IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Big data is 'giving us an edge over hackers' for the first time, says Microsoft CISO

Massive amounts of network, endpoint, application and identity signals are being used to train machine learning models and improve detection

Access to an ever-swelling pool of data, fuelled by the explosion of cloud service adoption, is giving Microsoft an edge over cyber criminals for the first time, CISO Bret Arsenault has declared.

The sheer scale and diversity of signal data that Microsoft’s security teams have at hand has radically enhanced the company’s response to cyber security threats in recent years, according to Arsenault. This has given his team a relative edge over cyber criminals because they simply don’t have access to the same amount of information.

“This is one of the things where I feel we are, for the first time, advantaged over the bad actors, who don’t generally have the same access to the scale that we are talking about here, and the ability to go do this,” he said during a press briefing. 

“And that is one of the important changes that’s happened as a result of cloud transition and is a key part of Microsoft’s approach to protecting both our own company and our customers writ large.”

The information Microsoft can access has expanded from just network signals to also include endpoint, application, email and identity signals, among other data points. Once amassed, the company then applies internal analysis, including the use of machine learning models, to further enhance overall threat detection and prevention.

The data is gathered from half a trillion email messages, half a trillion forms of authentication, 18 million URLs and telemetry from more than one billion devices Microsoft provides software updates to each month, among other soures. From this data, Arsenault's team can see which malware strains may be slipping through the cracks, and conduct analysis from a global perspective, as well as a sector-by-sector basis.

“The thing that I think advantages us over bad actors is the access to signal,” he continued, “because what you’re basically doing is you’re using and training models on this massive set of signals that allow us to have better detection capabilities.

“That signal isn’t available to everyone, because you have to have access to massive data centres, you have to have access to massive networking, you have to have access to massive mail telemetry, massive application usage telemetry. The cloud providers have that, and the customers who use them have that, but writ large the bad actors don’t have access to that.”

Arsenault also highlighted an example of how the expanded use of data and analytics has resulted in an improvement to threat detection over time. 

Were a customer to receive a suspicious email, his team may have once had to first understand the nature of the email, whether or not it was a phishing attempt, and then manually remove the message if declared unsafe. This was conducted on a customer-by-customer basis.

Now, as soon as such a message is detected in one place, and it’s determined to be nefarious, his team can remove it from every instance across the entire customer base.

He added that while some malicious organisations may have access to elements of the broad signal data, or pieces of the underlying infrastructure required to harness such information, it’s currently incredibly difficult to amass in full as his company has done over time.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads
Microsoft Windows

Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads

20 Jun 2022
IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated
Business strategy

IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated

17 Jun 2022
Proofpoint details 'dangerous' ransomware flaw in SharePoint and OneDrive
ransomware

Proofpoint details 'dangerous' ransomware flaw in SharePoint and OneDrive

17 Jun 2022
Microsoft silent patches called “a grossly irresponsible policy”
cyber security

Microsoft silent patches called “a grossly irresponsible policy”

15 Jun 2022

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022