Cyber attacks targeting cloud services are accelerating at an increasing speed, according to Microsoft.
The company has seen a 300% increase in the number of attacks happening around the world in the last year, according to Anderson.
“We have this unique perspective because we operate these 200 global services for both consumer and enterprise so we have a unique view on these things as they happen,” he said.
It’s not only the number of attacks, but the sophistication of the attacks has increased too. According to Anderson, the most sophisticated ones he has seen are from nation states.
“The rate at which the attacks are happening, the sophistication of the attacks and the rate they spread once they get inside an organisation – its gone past the point where human capacity can take it themselves,” he said. “You have to have something like a cloud, or multiple clouds, backing you up.”
As enterprises move to new cloud services, the traditional perimeter-based security model previously used to build a network wall around the company becomes worthless. This is because, according to Anderson, the data is located outside that perimeter now.
“In the past, when all the data is behind the firewall you could have a degree of protection there because somebody had to figure out how to punch through the firewall to get to your data. The data is in the cloud now, and so that perimeter-based security model is no longer helpful because the data no longer passes through the perimeter anymore,” Anderson added.
For Anderson, identity has become the new perimeter in a world of cloud services and mobile devices. “Your identity is the only thing that is common across all the services that your users are getting access to. And all these attacks you read about, 80% trace back to compromised user accounts. Identity is the most important thing for you to protect, period,” he said.
Microsoft has been building an ‘intelligence security graph’. This collates all the data across the company, from all of the services, and brings it together in one place. It brings in 10 TB of data a day and then applies the power of the cloud, machine learning and AI, Anderson added.
Furthermore, Microsoft applies risk scores to every single user’s account, which is either low, medium or high. “We move that risk score up and down based on how that identity is being used. That now enables IT to express a policy that expresses the risk they are willing to take,” explained Anderson.
He gave the example that if Microsoft says a user is scored at medium risk, an enterprise could create a policy where the user is not allowed to access the system until they pass the second factor of authentication.
Additionally, Microsoft is constantly tuning the algorithms, sometimes updating it 10 or 12 times a day, as it learns about new attacks.
I’m an Entrepreneur, Freelance Security Consultant, Bug Hunter having years of experience with a deep interest in InfoSec Industry. I love to speak and write about web and mobile application pen-testing, bug bounty. You can reach me at