A few weeks ago, Microsoft announced it would be holding a special event, the Windows Endpoint Security Ecosystem Summit. Its purpose was to get ideas and solutions for better Windows security and how to improve the release of security updates for Windows PCs, including from third-party providers. The summit was announced in the wake of Crowdstrike's faulty update that was sent out in July and brought down millions of Windows PCs for a lengthy period.
The summit was held on September 10, and today, Microsoft published a blog post summarizing what was discussed. While the company admitted that the summit "was not a decision-making meeting," today's blog post did offer some near-term and longer-term ideas for improving Windows security and updates.
Microsoft did say that there was agreement that both security companies and their customers "benefit when there are options for Windows and choices in security products." That includes those companies sharing information on how their various security systems operate, how they develop and send out updates, and how they can handle issues like what happened with the Crowdstrike update.
Microsoft said it would share its own Safe Deployment Practices (SDP) in the near future and talked about how security vendors can share their practices on data, tools, and processes. The blog added:
We face a common set of challenges in safely rolling out updates to the large Windows ecosystem, from deciding how to do measured rollouts with a diverse set of endpoints to being able to pause or rollback if needed. A core SDP principle is gradual and staged deployment of updates sent to customers. Microsoft Defender for Endpoint publishes SDPs and many of our ecosystem partners such as Broadcom, Sophos and Trend Micro have shared how they approach SDPs as well.
The goal is to collaborate with vendors and "create a shared set of best practices."
Other near-term solutions that Microsoft said were discussed at the summit include increased testing of components and improvements in "oint compatibility testing across diverse configurations."
For the longer term, Microsoft and the summit attendees discussed adding more security improvements in Windows 11 outside of kernel mode. They also discussed other related topics, including:
- Performance needs and challenges outside of kernel mode
- Anti-tampering protection for security products
- Security sensor requirements
- Development and collaboration principles between Microsoft and the ecosystem
- Secure-by-design goals for future platform
Ultimately, Microsoft stated:
We’re competitors, we’re not adversaries. The adversaries are the ones we need to protect the world from. We are grateful for the support and input from this community and excited about the conversations in progress and work we have ahead.
There's no word on when or if another similar summit will be held.
5 Comments - Add comment