As a company that has been synonymous with IT in both a consumer and enterprise context for a long time, Microsoft has always had to be engaged in security.
But a range of developments has changed the world of security so much that Microsoft’s role within it has had to develop as well.
So what can Microsoft offer in the cyber security field and what role does it want to fulfil within the new ecosystem: one that is not necessarily exclusively using Microsoft’s technology and one that does not simply use the traditional desktop or laptop setup?
According to Tim Rains, Chief Security Advisor at Microsoft, the company’s goal is simple: it is "just trying to protect [its] customers."
"Our strategy is to build that secure platform and inform the security of that platform with threat intelligence," he tells CBR.
Last year, CEO Satya Nadella outlined one of the main areas of Microsoft’s strategy: building a platform across on-premise and cloud environments with security and privacy in mind.
What has changed in the heterogeneous environment is that Microsoft’s customers will now usually be customers of other companies as well.
Content from our partners
"There is all sorts of technology being used in the organisations so no one company can protect anybody from all of that," says Rains.
This is why Microsoft’s approach requires what Rains calls a "rich ecosystem of partners" to work with on protecting all of the different technology.
He adds that this will become even more important as the Internet of Things arrives in the workplace:
"Instead of five or ten technology companies you could have thousands or tens of thousands developing IoT devices."
While Microsoft’s strategy is not unusual, the tools that it has at its disposal to achieve it are.
The threat intelligence, which Rains mentions, is key, but more important than the intelligence itself are the tools which Microsoft can bring to bear on it.
Stuart Aston, National Security Officer at Microsoft UK RE, explains: "Everybody has some intelligence but the thing that we have is massive scale and the ability to bring that intelligence together and bring actionable activity out of it.
"We see the enterprise and the consumer and can therefore pull together data from both of those sources as well as the internet and our own online services to protect our customers."
It is Microsoft’s wide portfolio across a range of technologies that allows it to amass data on such a large scale.
This is what Rains refers to as the Intelligence security graph, which is fed data from all kinds of sources.
This includes data from systems running antivirus software, PCs running Internet Explorer or Microsoft Edge with Smart Scan. The email programme Outlook is used to scan emails for threats.
In addition, Microsoft’s search engine Bing is used to trawl the web for drive-by download and phishing pages. Microsoft then uses machine learning to look at this traffic.
This means that the company receives "a lot of signal", according to Aston.
"It’s really important to realise that you need to remove the noise from that signal and make the intelligence actionable."
Microsoft has bolstered this portfolio with several acquisitions, two of which Rains highlights as particularly pertinent to the strategy: Addallom and Aorato, acquired in September 2015 and November 2014 respectively.
Adallom, an Israeli company founded in 2012, is a cloud access security broker working with popular cloud applications such as Salesforce, Box, Dropbox, ServiceNow, Ariba and Microsoft’s own Office 365.
It provides customers with visibility and control over application access as well as critical company data stored across cloud services.
"It helps people understand what cloud apps are in use in their enterprise, how much data is flowing in and out, the authentication traffic," explains Rains. "It helps you manage all of that traffic for thousands of cloud apps."
The Microsoft version of the product came out two weeks ago, called Microsoft Cloud App security.
Meanwhile, Aorato’s technology uses machine learning to detect suspicious activity on a company network. It is able to understand normal behaviour is and identify anomalies, allowing companies to see suspicious behaviour and take measures accordingly.
The Microsoft version is called Advanced Threat Analytics.
"You can see a theme: we’re investing heavily in detection because our customers are moving to more of a holistic security strategy: a detect, protect, respond strategy," says Rains.
"We’re trying to help them do that by making investments in detection and response and of course we have a lot of investment in detection as well."
Most players in cyber security bring something unique to the field, such as a new capability or approach. For Microsoft, the breadth of capabilities it can bring to bear seems to be the key.
