Big data is 'giving us an edge over hackers' for the first time, says Microsoft CISO

Massive amounts of network, endpoint, application and identity signals are being used to train machine learning models and improve detection

Access to an ever-swelling pool of data, fuelled by the explosion of cloud service adoption, is giving Microsoft an edge over cyber criminals for the first time, CISO Bret Arsenault has declared.

The sheer scale and diversity of signal data that Microsoft’s security teams have at hand has radically enhanced the company’s response to cyber security threats in recent years, according to Arsenault. This has given his team a relative edge over cyber criminals because they simply don’t have access to the same amount of information.

“This is one of the things where I feel we are, for the first time, advantaged over the bad actors, who don’t generally have the same access to the scale that we are talking about here, and the ability to go do this,” he said during a press briefing. 

“And that is one of the important changes that’s happened as a result of cloud transition and is a key part of Microsoft’s approach to protecting both our own company and our customers writ large.”

The information Microsoft can access has expanded from just network signals to also include endpoint, application, email and identity signals, among other data points. Once amassed, the company then applies internal analysis, including the use of machine learning models, to further enhance overall threat detection and prevention.

The data is gathered from half a trillion email messages, half a trillion forms of authentication, 18 million URLs and telemetry from more than one billion devices Microsoft provides software updates to each month, among other soures. From this data, Arsenault's team can see which malware strains may be slipping through the cracks, and conduct analysis from a global perspective, as well as a sector-by-sector basis.

“The thing that I think advantages us over bad actors is the access to signal,” he continued, “because what you’re basically doing is you’re using and training models on this massive set of signals that allow us to have better detection capabilities.

“That signal isn’t available to everyone, because you have to have access to massive data centres, you have to have access to massive networking, you have to have access to massive mail telemetry, massive application usage telemetry. The cloud providers have that, and the customers who use them have that, but writ large the bad actors don’t have access to that.”

Arsenault also highlighted an example of how the expanded use of data and analytics has resulted in an improvement to threat detection over time. 

Were a customer to receive a suspicious email, his team may have once had to first understand the nature of the email, whether or not it was a phishing attempt, and then manually remove the message if declared unsafe. This was conducted on a customer-by-customer basis.

Now, as soon as such a message is detected in one place, and it’s determined to be nefarious, his team can remove it from every instance across the entire customer base.

He added that while some malicious organisations may have access to elements of the broad signal data, or pieces of the underlying infrastructure required to harness such information, it’s currently incredibly difficult to amass in full as his company has done over time.

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Recommended

Most CISOs worry cloud software flaws aren’t being caught
cloud security

Most CISOs worry cloud software flaws aren’t being caught

7 Jun 2021
Splunk debuts a new suite of cloud security solutions
Security

Splunk debuts a new suite of cloud security solutions

22 Jun 2021
Nvidia Jetson chips make IoT devices vulnerable to attack
vulnerability

Nvidia Jetson chips make IoT devices vulnerable to attack

22 Jun 2021
Cryptocurrency crimes have increased 12-fold since 2016
cryptocurrencies

Cryptocurrency crimes have increased 12-fold since 2016

22 Jun 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021
EU plans to launch bloc-wide cyber task force
cyber attacks

EU plans to launch bloc-wide cyber task force

22 Jun 2021