Cybercrime is a constantly evolving and ever-increasing challenge for all organizations. The combination of expanded access to the Internet, the explosive increase in connected devices, and the rapid expansion of innovative cloud-based services is creating tremendous economic and social opportunity for consumers, governments, and businesses. Unfortunately, it has also opened new avenues of attack for cybercriminals and other malicious actors.
Like all technical advances, the storage of data and applications in the cloud has attracted an entire criminal ecosystem, from individual hackers to highly organized groups that aim to take down entire networks. Cybercriminals, motivated by everything from profit to political gain, use the Internet to disrupt business activities and access sensitive personal and financial data. Because most companies rely on a third party to administer their cloud services, it's critical that companies that provide cloud services, like Microsoft, are committed to, and capable of, fighting cybercrime.
Unfortunately, cybercrime is not purely a technical problem—nor will it ever “go away.” Cloud service providers must continuously fight cybercrime at multiple levels using teams of specialists, from IT security experts to policy advocates. It takes a concerted effort as well as deep financial and operational investment to truly understand cybercrime and effectively fight it.
Microsoft knows that security and privacy are intrinsically connected—the data you entrust to Microsoft cloud services must be kept private. We work diligently to help protect your data from unauthorized access—both internally and externally. Microsoft has made significant investments in the security of its platform, which, when combined with high levels of security-intelligence and strategic partnerships, helps keep our cloud-based products and services more secure.
Dedicated cybersecurity teams
Microsoft has invested in multiple cybersecurity teams and related facilities to address threats to our customers and our technology ecosystem.
The Microsoft Digital Crimes Unit (DCU) mission is to provide a safer digital experience for individuals and organizations worldwide by helping to protect vulnerable populations, fight malware, and reduce digital risk.
More than a million people per day are victims of cybercrime. Learn how the Microsoft Digital Crimes Unit is helping them fight back.
The Microsoft Enterprise Cybersecurity Group is a team of world-class architects, consultants, and engineers that works with organizations to help move them to the cloud more securely, modernize their IT platforms, and avoid and mitigate breaches.
The Microsoft Cyber Defense Operations Center is a state-of-the-art facility that brings together security response experts from across the company to help protect, detect, and respond to cyberthreats in real-time—all day, every day.
The Microsoft Cybersecurity Policy Team partners with governments and policymakers around the world, blending technical acumen with legal and policy expertise. By identifying strategic issues, assessing the impacts of policies and regulations, leading by example, and driving groundbreaking research, the Cybersecurity Policy team helps promote a more secure online environment.
The emerging era of cyber defense and cybercrime
Pete Boden, General Manager of Cloud and Enterprise Security, and Richard Boscovich, Senior Attorney at the Digital Crimes Unit discuss how Microsoft helps keep customers and data safe from cybercrime.
Microsoft believes that security doesn’t end in the public cloud. Security needs to be engineered into a system end to end, from the public cloud all the way to the desktop. From the very beginning, we architected our cloud services platform with multiple levels of security that are virtually and physically isolated. Your data is protected by hardened operating systems and backed by a defense-in-depth strategy that helps protect our cloud services.
In addition, we have continuous, proactive, and reactive threat monitoring and analytics. We also encrypt customer data at rest and in transit, and encrypt customer data that passes between our datacenters. Every datacenter is constructed, managed, and monitored to protect data from unauthorized access. We also do not engineer backdoors into our services.
We provide secure communications between your infrastructure and our cloud services and block unauthorized traffic.
Specific platform security features include:
- SQL Always Encrypted gives you the tools to encrypt sensitive data, such as credit card numbers and national identification numbers, and stored it in Azure SQL Database or SQL Server databases. SQL Always Encrypted creates data separation between those who own the data (authorized users) and those who manage the data (cloud database operators or administrators).
- Multi-factor authentication and Credential Guard technology is built into Windows 10 to help you go beyond passwords and move to more secure forms of authentication, such as PINs and biometrics, using the security capabilities already built into your Windows devices. These technologies help organizations defend against identity compromise and pass-the-hash attacks.
High levels of security-intelligence
Our platform and services offer an exceptional depth of security-intelligence that we use to help our customers detect threats and respond to them more quickly. The depth of our security-intelligence comes from running multiple large services at a global scale:
- 60 million monthly active Office 365 commercial customers, with 50,000 small business customers added each month
- 49 million Xbox Live monthly active users
- 10 million paid seats for Dynamics 365
- Over 400 million active Outlook users
- Azure runs on a worldwide network of Microsoft-managed datacenters across 30 regions—more countries and regions than Amazon Web Services and Google Cloud combined.
Because we handle both consumer and commercial customers at such a large scale, we have a unique perspective on what's happening in the public cloud. We use the expertise we have gained to identify attack vectors and define the best ways to respond to them. We also use machine learning and behavioral analytics to look for malicious characteristics, such as executable code or requests for elevated privileges. We build threat intelligence technology into the core of our products to help secure our customers’ data. Additionally, we use the insights we gain to drive innovation in cybersecurity—to proactively develop new technologies and practices to help us secure our cloud services.
Strength through partnerships
Microsoft recognizes that no single company can fight cybercrime, even with the highest levels of security-intelligence, rigorous engineering, and corporate investment in security measures. Instead, Microsoft actively fosters partnerships with other organizations in our industry—to share insights and fight cybercrime and online threats together.
Microsoft shares vulnerability information with more than 50 security software partners, which helps us get protection out to businesses and consumers faster. We also collaborate with other technology companies to help prevent, and find solutions to, major global threats.
Microsoft publishes a Security Intelligence Report every six months. The report provides an in-depth perspective on software vulnerabilities and exploits, malware, and malicious websites. The report includes a regional threat map that provides insight on rates of encounters and computers cleaned.
The Microsoft DCU is an international legal and technical team working with partners to help create a safer digital world. The DCU partners with cybercrime experts across industries to fight a full range of cyber threats, including malicious software crimes, IP crimes, and technology-facilitated child exploitation.
We also partner with a diverse range of the world’s leading security experts to drive innovation in security technology and practices. From our investments in new technologies to advocacy work with lawmakers, Microsoft actively drives innovation through direct research and development as well as sponsorship programs, including:
- Microsoft Bounty Program encourages hackers and researchers to report vulnerabilities and exploitation techniques in exchange for cash prizes.
- In cooperation with Dartmouth College, Microsoft created and donated PhotoDNA technology to the National Center for Missing & Exploited Children to help address the illegal distribution of graphic child pornography online.
Anatomy of a breach
Cybercrime is relentless. Understanding the anatomy of a breach, and how people infiltrate enterprise network defenses, can help you identify potential threats and better protect yourself and your company.
Most breaches go through similar stages:
- Stage one: The initial foothold. A spam email or a vulnerability can open the door for malicious hackers to gain a foothold in your organization.
- Stage two: Local escalation. Once they’re in, they’ll look for a higher level of access or administrator rights to escalate and widen their influence.
- Stage three: Network escalation. They gain access to high value credentials. Now, they reuse those across the environment to access to what they’re looking for.
- Stage four: Persistence. They settle in for the long haul, commonly installing a permanent backdoor for long-term, repeat access to your systems.