Microsoft has announced a major new cybersecurity initiative designed to help the company better respond to the increasing speed, scale and sophistication of today’s cyber-threats.
The Secure Future Initiative has been driven in part by the growing sophistication of state-sponsored actors, in particular the Volt Typhoon campaign targeting US critical infrastructure and the more recent attacks on Microsoft’s cloud services, according to the firm’s president, Brad Smith.
Cyber-hygiene alone won’t cut it against these innovative attacks, which have become more brazen, prolific and diverse – encompassing not just espionage but also sabotage, destruction and influence operations, he added.
These efforts have been matched by a “smaller but more pernicious group” of cybercrime actors, Smith argued.
“This new initiative will bring together every part of Microsoft to advance cybersecurity protection,” he explained.
“It will have three pillars, focused on AI-based cyber defenses, advances in fundamental software engineering, and advocacy for stronger application of international norms to protect civilians from cyber-threats.”
On the AI front, Smith pointed to use of the technology to improve its threat intelligence and analysis, and its Security Copilot tool to drive analyst productivity amidst a growing industry skills shortage.
Advancing Security Engineering
On the engineering side, a separate blog from Microsoft Security EVP, Charlie Bell, explained three key pillars:
- An evolution of the security development lifecycle (SDL) to the dynamic SDL (dSDL), through automated threat modelling, deployment of CodeQL for code analysis in all commercial products, and expanded use of memory safe languages. Bell said this would help build security in at the language level and eliminate “whole classes” of software vulnerability. A second strand will see the firm enabling more secure defaults, such as Azure tenant baseline controls, to reduce configuration management headaches for customers
- Strengthening identity protection against sophisticated attacks, with consistency across all platforms and products. This includes enforcement of standard identity libraries like Microsoft Authentication Library, and moving identity signing keys to an “integrated, hardened Azure HSM and confidential computing infrastructure”
- Enhanced vulnerability response and security updates, with plans to cut the time taken to mitigate cloud vulnerabilities by 50%
Finally, Microsoft will try to combine these AI-driven advances with “stronger application of international norms in cyberspace,” Smith argued. This will mean trying to encourage governments to accept red lines in cyberspace that they will not cross, and committing not to plant vulnerabilities in critical infrastructure networks.
AppOmni researcher, Joseph Thacker, argued the use of AI in threat detection and response and code reviews could be a game-changer.
“By automating and using AI in software development, Microsoft can improve the security of its cloud services and reduce the time it takes to fix vulnerabilities,” he added. “These improvements will directly reduce cyber risks for organizations that use Microsoft’s software and services. As the company represents such a large portion of the digital landscape, this should make a large impact.”