Big data is 'giving us an edge over hackers' for the first time, says Microsoft CISO

Massive amounts of network, endpoint, application and identity signals are being used to train machine learning models and improve detection

Access to an ever-swelling pool of data, fuelled by the explosion of cloud service adoption, is giving Microsoft an edge over cyber criminals for the first time, CISO Bret Arsenault has declared.

The sheer scale and diversity of signal data that Microsoft’s security teams have at hand has radically enhanced the company’s response to cyber security threats in recent years, according to Arsenault. This has given his team a relative edge over cyber criminals because they simply don’t have access to the same amount of information.

“This is one of the things where I feel we are, for the first time, advantaged over the bad actors, who don’t generally have the same access to the scale that we are talking about here, and the ability to go do this,” he said during a press briefing. 

“And that is one of the important changes that’s happened as a result of cloud transition and is a key part of Microsoft’s approach to protecting both our own company and our customers writ large.”

The information Microsoft can access has expanded from just network signals to also include endpoint, application, email and identity signals, among other data points. Once amassed, the company then applies internal analysis, including the use of machine learning models, to further enhance overall threat detection and prevention.

The data is gathered from half a trillion email messages, half a trillion forms of authentication, 18 million URLs and telemetry from more than one billion devices Microsoft provides software updates to each month, among other soures. From this data, Arsenault's team can see which malware strains may be slipping through the cracks, and conduct analysis from a global perspective, as well as a sector-by-sector basis.

“The thing that I think advantages us over bad actors is the access to signal,” he continued, “because what you’re basically doing is you’re using and training models on this massive set of signals that allow us to have better detection capabilities.

“That signal isn’t available to everyone, because you have to have access to massive data centres, you have to have access to massive networking, you have to have access to massive mail telemetry, massive application usage telemetry. The cloud providers have that, and the customers who use them have that, but writ large the bad actors don’t have access to that.”

Arsenault also highlighted an example of how the expanded use of data and analytics has resulted in an improvement to threat detection over time. 

Were a customer to receive a suspicious email, his team may have once had to first understand the nature of the email, whether or not it was a phishing attempt, and then manually remove the message if declared unsafe. This was conducted on a customer-by-customer basis.

Now, as soon as such a message is detected in one place, and it’s determined to be nefarious, his team can remove it from every instance across the entire customer base.

He added that while some malicious organisations may have access to elements of the broad signal data, or pieces of the underlying infrastructure required to harness such information, it’s currently incredibly difficult to amass in full as his company has done over time.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Microsoft tells IT admins to turn off legacy group policies to improve Windows performance
Microsoft Windows

Microsoft tells IT admins to turn off legacy group policies to improve Windows performance

21 Jan 2022
Microsoft buys game developer Activision Blizzard for $68.7 billion
mergers and acquisitions

Microsoft buys game developer Activision Blizzard for $68.7 billion

18 Jan 2022
Microsoft takes aim at critical RCE flaws with "massive" Patch Tuesday update
cyber security

Microsoft takes aim at critical RCE flaws with "massive" Patch Tuesday update

12 Jan 2022
Windows 11 problems and how to fix them
Microsoft Windows

Windows 11 problems and how to fix them

7 Jan 2022

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022