Windows 10 security experts share how to stay ahead of the catalysts shaping the cyber landscape

Cybersecurity threats both new and known, from Advanced Persistent Threats (APT), to the Internet of Things (IoT), to the shortage of cyberworkers, threaten us each day. To help protect ourselves and our customers, we mobilize threat intelligence and machine learning, a mindset of “assume breach” and much more. Across the world, countless businesses take part in this same point, counter point every day. This dynamic interplay makes cybersecurity one of the most fast-paced parts of the tech industry.

Microsoft has remained at the leading edge with a track record of security innovation and investment – most notably in Windows 10. In this blog, some of Microsoft’s top cybersecurity experts share some reasons how:

Threat Intelligence

Threat intelligence builds the security analytics that help organizations detect and respond to threats more quickly and effectively.

“Cybersecurity should always be evolving. I’m confident in how Microsoft is addressing critical challenges across the cyber landscape that will emerge in 2017. First, optimizing threat intelligence to quickly identify and respond to the highest priority IOC’s and IOA’s. Our unique insights into the threat landscape create an intelligent security graph that protects endpoints, better detects attacks, and accelerates response for our customers. Second, optimization and automation across security technologies and processes help mitigate the increasing cybersecurity talent shortage. IoT devices are the new ‘DDoS Trojan Horse.’ Machine learning will be leveraged to stop cyber-attacks, from vulnerabilities in employee’s mobile phones to IoT devices to further protect companies from harm. Third, the reduction of the overall number of security vendors and technologies will bring an increased focus on integration and cross platform threat sharing that’s found in our Advanced Threat Analytics to alert suspicious user behavior, Azure Security Center let customers know when virtual machine exceptions and events are caused by malware, and Windows Defender Advanced Threat Protection to provide trend alerts across endpoints that indicate an active attack in an organization.” – Ann Johnson, VP, Worldwide Cybersecurity


A growing trend Microsoft security experts see is attackers copying the tactics and exploits of APTs into common malware. This makes the common malware more difficult to track and defend against.

“The op-sec playbook of the APT is trickling down to broad spectrum malware families to preserve the stealth and effectiveness of their campaigns. Popular malware families encrypt themselves with strong passwords to avoid introspection at rest and social engineer users into decrypting and running them. They host payloads on whitelisted sites such as popular file sharing services and download their payloads over the provider’s SSL. They are hiding more in the application layer. We will see the tech industry respond by making the necessary adjustments to inspect within the encryption and application layers, much like we are, with our security products.” – John Lambert, @JohnLaTwC, Partner Director, Microsoft Threat Intelligence

“ATP (Advanced Threat Protection) is critical for our customers, along with increasing the cloud intelligence of Windows Defender. A key advantage to Windows 10 is that we are constantly updating it with innovative exploit mitigations and multiple layers of defense in depth technology for all users. I also see Disaster Recovery and Security Operations becoming further entwined due to the increasingly destructive nature of nation-state cyberwarfare and attacks enabling extortion, like Ransomware. Lucrative cybercrime will become more mature: efficient, targeted and innovative. Attackers will get better at automating discovery of monetary opportunity and leveraging that to drive fewer, yet more devastating attacks.” – Eric Douglas, Director of Security Research

Microsoft security researchers also see a continuing trend of businesses getting caught up in ransomware attacks.

“Our research into prevalent ransomware families reveals that delivery campaigns can typically stretch for days or even weeks, all the while employing similar files and techniques. As long as enterprises can quickly investigate the first cases of infection or ‘patient zero’, they can often effectively stop ransomware epidemics. With Windows Defender Advanced Threat Protection (Windows Defender ATP), enterprises can quickly identify and investigate these initial cases, and then use captured artifact information to proactively protect the broader network.” – Tommy Blizard, Windows Defender ATP Research Team

Elimination of Traditional Passwords

Examining the societal and individual impacts on the spread of intelligent technologies to formulate best practices for secure design, is taking on new directions. Layers of connected devices, from phones, to refrigerators, provide new advantages for customers to enhance their security through personalization.

“While threat intelligence systems continue to decrease the time it takes to detect threats, we expect to see an increase in attacks, malware, and identity theft in 2017. In response, we expect to see customers increasingly considering application control solutions like Device Guard as one of their best defenses against malware. For identity we expect to see aggressive moves to Fast IDentity Online (FIDO) solutions like Windows Hello that can transition users to strong password-less authentication. Mobile and IoT (Internet of Things) will be at the forefront of discussion as there are literally billions of devices running platforms that weren’t designed or configured to be secure. This will ultimately increase the demand for Microsoft security solutions like the Windows 10 platform and other Microsoft products that are designed to take advantage of the Intelligent Security Graph which can help those products better protect organizations from new and emerging threats.” – Chris Hallum, Windows and Devices Group

Cybersecurity Workforce and New Operational Mindset

Globally, the shortfall of cybersecurity professionals is expected to reach 1.5 million by 2020, according to data published by the National Institute of Standards and Technology. This means that businesses must innovate and alter their mindset to maximize the efficiency and effectiveness of their existing cybersecurity teams.

“Engineers who are security minded, have solid talent and real experience are getting harder and harder to find. Not to mention, there is fierce competition between companies as this talent pool shrinks. The bad guys can recruit top talent with lucrative offers so it’s critical we attract the best to defend and combat against potential threats. To stay ahead, industry must think beyond the traditional role and definition of their security teams. The challenge for the industry will be where they seek out and source the best people for these teams.” – David Weston, Research & Development

“The security community has been adapting and embracing a new mindset of “assume breach.” When these conversations first started, much of the focus was on architecture and designing networks that would minimize lateral movement when malicious attackers were successful. Within Microsoft and several other companies, network security teams have shifted from a “detect and react” strategy to one where a team assumes attackers are in the network and actively hunts for them, looking for traces of anomalous activity that might indicate a breach. I think we’ll see a lot of “how to recruit and build an effective Hunter Team” type sessions at security conferences this year, along with an increase in blogs and articles along those lines. Ultimately, I think many more IT departments will be deploying Hunter Teams this year, to the point that by next year this will be close to a baseline expectation for operational security.” – Jeff Jones, Director, Issues Management

“Under an assume breach mindset, organizations need to actively hunt for and detect the adversary, in order to, contain the threat and minimize impact to the organization, before public damage is done. Smart teams along with cloud-level machine learning and automation will be necessary to protect and detect at scale for on premises, hybrid, and cloud environments. Incident response teams will also understand that detecting failed escalation attempts aren’t indeed false positives but a sign of the adversary actively moving in the environment and will conduct the appropriate response investigation.” – Hayden Hainsworth, @hhainsworth, Customer & Partner Experience Program Leader, Cybersecurity Engineering

Microsoft is doing more to help businesses secure their environment, and help people protect their own digital security, than any other company in the world. Our unique insights into the threat landscape are shaping security and guiding organizations in optimizing their security action plans to address their most severe threats. In the coming months, we will share more about Windows expertise in staying ahead of emerging risks through AI, Machine Learning, and other important innovations that address the threats associated with cybersecurity trends.