Microsoft is organizing its counter-offensive to make its Cloud service impenetrable by employing AI and automation as the first line of defense.
Azure, Microsoft’s cloud service, has suffered several large-scale cyberattacks in the past, and not the least. In August 2021, a 2.4 Tbps DDoS offensive shook the American giant’s servers. In January 2022, an attack of the same type even rose to 3.47 Tbps. Frequent and increasingly powerful attacks which led the firm to establish a new defense plan. Called “Secure Future Initiative” (SFI), this aims to overhaul the development, testing and operation of its various service software.
AI for security
Integrating artificial intelligence and automation into the software development process are the main foundations of the SFI plan. Thanks to CodeQL technology on the GitHub site, Microsoft intends to accelerate the code analysis process and intensify automatic security checks. The idea is to be able to intercept any vulnerability or risk “ at the speed and scale of AI “.
Charlie Bell, head of security at Microsoft, expresses the company’s ambition to reduce latency in resolving Cloud vulnerabilities using these new tools: “ We plan to cut the time it takes to resolve these vulnerability issues in half. We are able to achieve this through our investments (…)”. A more than imperative measure, knowing that the firm has regularly been under fire from critics for its management deemed ” careless » of Azure security.
Towards an unshakeable infrastructure?
A strengthening that goes beyond software development procedures, since Microsoft will also solidify the platforms that protect its encryption keys. This would not be a bad thing, and would prevent new hackers from exploiting a cloud flaw as was the case this summer, where Chinese hackers managed to reach high-ranking members of the American government.
To do this, the default security settings of these platforms will be reinforced, including the systematic activation of multi-factor authentication (MFA) whenever a new customer uses Microsoft services. Microsoft Vice President Brad Smith calls for collective responsibility and says there is an urgent need to “ recognize cloud services as critical infrastructure, which must be protected from attacks in accordance with international law “.
Microsoft’s SFI is obviously synonymous with awareness of the importance of cybersecurity for services as sensitive as Azure, but it goes beyond that. There is certainly a political will on the part of the company to assert itself as an architect of global IT security.
Source : The Verge
1