Service Provider Cloud

Microsoft Fends Off 1.5M Cloud Attacks a Day

Cloud security, and securing data as it flows from public to private clouds, is big business, and only expected to get bigger as more workloads and apps move to the cloud. Now, Microsoft is showing how complicated cloud security can get within its own infrastructure.

On any given day of the week, Microsoft fights against 1.5 million cyberattacks and security breach attempts that target its cloud infrastructure, according to a new blog post from the company.

To help combat these attacks, Microsoft uses about 3,500 engineers to constantly monitor its infrastructure and its Azure cloud.

Microsoft is pulling back the curtain on its cloud security operation at a time when security is on the top of the list of IT concerns, especially after the Wannacry ransomwear attack took place in early May.

As Curtis Franklin wrote on Security Now, the Wannacry attack served as a wake-up call for IT departments about the importance of patching systems -- Microsoft had to issue security patches during this time -- as well as the complexity of infrastructure where a patch meant to protect one system can damage another. (See WannaCry Continues at a Slowed Pace.)

At the same time, companies of all sizes are spending more on cloud security. In a June 8 blog post, Forrester Research analyst Jennifer Adams estimates that cloud security spending will top $3.5 billion by 2021.

Crossfire security hurricane.  (Source: Tpsdave via Pixabay)
Crossfire security hurricane.
(Source: Tpsdave via Pixabay)

Cloud security remains a small portion of overall security software spending, which totaled $24 billion in 2016 and is expected to grow 10% annually this year and next, according to Forrester. However, the biggest tech vendors are investing more in securing public and private cloud, including Microsoft paying $320 million for Adallom in 2015, and Cisco buying CloudLock for $293 million last year.

In addition to acquiring companies that specialize in cloud security, Microsoft is tapping into new technologies to help sort through the various threats that target its systems.

Part of the reason for revealing stats about its cloud security is for Microsoft to talk about Intelligent Security Graph, which uses machine learning to keep track of 450 billion authentications the company processes each month, along with 400 billion emails scanned for malware and phishing as 1 billion Windows updates.

M&A activity is turning the cloud upside down. Find out what you need to know in our special report: Mergers, Acquisitions & IPOs are Rocking the Cloud.

One of the problems in security is what's called "FPFN" or false positives and false negatives, which can lead security researchers on chases and leave systems unguarded. The machine learning part of Intelligent Security Graph automates some of the scanning of all these systems and data to reduce the odds of chasing after incorrect security reports.

In the blog post, Microsoft's Julia White, the company's corporate vice president for Azure and security, notes that securing data is one of the biggest reasons companies want to move to the cloud, which means Redmond needs to respond to that shift in computing.

"It was only a few years ago when most of my customer conversations started with, 'I can't go to the cloud because of security. It's not possible,' " White wrote. "And now I have people, more often than not, saying, 'I need to go to the cloud because of security.' "

Related posts:

— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.

Scott_Ferguson 6/14/2017 | 12:57:05 PM
Re: That's All? @PhilBritt: Well, I think if you just consider this is against Azure and not the other parts of the Microsoft ecosystem, I think it does make sense. Again, these are the ones that Microsoft picks up, so there could be more that go undetected. That said, I think if you look at all the services Microsoft offers, espeically Windows, you'd see a much higher number. 
Phil_Britt 6/13/2017 | 3:38:11 PM
That's All? The amount of attacks Microsoft fights sounds low. The hackers tend to be more proficient every day, with even people and firms that know better falling for phishing and for spearfishing schemes, let alone other types of malware attacks.
Sign In