Big data is 'giving us an edge over hackers' for the first time, says Microsoft CISO

Massive amounts of network, endpoint, application and identity signals are being used to train machine learning models and improve detection

Access to an ever-swelling pool of data, fuelled by the explosion of cloud service adoption, is giving Microsoft an edge over cyber criminals for the first time, CISO Bret Arsenault has declared.

The sheer scale and diversity of signal data that Microsoft’s security teams have at hand has radically enhanced the company’s response to cyber security threats in recent years, according to Arsenault. This has given his team a relative edge over cyber criminals because they simply don’t have access to the same amount of information.

“This is one of the things where I feel we are, for the first time, advantaged over the bad actors, who don’t generally have the same access to the scale that we are talking about here, and the ability to go do this,” he said during a press briefing. 

“And that is one of the important changes that’s happened as a result of cloud transition and is a key part of Microsoft’s approach to protecting both our own company and our customers writ large.”

The information Microsoft can access has expanded from just network signals to also include endpoint, application, email and identity signals, among other data points. Once amassed, the company then applies internal analysis, including the use of machine learning models, to further enhance overall threat detection and prevention.

The data is gathered from half a trillion email messages, half a trillion forms of authentication, 18 million URLs and telemetry from more than one billion devices Microsoft provides software updates to each month, among other soures. From this data, Arsenault's team can see which malware strains may be slipping through the cracks, and conduct analysis from a global perspective, as well as a sector-by-sector basis.

“The thing that I think advantages us over bad actors is the access to signal,” he continued, “because what you’re basically doing is you’re using and training models on this massive set of signals that allow us to have better detection capabilities.

“That signal isn’t available to everyone, because you have to have access to massive data centres, you have to have access to massive networking, you have to have access to massive mail telemetry, massive application usage telemetry. The cloud providers have that, and the customers who use them have that, but writ large the bad actors don’t have access to that.”

Arsenault also highlighted an example of how the expanded use of data and analytics has resulted in an improvement to threat detection over time. 

Were a customer to receive a suspicious email, his team may have once had to first understand the nature of the email, whether or not it was a phishing attempt, and then manually remove the message if declared unsafe. This was conducted on a customer-by-customer basis.

Now, as soon as such a message is detected in one place, and it’s determined to be nefarious, his team can remove it from every instance across the entire customer base.

He added that while some malicious organisations may have access to elements of the broad signal data, or pieces of the underlying infrastructure required to harness such information, it’s currently incredibly difficult to amass in full as his company has done over time.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

Botnet targets vulnerable Microsoft Exchange servers
botnets

Botnet targets vulnerable Microsoft Exchange servers

23 Apr 2021
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

22 Apr 2021
What is hacktivism?
hacking

What is hacktivism?

22 Apr 2021
Geico data breach leads to stolen driver’s license numbers
data breaches

Geico data breach leads to stolen driver’s license numbers

21 Apr 2021

Most Popular

REvil threatens to release Apple’s hardware schematics
ransomware

REvil threatens to release Apple’s hardware schematics

21 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Samsung Galaxy S21 Ultra review: Ultra in every sense of the word
Mobile Phones

Samsung Galaxy S21 Ultra review: Ultra in every sense of the word

22 Apr 2021