Microsoft Security Summit Was a Lot of Talk, Little Action

Microsoft held its high-profile Windows Endpoint Security Ecosystem Summit this week with Crowdstrike and other security vendors. Today, the software giant discussed what happened, but it doesn’t seem that much will come out of it, as there are very few specifics for a way forward.

“We want to thank every one of our summit attendees for dedicating their time to participating in these meaningful discussions,” Microsoft vice president David Weston writes. “The CrowdStrike incident in July underscored the responsibility security vendors have to drive both resiliency and agile, adaptive protection. And it was inspiring to see the engagement throughout the event’s agenda and activities.”

It would have been even more inspiring to have seen some cross-industry agreement and concrete improvements come out of the event. But that doesn’t seem to be the case. Instead, the attendees agreed only that their mutual customers benefit from a choice of security solutions and that sharing information about how their products function with each other is important.

They discussed “several opportunities” for improving the safety and security of those mutual customers.

Short term, Microsoft explained to the others how it employs Safe Deployment Practices (SDP) internally and how this might lead to a shared set of best practices. And they discussed how they could “increase testing of critical components, improve joint compatibility testing across diverse configurations, drive better information sharing on in-development and in-market product health, and increase incident response effectiveness with tighter coordination and recovery procedures.”

Longer term, Microsoft plans new platform capabilities and security baseline for Windows 11. The partners called on the company to make more security capabilities available outside the kernel. Doing so introduces performance and anti-tampering challenges, Weston noted, but Microsoft is committed to designing and developing a secure by design platform capability with input and collaboration from its partners. Whatever for that takes.

“We’re competitors, we’re not adversaries,” he said of Microsoft and the security vendors at the summit, which included representatives of Broadcom, Crowdstrike, ESET, SentinelOne, Sophos, Trellix, and Trend Micro. “The adversaries are the ones we need to protect the world from. We are grateful for the support and input from this community and excited about the conversations in progress and work we have ahead.”

Based on the Microsoft post, taking security protections entirely outside the Windows kernel may be impossible. This quote encapsulates the problem clearly.

“ESET supports modifications to the Windows ecosystem that demonstrate measurable improvements to stability, on [the] condition that any change must not weaken security, affect performance, or limit the choice of cybersecurity solutions,” a statement by the security company explains. “It remains imperative that kernel access remains an option for use by cybersecurity products to allow continued innovation and the ability to detect and block future cyberthreats. We look forward to the continued collaboration on this important initiative.”