing of critical components, improve joint compatibility testing across diverse configurations, drive better information sharing on in-development and in-market product health, and increase incident response effectiveness with tighter coordination and recovery procedures. These are a sampling of the topics we plan to make rapid progress on, to improve our collective customers’ security and resiliency.
In addition, our summit dialogue looked at longer-term steps serving resilience and security goals. Here, our conversation explored new platform capabilities Microsoft plans to make available in Windows, building on the security investments we have made in Windows 11. Windows 11’s improved security posture and security defaults enable the platform to provide more security capabilities to solution providers outside of kernel mode.
Both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode which, along with SDP, can be used to create highly available security solutions. At the summit, Microsoft and partners discussed the requirements and key challenges in creating a new platform which can meet the needs of security vendors.
Some of the areas discussed include:
- Performance needs and challenges outside of kernel mode
- Anti-tampering protection for security products
- Security sensor requirements
- Development and collaboration principles between Microsoft and the ecosystem
- Secure-by-design goals for future platform
As a next step, Microsoft will continue to design and develop this new platform capability with input and collaboration from ecosystem partners to achieve the goal of enhanced reliability without sacrificing security.
Finally, there are important steps customers can take today to increase resiliency in their current deployments. In addition to the important conversations summarized above, there are several practical, vendor-neutral steps enterprises can benefit from, including having business continuity planning (BCP) and a major incident response plan (MIRP) in place and backing up data securely and often.
It was clear from kickoff through closing at the summit that as platform and endpoint security providers, we are all focused on the productive conversations that need to be happening. We’re competitors, we’re not adversaries. The adversaries are the ones we need to protect the world from. We are grateful for the support and input from this community and excited about the conversations in progress and work we have ahead.
Vendors participating in the Windows Endpoint Security Ecosystem Summit offer remarks with further perspective:
Adam Bromwich, CTO and Head of R&D, Enterprise Security Group, Broadcom: “Organizations today benefit from a diverse, layered security defense. As a result, industry collaboration is vital to helping organizations stay ahead of persistent threats and remain resilient when unexpected business disruptions occur. As a long-time Microsoft Virus Initiative (MVI) Partner, Broadcom recognizes that working closely with Microsoft and other security vendors not only helps improve our customers’ security posture, including endpoint protection, but also the greater global digital ecosystem.”
Drew Bagley, VP & Counsel, Privacy and Cyber Policy, CrowdStrike: “We appreciated the opportunity to join these important discussions with Microsoft and industry peers on how best to collaborate in building a more resilient and open Windows endpoint security ecosystem that strengthens security for our mutual customers.”
ESET: “ESET supports modifications to the Windows ecosystem that demonstrate measurable improvements to stability, on condition that any change must not weaken security, affect performance, or limit the choice of cybersecurity solutions. It remains imperative that kernel access remains an option for use by cybersecurity products to allow continued innovation and the ability to detect and block future cyberthreats. We look forward to the continued collaboration on this important initiative.”
Ric Smith, Chief Product and Technology Officer, SentinelOne: “SentinelOne thanks Microsoft for its leadership in convening the Windows Endpoint Security Ecosystem Summit and we are fully committed to helping drive its goal of reducing the chance of future events like the one caused by CrowdStrike. We believe that transparency is critical and strongly agree with Microsoft that security companies must live up to stringent engineering, testing and deployment standards and follow software development and deployment best practices. We are proud that we have followed the processes that Microsoft has discussed today for years and will continue to do so going forward.”
Joe Levy, CEO, Sophos: “We are honored to be a part of the Windows Endpoint Security Ecosystem Summit. It was a welcome opportunity to join industry peers in an open discussion of advancements that will serve our customers by elevating the resilience and robustness of both Microsoft Windows and the endpoint security ecosystem. We were very pleased to see Microsoft support many of Sophos’ recommendations, based on the collection of architectural and process innovations we’ve built over the years and present today on the 30 million Windows endpoints we protect globally. The summit was an important and encouraging first step in a journey that will produce incremental improvement over time, and we look forward to collaborating in the design and delivery of more resilient and secure outcomes to our customers.”
Karan Sondhi, CTO, Public Sector, Trellix: “Responsible security starts with vendor’s architecture, coordination with the ecosystem and prioritization of resilience for all. The time for collaboration across our industry and government to stay ahead of our adversaries is now.”
Kevin Simzer, Chief Operating Officer, Trend Micro: “I applaud Microsoft for opening its doors to continue collaborating with leading endpoint security leaders, to make our mutual customers even more cyber resilient. Looking forward to more collaboration.”