Microsoft Using Machine Learning to Strengthen Security

Written by

Microsoft has released the newest version of its Security Intelligence Report which analyzes the threat landscape of exploits and vulnerabilities the industry faced in the second half of 2015.

For the very first time the report, now in its tenth year, includes security data from the Microsoft cloud. 

“We’re pretty excited about this volume because it’s the first one we’ve ever released with data from our cloud services and there are a lot of customers including CISOs and CIOs that are interested in the data we have from our cloud,” Tim Rains, chief security advisor at Microsoft, told Infosecurity.

By implementing their machine learning system capable of processing ten terabytes of data every day, the firm has been able to leverage its widespread cloud data to create an extensive, intelligent security graph to help protect its customers.

“The intelligent security graph is our attempt to collect trillions of signals from billions of data sources so that we can triangulate what the bad guys are doing and where they’re at. The graph allows us to put a great deal of data together, analyze it and make changes to our security posture,” Rains said.

“A lot of enterprises have been trying to evolve their security strategy to prevent attacks or shrink the detection period and response time down as much as possible. So they’re evolving to a protect, detect and respond strategy, instead of just protect and recover.

“So what we’ve been trying to do is accelerate our customers’ adoption of this more holistic security strategy by building our intelligent security graph,” Rains added.

One of the key findings in the report is that the number of systems that encountered malware increased to 20.5%, a rise of 5.5% from the previous six months. Also, the locations with the highest malware rates were Pakistan, Indonesia, the Palestinian territories, Bangladesh and Nepal, which all had hit rates above 50%.

Rains explained that Microsoft has taken a close look at this location data, assessed what types of threats are being found in these regions of the world and tried to ascertain why encounter rates are higher before feeding that information into the intelligent security graph to the benefit of its users. 

What’s more, phishing sites that targeted online services received the largest share of impressions during the period studied and accounted for the largest number of active phishing URLs, with exploit kits accounting for four of the 10 most common exploits.

Additionally, the report highlights that vast amounts of hackers, all operating in various places, are using huge lists of stolen passwords and credentials that have been collected from compromises on third party websites and databases.

“They [hackers] replay those usernames and passwords against all sorts of sites on the internet; against enterprise infrastructure, Microsoft, Google, everybody that’s connected,” said Rains. “The hackers are trying to find places where the user uses the same username and password in multiple places. So by using these stolen/leaked credentials we’ve actually been able to detect and prevent 10 million attacks per day.”

Almost three-quarters of the log-in attempts Microsoft intercepted came from locations that were unfamiliar to the user – places where the valid user had either never logged-in or rarely logged-in themselves.

The process of collecting and examining so much security data and then feeding it into the graph relies heavily on machine learning, and it’s something that cannot physically be done by humans, Rains said.

“The reason we use machine learning is because there’s no way humans can actually aggregate and analyze that much security data, day in and day out, there’s just too much of it.”

Rains noted that another advantage machine learning brings surrounds privacy, as most of the detection and deflection process takes place automatically with little or no human input, which helps to protect the privacy of the companies and individuals involved.

“Then in cases where there has been a more severe comprise and the customer wants our help in doing an investigation or a remediation, that’s when the humans get involved,” he said.

“Machine learning can’t replace humans, but it can certainly augment them and help speed up the process.”

What’s hot on Infosecurity Magazine?