Microsoft Using Big Data to Disrupt Big Cybercrime
Cybersecurity is a CEO-level issue, stated David Finn, executive director of Microsoft Digital Crimes Unit, during his closing day keynote of the 2015 Microsoft Convergence Conference.
Prioritizing cybersecurity is essential at a time when the stakes are so high, he continued, with threats to the value of an organization’s brand and reputation and the potential to lose customers and intellectual property. Currently, the median number of days before an organization even knows it has been compromised is 243.
While there is no silver bullet to end cybercrime, which Finn explained come in the two forms of either malware or technology-facilitated attacks of vulnerable people, Microsoft has “made tremendous progress over the last year” in combatting threats.
The company’s cybercrime center has done this by marrying big data to visualization. This combination recently led to a “eureka moment” after Microsoft worked with the FBI to launch an assault on one of the world’s biggest cybercrime rings, which stole more than $500 million from bank accounts over 18 months, Finn said.
Using the Microsoft Azure cloud and the big data capabilities of Office 365 tool Power BI, Microsoft significantly grew its cyberthreat intelligence. Until recently, the company could not visualize threats until 36 to 48 hours after the crime. Now, their global visualization capabilities enable them to drill down into these threats, city-by-city, with a database of 70 million IP addresses that gets 500 million pings per day.
“We are doing so much more now because we’re taking these capabilities to cloud,” Finn said. “We’re running our cybercrime program on the cloud.”
This near-real-time visualization of event hubs, which Finn demonstrated on stage, tells the digital crimes unit which cities have the most infections so they, in partnership with law enforcement, can prioritize their actions. Microsoft also recently teamed up with the Office for Creative Research to build a new visualization model of the biggest cyberthreats: botnets and malware, which build drone armies that have the potential to attack thousands and hundreds of thousands of people.
Microsoft and the OCR are currently experimenting with audification, adding sounds to the equation of visualization and data in hope of increasing their level of threat intelligence. Finn also demonstrated these botnet noises, which sounded like they could easily compose a science fiction or even horror film.
On an organizational level, Microsoft’s database of 70 million IP addresses is being leveraged in its Azure Active Directory Premium offering. Through a consul in the directory, IT administrators can track company log-ins and check them against that store of suspicious addresses.
Finn also urged Convergence attendees to take advantage of the new cybercrime satellite offices Microsoft opened in Beijing, Berlin, Singapore, Tokyo and Washington, D.C. These join the Redmond, Wash., headquarters in offering cybersecurity information and assistance to organizations.
Organizations can protect themselves today by starting with basic computer hygiene, Finn explained. Everyone should be working on updated software with updated security controls, he advised, with employees trained on those protocols. Additionally, organizations need to have a plan ready in the case of a crisis, should think about going to the cloud, and need to maintain a high level of awareness.
As dire as these threats remain, Finn did highlight the big strides made by both Microsoft and the government in greater cybercrime awareness and intelligence.
The fact that, at the recent White House Summit on Cybersecurity and Consumer Protection, President Obama even used the word “botnet” in his speech was deemed “significant” by Finn.