Channeling the Cloud

With Machine Learning, Microsoft Takes Holistic Approach to Security

CEO Satya Nadella's $1 billion security initiative yields fruit with the Azure Security Center, powered by the technology behind Azure Machine Learning.

Microsoft CEO Satya Nadella late last year outlined the company's $1 billion investment in a new, holistic, operations-centric approach to addressing cybersecurity with the formation of its Enterprise Cybersecurity Group (ECG).

Until this point, the Trustworthy Computing Initiative launched in 2002 by co-founder Bill Gates was largely at the center of the Microsoft security universe. That paved the way for the Security Development Lifecycle (SDL) -- the companywide blueprint for how all of Microsoft's software would be architected, built and maintained. Consequently, SDL is baked into the Microsoft delivery model, and new versions of products ranging from SQL Server to Windows are markedly more secure than the last.

Now Nadella is thinking bigger. It's necessary, he said, because of the mounting number and sophistication of attackers, threats that are harder to predict and respond to, and malicious code that frequently lies dormant for months or longer undetected.

At the center of the new Microsoft initiative is the Intelligent Security Graph, an architecture designed to gather trillions of signals coming from billions of sources enabling both Microsoft and its partners to detect and respond to attacks. Based on the Microsoft Azure Machine Learning technologies rolled out last year, Microsoft said the Intelligent Security Graph aims to deliver better endpoint protection and improved deterrence of attacks, while allowing more rapid response when breaches do occur.

The Intelligent Security Graph also makes use of Microsoft's Cyber Defense Operations Center, the 24x7 rapid-response facility in Redmond with direct access to thousands of security professionals, data analysts, engineers, developers and operations specialists both from Microsoft and among partners, customers and government experts.

The key new deliverable is the Azure Security Center, a subscription-based offering that lets customers create and manage security policies. Still in preview, the Azure Security Center features a dashboard that offers monitoring and provides alerts as looming incidents or compromises are detected. Microsoft claims the Azure Security Center can detect and respond to incidents via the Intelligent Security Graph.

Microsoft's threat analytics tools also analyze crash events from virtual machines in Azure and analyze data collected from real-time alerts, letting administrators know when there's evidence of a breach. Machine learning also helps it understand the difference between legitimate traffic patterns and remote access attempts and those that are attacks.

In the initial preview of the Azure Security Center released back in December, organizations could also procure Web applications firewalls (WAFs) and anti-malware software from third-party providers. The first announced partners include Barracuda, Checkpoint, Cisco, CloudFlare, F5, Fortinet, Imperva and Trend Micro. Microsoft is now in the process of letting those partners offer the next phase of solutions: next-generation firewalls. Microsoft has indicated other capabilities in the future.

Most commercial and enterprise customers have ranked security as a key spending priority and the Azure Security Center is poised to offer Microsoft partners a new path to delivering these key services.

More Analysis by Jeffrey Schwartz:

About the Author

Jeffrey Schwartz is editor of Redmond magazine and also covers cloud computing for Virtualization Review's Cloud Report. In addition, he writes the Channeling the Cloud column for Redmond Channel Partner. Follow him on Twitter @JeffreySchwartz.

Featured

  • IBM Giving Orgs a Governance Lifeline in Agentic AI Era

    Nearly overnight, organizations are facing brand-new challenges caused by self-directed AI systems (a.k.a. agentic AI). Big Blue is extending them some help.

  • Microsoft Launches Integrated E-mail Security Ecosystem for Defender for Office 365

    Microsoft is expanding its e-mail security capabilities with the launch of a new Integrated Cloud Email Security (ICES) ecosystem for Microsoft Defender for Office 365.

  • Microsoft Joins Workday's AI Agent Partner Network

    Microsoft has become a key partner in Workday's newly launched AI Agent Partner Network, aligning with other industry leaders to integrate AI agents into enterprise workforce systems.

  • LinkedIn CEO Ryan Roslansky To Lead Microsoft's Productivity Initiatives

    In a strategic leadership realignment, Microsoft has appointed LinkedIn CEO Ryan Roslansky to oversee its consumer and small business productivity software division, encompassing Microsoft 365, Teams and AI-driven tools like Copilot.