Channeling the Cloud

With Machine Learning, Microsoft Takes Holistic Approach to Security

CEO Satya Nadella's $1 billion security initiative yields fruit with the Azure Security Center, powered by the technology behind Azure Machine Learning.

• By Jeffrey Schwartz
• March 22, 2016

Microsoft CEO Satya Nadella late last year outlined the company's $1 billion investment in a new, holistic, operations-centric approach to addressing cybersecurity with the formation of its Enterprise Cybersecurity Group (ECG).

Until this point, the Trustworthy Computing Initiative launched in 2002 by co-founder Bill Gates was largely at the center of the Microsoft security universe. That paved the way for the Security Development Lifecycle (SDL) -- the companywide blueprint for how all of Microsoft's software would be architected, built and maintained. Consequently, SDL is baked into the Microsoft delivery model, and new versions of products ranging from SQL Server to Windows are markedly more secure than the last.

Now Nadella is thinking bigger. It's necessary, he said, because of the mounting number and sophistication of attackers, threats that are harder to predict and respond to, and malicious code that frequently lies dormant for months or longer undetected.

At the center of the new Microsoft initiative is the Intelligent Security Graph, an architecture designed to gather trillions of signals coming from billions of sources enabling both Microsoft and its partners to detect and respond to attacks. Based on the Microsoft Azure Machine Learning technologies rolled out last year, Microsoft said the Intelligent Security Graph aims to deliver better endpoint protection and improved deterrence of attacks, while allowing more rapid response when breaches do occur.

The Intelligent Security Graph also makes use of Microsoft's Cyber Defense Operations Center, the 24x7 rapid-response facility in Redmond with direct access to thousands of security professionals, data analysts, engineers, developers and operations specialists both from Microsoft and among partners, customers and government experts.

The key new deliverable is the Azure Security Center, a subscription-based offering that lets customers create and manage security policies. Still in preview, the Azure Security Center features a dashboard that offers monitoring and provides alerts as looming incidents or compromises are detected. Microsoft claims the Azure Security Center can detect and respond to incidents via the Intelligent Security Graph.

Microsoft's threat analytics tools also analyze crash events from virtual machines in Azure and analyze data collected from real-time alerts, letting administrators know when there's evidence of a breach. Machine learning also helps it understand the difference between legitimate traffic patterns and remote access attempts and those that are attacks.

In the initial preview of the Azure Security Center released back in December, organizations could also procure Web applications firewalls (WAFs) and anti-malware software from third-party providers. The first announced partners include Barracuda, Checkpoint, Cisco, CloudFlare, F5, Fortinet, Imperva and Trend Micro. Microsoft is now in the process of letting those partners offer the next phase of solutions: next-generation firewalls. Microsoft has indicated other capabilities in the future.

Most commercial and enterprise customers have ranked security as a key spending priority and the Azure Security Center is poised to offer Microsoft partners a new path to delivering these key services.

More Analysis by Jeffrey Schwartz:

• For Microsoft Partners, Are Box and Dropbox Rivals or Opportunities?
• With CPS, Microsoft Tests Demand for Cloud-in-a-Box
• Archive