Microsoft's Cloud is attacked 1.5 million times every day

Posted Jun 8, 2017 by James Walker
Microsoft has revealed its automated cloud protection mechanisms foil over 1.5 million attacks on its online services every day. The service-centric company has robust systems that help to keep user data on products like Office 365 and Outlook secure.
Satya Nadella  CEO of Microsoft.
Satya Nadella, CEO of Microsoft.
Josh Edelson, AFP/File
The notable statistic was published inside a detailed article on Microsoft's cloud security technology. In the article, the company explains how it safeguards and secures its servers against digital threats.
Its threat protection system is based on a "security graph" concept that is capable of making sense of the millions of data points created each day. This allows different attacks to be linked together, even if they appear to be completely different on paper. Microsoft explained that the graph could alert it to a link between an email phishing campaign operating in Nigeria and a denial-of-service attack in Eastern Europe.
The company said its systems face an unauthorised access attempt 1.5 million times per day, or 13 times every second. Because Microsoft's all-encompassing cloud stores data on billions of users across dozens of services, it's a highly attractive target for hackers. Because the system is so complex, cybercriminals try to find a way in through a vulnerability in one service that lets them access all the others.
Microsoft said that cloud security is a constantly evolving topic that's only becoming more important. The cloud is becoming a gigantic industry in its own right and more customers are trusting their data to servers they don't control. This places huge responsibilities on operators like Microsoft. The company said its systems are constantly evolving though, a change that has been borne out in the shifting attitudes of its customers.
"It was only a few years ago when most of my customer conversations started with, 'I can’t go to the cloud because of security. It’s not possible,'" said Julia White, Microsoft’s corporate vice president for Azure and security. "And now I have people, more often than not, saying, 'I need to go to the cloud because of security.'"
Microsoft invests over $1 billion each year in technologies to strengthen the security around its cloud. It has 3,500 permanently assigned engineers that oversee the systems. Every second, the Intelligent Security Graph is expanded with "hundreds of gigabytes" of threat data compiled from telemetry from Windows machines and Microsoft services worldwide.
The Security Graph is based on machine learning systems that are capable of "learning" from the billions of data points added each day. The neural networks continually monitor for new signs of attack. If one appears, it will perform an initial vetting procedure before passing it to human controllers to ensure it's not a false positive.
The Graph's built-in vetting checks help to dramatically cut down the number of false positive hits that are registered. This allows Microsoft to dedicate its human resources to developing patches for problems instead of identifying "needle in the haystack" attacks. The company said false positives are "one of the biggest drains" in the security industry.
"If you get 1,000 alerts, and 999 are false positives but one of them is a real breach, it's the job of the humans to go figure out which one's real. And that takes time and it takes judgment," Mark Russinovich, chief technology officer at Microsoft Azure, said. "A lot of times, when you're that overwhelmed, you're not looking closely at each one and can miss that one, that breach."
Perhaps inevitably, Microsoft said the most common form of attack remains one of the oldest in the book: using a stolen password to obtain access. In many cases, attackers breach accounts because users are relying on a weak or commonly used password. Social engineering tactics designed to convince people into giving up their password are also on the rise.
Microsoft said the best way to defend against this kind of attack is to enforce two-factor authentication methods and adopt biometric techniques. These include fingerprint and facial recognition technologies that can replace a regular password, preventing attackers obtaining access using the Internet alone.