Many of you may have seen the recent attack on Stryker, which wiped 200,000 devices where attackers targeted Intune-managed environments via Azure.
Stories like this can sound alarming, but they also highlight something important: Security works best when systems are designed with layered protection and blast radius containment in mind.

Stryker had their entire Azure compromised, it seems. Most likely by a spearfishing or social engineering attack. Devices & servers wiped. Their domain was on AWS and was unaffected.

The good news for you, if you are our customer, is that Swif was built exactly for these scenarios. Distribution is necessary for a strong security posture.

Our architecture separates cloud identity systems from endpoint security controls, ensuring that even if a cloud platform or identity credential is compromised, attackers cannot automatically gain control of your organization’s devices and not just wipe your servers but also your devices, which might have also housed things like critical IP.

This separation dramatically reduces the blast radius of potential incidents and helps maintain control over your endpoints when other systems may be under pressure.

Swif also protects critical APIs used for device management and enforces strict controls around sensitive actions.

To further strengthen this protection, we are introducing an additional safeguard soon: email-based MFA confirmation for critical MDM actions, such as device lock or wipe. This adds an extra verification step before sensitive operations can occur.

Starting in 2023, the number of targeted spear-phishing campaigns increased 50% or so per year. We are now starting to see this bleed out of the Middle East more and more with war. These are particularly aimed at IT/HR administrators who might not know better. These attacks often attempt to gain privileged access through social engineering rather than technical vulnerabilities because at this point the software itself is just so good at defense. That’s why layered security and separation of systems matter more and more than ever before.

This might be a good opportunity to educate and just remind your staff to be cautious. Show and educate them on what happens when things go very, very wrong.

If there’s one takeaway from recent events, it’s this:

Organizations that separate identity systems, device security, and enforcement controls are significantly more resilient.

We’re proud and honored that many of you are already operating with that architecture in place through Swif.

Security threats will continue to evolve, and we will continue strengthening the platform to stay ahead of them. This is what we do.

Thank you for trusting us to help protect your devices and your organization.

— The Swif Team