Microsoft CISO: Big data is ‘giving us an edge over hackers’

Get a free Techzine subscription!

The ability to utilize massive resources is giving Microsoft the upper hand in the battle against cybercriminals.

The enormous size and diversity of signal data that Microsoft’s security teams have at their disposal has dramatically improved the company’s response to cyber security threats.

So declared Microsoft CISO Bret Arsenault at a recent press briefing. He then explained that this has given Microsoft a critical edge over cybercriminals because the hackers simply don’t have access to the same amount of information.

“This is one of the things where I feel we are, for the first time, advantaged over the bad actors, who don’t generally have the same access to the scale that we are talking about here, and the ability to go do this,” said Arsenault. “And that is one of the important changes that’s happened as a result of cloud transition and is a key part of Microsoft’s approach to protecting both our own company and our customers writ large.”

Big data is getting bigger and so is Microsoft’s ability to analyze it

The information Microsoft can access has expanded from just network signals to also include endpoint, application, email and identity signals, among other data points. Once amassed, the company then applies internal analysis, including the use of machine learning models, to further enhance overall threat detection and prevention.

“That signal isn’t available to everyone, because you have to have access to massive data centres, you have to have access to massive networking, you have to have access to massive mail telemetry, massive application usage telemetry. The cloud providers have that, and the customers who use them have that, but writ large the bad actors don’t have access to that.”

Leveraging economies of scale for threat elimination

Arsenault also gave an example of how the expanded use of data and analytics has improved threat detection. 

Previously, if a customer were to receive a suspicious email, his team would have once had to first understand the nature of the email, whether or not it was a phishing attempt, and then manually remove the message if declared unsafe. They then carry out this painstaking process on a customer-by-customer basis.

Now, as soon as they detect a dangerous message in one place, his team can quickly remove it from every instance across their entire customer base.

Tip: Cybercrime becomes more sophisticated: ‘we can’t continue like this.’