Skip to main content

Microsoft CISO: Security teams are better equipped than ever before

(Image credit: Shutterstock / Zeeker2526)

Cybercriminals no longer have the upper hand over security professionals, according to Microsoft CISO Bret Arsenault, who attributes the shift in power dynamic to the rise of cloud-based services and platforms.

Speaking to media, Arsenault discussed Microsoft’s approach to protecting both itself and its customers against an ever-evolving arsenal of threats - particularly in light of the remote working boom.

According to Arsenault, the ability to shield customers and staff effectively comes down to the capacity to feed security systems with the greatest quantity and most diverse range of information - something that would not have been possible before the rise of cloud services and AI.

“One of the largest shifts in the security landscape is the migration to cloud services, which gives us amazing opportunity and telemetry,” he explained.

“Training models on a massive set of signals gives us better detection facilities. Bad actors do not have this kind of access - and security teams are therefore not as disadvantaged as they once were.”

Microsoft security

Today, Microsoft receives telemetry from an enviable variety of different sources, be that email services, documents, browsing activity, identity data and more.

The company also updates over a billion Windows PCs per month as part of its regular update program, which also yields a wealth of data that can be channelled towards security efforts.

This range of signal sources, according to Arsenault, is the firm’s primary ammunition against the efforts of cybercriminals.

“In the past, we’d count on network signal [to inform our approach to security], but now you need diversity of signal for ample protection,” he said.

“All of this scale gives you great opportunity for statistically significant findings. But more important than scale is diversity of scale - network signal, endpoint signal, identity signal, application signal etc.”

“The aggregate value of these diverse signals gives us an unprecedented ability to protect [against attack].”

Arsenault also touted the importance of a zero trust mindset, especially in a post-coronavirus context in which a significant proportion of employees remain remote.

A zero trust model dictates that any entity attempting to gain access to the corporate network must first be verified - unlike in traditional network scenarios, in which any individual present on company premises could gain access to corporate assets.

“The control plane for security was once the network, but today we believe the control plane has shifted to identity. That’s the most important change that has happened as part of the client to cloud transition,” asserted Arsenault.

“Being on a corporate boundary shouldn’t impact the security footprint. In today’s global environment, with many people working remotely, identity is a much more scalable way than a network to provide a secure working environment.”

For Microsoft, then, a strong cybersecurity posture in today’s landscape boils down to three key elements:

  • Strong identity management, ensuring a person is who they say they are
  • Telemetry analysis to help augment security policies
  • Monitoring device health to patch any chinks in the endpoint security armor