What CISOs should do differently to defend against attackers using Machine Learning [10:16]

New podcast hosted by Edgile expert Brad Smith, where we discuss the one trait shared by today’s attackers and enterprise CISOs: both are leveraging AI’s Machine Learning (ML) to either attack better or defend better. Both sides are collecting as much information and telemetry as they possibly can and then aggregating it in such volume that they can derive patterns of vulnerability.

Today’s attackers and enterprise CISOs share one trait: both are leveraging AI’s Machine Learning (ML) to either attack better or defend better. Both sides are collecting as much information and telemetry as they possibly can and then aggregating it in such volume that they can derive patterns of vulnerability.

This doesn’t merely mean getting better tools. Sometimes, it’s merely a matter of looking at existing tools differently and then leveraging them better. One good example is how Microsoft came up with Azure Sentinel.

It started when Microsoft started to aggressively embrace the cloud in a wide range of ways. Its challenge: How will it defend one of the single largest global infrastructures that has ever been created by mankind, namely the Microsoft global network and all of the data centers that it hosts in almost every country in the world. With that infrastructure, Microsoft had to develop tooling to be able to consolidate a massive volume of information and to able to extract patterns for operationalization and security from that data, with enough velocity to be able to act on it. 

The tooling that ended up being created for their own operations and security teams became a product known as Azure Sentinel. It didn’t start out as product development. Microsoft is an organization that is fundamentally sharing liability with their customers around trying to defend the data systems and information systems that are critical to businesses, economies and governments globally. 

Microsoft is using those same set of innovations and tool developments and then offering them back to the customers as part of tools like Azure Sentinel to be able to deliver that large-scale data aggregation. It’s not a SIEM. More precisely, it’s a lot more than a SIEM. It’s technically sold as a SIEM and messaged to the market as a SIEM product. It obviously can function as a SIEM, but that’s just one use-case. It’s a massive telemetry data lake that allows you to pull that information together, to be able to retain it for as long as you possibly can in order to ensure that that which is being recorded in the telemetry, that which is being aggregated over time, that which is so critical to being able to do that pattern detection that drives machine learning drives, is available and that you can extract that signal from the noise.

A lot of the focus we have with our clients is lead by our experience with the tooling and our broader perspective on what one can do with Azure Sentinel.