Big data is 'giving us an edge over hackers' for the first time, says Microsoft CISO

Massive amounts of network, endpoint, application and identity signals are being used to train machine learning models and improve detection

Access to an ever-swelling pool of data, fuelled by the explosion of cloud service adoption, is giving Microsoft an edge over cyber criminals for the first time, CISO Bret Arsenault has declared.

The sheer scale and diversity of signal data that Microsoft’s security teams have at hand has radically enhanced the company’s response to cyber security threats in recent years, according to Arsenault. This has given his team a relative edge over cyber criminals because they simply don’t have access to the same amount of information.

“This is one of the things where I feel we are, for the first time, advantaged over the bad actors, who don’t generally have the same access to the scale that we are talking about here, and the ability to go do this,” he said during a press briefing. 

“And that is one of the important changes that’s happened as a result of cloud transition and is a key part of Microsoft’s approach to protecting both our own company and our customers writ large.”

The information Microsoft can access has expanded from just network signals to also include endpoint, application, email and identity signals, among other data points. Once amassed, the company then applies internal analysis, including the use of machine learning models, to further enhance overall threat detection and prevention.

The data is gathered from half a trillion email messages, half a trillion forms of authentication, 18 million URLs and telemetry from more than one billion devices Microsoft provides software updates to each month, among other soures. From this data, Arsenault's team can see which malware strains may be slipping through the cracks, and conduct analysis from a global perspective, as well as a sector-by-sector basis.

“The thing that I think advantages us over bad actors is the access to signal,” he continued, “because what you’re basically doing is you’re using and training models on this massive set of signals that allow us to have better detection capabilities.

“That signal isn’t available to everyone, because you have to have access to massive data centres, you have to have access to massive networking, you have to have access to massive mail telemetry, massive application usage telemetry. The cloud providers have that, and the customers who use them have that, but writ large the bad actors don’t have access to that.”

Arsenault also highlighted an example of how the expanded use of data and analytics has resulted in an improvement to threat detection over time. 

Were a customer to receive a suspicious email, his team may have once had to first understand the nature of the email, whether or not it was a phishing attempt, and then manually remove the message if declared unsafe. This was conducted on a customer-by-customer basis.

Now, as soon as such a message is detected in one place, and it’s determined to be nefarious, his team can remove it from every instance across the entire customer base.

He added that while some malicious organisations may have access to elements of the broad signal data, or pieces of the underlying infrastructure required to harness such information, it’s currently incredibly difficult to amass in full as his company has done over time.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Security best practices for PostgreSQL

Securing data with PostgreSQL

Download now

Transform your MSP business into a money-making machine

Benefits and challenges of a recurring revenue model

Download now

The care and feeding of cloud

How to support cloud infrastructure post-migration

Watch now

Recommended

Microsoft Surface Pro 7+ review: More minus than plus
Hardware

Microsoft Surface Pro 7+ review: More minus than plus

9 Apr 2021
How to encrypt files and folders in Windows 10
encryption

How to encrypt files and folders in Windows 10

9 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Evidence suggests REvil behind Harris Federation ransomware attack
ransomware

Evidence suggests REvil behind Harris Federation ransomware attack

9 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Data belonging to 500 million LinkedIn users found for sale on hacker marketplace
hacking

Data belonging to 500 million LinkedIn users found for sale on hacker marketplace

8 Apr 2021
Alienware’s new gaming laptop is a kick in the teeth for Intel’s new CEO
Hardware

Alienware’s new gaming laptop is a kick in the teeth for Intel’s new CEO

8 Apr 2021