In March 2023, I attended the sixth edition of BlueHatIL, a cybersecurity conference organized by Microsoft. The event is specifically focused on the Israel region and brings together researchers, experts, and professionals from the cybersecurity community to discuss the latest developments and challenges in the field of cybersecurity.
Before the event started, I visited the Microsoft Israel Development Center (ILDC) with some colleagues to meet with program managers of various security products from the Microsoft portfolio. The conversations were particularly valuable as we had the opportunity to directly speak with the developers of the security products and provide feedback. It became clear to me once again that Microsoft has a strong focus on the security of the services and solutions they offer. It is wonderful to see how dedicated everyone was and how Microsoft enables us to collaborate and make products even better together.
The name “BlueHat” is derived from the “Black Hat” and “White Hat” terms used in the cybersecurity community to describe malicious and ethical hackers, respectively. “Blue” in the name BlueHat refers to Microsoft.
During the conference, topics such as cloud security, zero-day vulnerabilities, threat detection and analysis, malware research, and more were discussed. One of the highlights was the keynote speech by David Weston, Vice President of Enterprise and OS Security at Microsoft. He spoke about the future of security in Windows and introduced some significant changes for the Windows OS, such as the integration of Rust in the Windows kernel.
Rust offers excellent performance and strong capabilities in terms of secure memory usage, providing opportunities to enhance activities related to system programming tasks, including the development of Windows operating systems and network services.
Additionally, David emphasized once again that “adminless” work is the future. Adminless work is a component of Microsoft’s “zero-trust” security model, where users are given the minimum level of access necessary to perform their tasks. This means that users do not have administrative rights on their local workstations. An IT administrator will perform administrative tasks when necessary.
There are several reasons why this is crucial. One of them is that the likelihood of attackers infiltrating a system is reduced when they don’t have administrator access. Furthermore, the organization gains more control over its data by restricting access to only those who need it. This way, organizations can better protect their data from unauthorized access. Another significant reason for not having administrative rights on workstations is that it reduces the risk of malware infections by limiting users’ ability to install software and make changes to their systems. It is less likely for malware to spread across a network if users don’t have administrative access.
Like David Weston says:
“Running as admin is like running with scissors”
Please find below the retrospective video for a glimpse of the atmosphere at BlueHatIL 2023.
Everything Cloud 