Security Unlocked

View Mike Macelletti on LinkedIn

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Hosted on Acast. See acast.com/privacy for more information.

Securing Redirections with Mike Macelletti

Wed, 25 Jun 2025 07:05:00 GMT

In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Mike Macelletti from Microsoft’s MSRC Vulnerabilities and Mitigations team to explore Redirection Guard, a powerful mitigation designed to tackle a long-standing class of file path redirection vulnerabilities in Windows. Mike shares how his interest in security began, the journey behind developing Redirection Guard, and how it's helping reduce a once-common bug class across Microsoft products. He also explains how the feature works, why it's impactful, and what developers can do to adopt it. Plus, a few fun detours into Solitaire hacking, skiing, and protein powder.

In This Episode You Will Learn:

What Redirection Guard is and how it helps prevent file system vulnerabilities
How Microsoft identifies and addresses common bug classes across their ecosystem
Why some vulnerabilities still slip past Redirection Guard and what’s out of scope

Some Questions We Ask:

What is a junction and how is it different from other redirects?
How does Redirection Guard decide which shortcuts to block?
Are there vulnerabilities Redirection Guard doesn’t cover?

Resources:

View Ram Shankar Siva Kumar on LinkedIn

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Hosted on Acast. See acast.com/privacy for more information.

Ignore Ram Shankar Siva Kumar’s Previous Directions

Wed, 11 Jun 2025 07:05:00 GMT

In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone share Ram Shankar Siva Kumar’s dynamic keynote from BlueHat India 2025, where he explores the evolving threat landscape of AI through the lens of the Microsoft AI Red Team. From adversarial machine learning to psychosocial harms and persuasive AI, Ram highlights real-world case studies, including prompt injection, content safety violations, and memory poisoning in AI agents. Ram underscores the urgent need for robust red teaming practices to secure AI systems against traditional security flaws and emerging threats across images, text, audio, and autonomous agents.

In This Episode You Will Learn:

Why old-school security flaws still break modern AI systems
Real-world AI red teaming in action, from scams to memory hacks
How small input tweaks can fool AI across images, audio, and text

Some Questions We Ask:

Can attackers fool AI using just slight image changes?
Are generative AI systems vulnerable to prompt manipulation?
Do you need to be an expert to break an AI model?

Resources:

View David Weston on LinkedIn

Watch Ram’s BlueHat India 2025 Keynote: BlueHat India 2025 Day 2 Keynote - Ram Shankar Siva Kumar

Listen to Ram’s Previous Appearance on The BlueHat Podcast: Not with a Bug but with a Sticker

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Hosted on Acast. See acast.com/privacy for more information.

Protecting AI at the Edge with David Weston

Wed, 28 May 2025 07:05:00 GMT

In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone share David Weston’s keynote from BlueHat India 2025. David explores the growing role of on-device AI in Windows, the security risks it introduces, and how Microsoft is rethinking architecture to defend against new threats like model tampering, data exfiltration, and AI-powered malware. He also shares insights on innovations like Windows Recall, biometric protection, and the future of secure, agentic operating systems.

In This Episode You Will Learn:

How AI integration in Windows (like Windows Recall and MS Paint) is evolving
Emerging threats from protocols like MCP and CUAs
What a “confused deputy” attack is, and how Microsoft is protecting users

Some Questions We Ask:

What are the biggest security threats in on-device AI—data, model, or runtime?
Can AI be used to accelerate post-compromise attacks?
What will it take to bring Azure-level confidential computing to the consumer device?

Resources:

View Felix Boulet on LinkedIn

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Hosted on Acast. See acast.com/privacy for more information.

Hacking at the Weeds with Felix Boulet

Wed, 14 May 2025 10:05:00 GMT

In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Felix Boulet fresh off his participation in Zero Day Quest. Felix talks about his unique journey from industrial maintenance to becoming a full-time vulnerability researcher, and how that background fuels his passion for hacking and bug bounty work. He explains his method for finding bugs in Microsoft products—particularly in identity systems—and why identity is such a valuable target for attackers. Felix also shares highlights from the Zero Day Quest event, where he focused on building connections, learning from Microsoft engineers, and experiencing the collaborative side of the security community.

In This Episode You Will Learn:

Why identity-based bugs are especially valuable and dangerous in the security world
When breaking identity controls can be the key to pivoting through an entire system
How SharePoint's concept of "virtual files" impacts vulnerability validation

Some Questions We Ask:

What was your first bug bounty experience?
Can you explain what the flash challenges were and what your experience was like?
Do you think sharing bug ideas could cost you a bounty?

Resources:

View Marco Ivaldi on LinkedIn

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Hosted on Acast. See acast.com/privacy for more information.

Evolutions in Hacking with Marco Ivaldi

Wed, 30 Apr 2025 19:05:00 GMT

In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Marco Ivaldi, co-founder and technical director of HN Security, a boutique company specializing in offensive security services, shares his journey from hacking as a teenager in the '80s to becoming a key figure in the security research community. With nearly three decades of experience in cybersecurity, Marco digs into the ongoing challenges, particularly in Active Directory and password security, highlighting vulnerabilities that continue to pose significant risks today. He recounts his unexpected path into bug bounty hunting, including his involvement in Microsoft's Zero Day Quest and his passion for auditing real-time operating systems like Azure RTOS.

In This Episode You Will Learn:

How Marco taught himself BASIC and assembly through cassette tapes and trips to local libraries
Why mentorship and positive leadership can catapult your cybersecurity career
When measuring network response times can unintentionally leak valuable info

Some Questions We Ask:

Do you remember the first time you made code do something unexpected?
What was your experience like in the Zero Day Quest building for those three days?
How are you thinking of approaching fuzzing after Zero Day Quest?

Resources:

View Dhiral Patel on LinkedIn

HN SECURITY

Learn More About Marco

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.

Hosted on Acast. See acast.com/privacy for more information.

From Facebook-Phished to MVR Top 5 with Dhiral Patel

Wed, 16 Apr 2025 07:05:00 GMT

In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Dhiral Patel, Senior Security Engineer at ZoomInfo and one of MSRC’s Most Valuable Researchers (MVR). Dhiral shares how a hacked Facebook account sparked his passion for ethical hacking. From web development to penetration testing, Dhiral has become a top bug hunter, landing multiple spots on the MSRC leaderboards. Dhiral reflects on his early MSRC submissions and lessons learned. He also discusses the importance of mastering web security basics, practicing on platforms like TryHackMe and Hack the Box, and staying connected with the bug bounty community.

In This Episode You Will Learn:

The importance of mastering web security basics before diving into bug bounty hunting
Why hands-on platforms like TryHackMe and Hack the Box are perfect for beginners
Dhiral’s journey from blogging to freelancing and security research

Some Questions We Ask:

How do you balance competition and collaboration in the bug bounty community?
Can you explain what clickjacking is and if it still works today?
Why did you start with Power BI, and how did it lead to your journey in security?

Resources:

View Tobias Diehl on LinkedIn

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Hosted on Acast. See acast.com/privacy for more information.

AI & the Hunt for Hidden Vulnerabilities with Tobias Diehl

Wed, 02 Apr 2025 07:05:00 GMT

In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by security researcher Tobias Diehl, a top contributor to the Microsoft Security Research Center (MSRC) leaderboards and a Most Valuable Researcher. Tobias shares his journey from IT support to uncovering vulnerabilities in Microsoft products. He discusses his participation in the upcoming Zero Day Quest hacking challenge and breaks down a recent discovery involving Power Automate, where he identified a security flaw that could be exploited via malicious URLs. Tobias explains how developers can mitigate such risks and the importance of strong proof-of-concept submissions in security research.

In This Episode You Will Learn:

Researching vulnerabilities in Power Automate, Power Automate Desktop, and Azure
The importance of user prompts to prevent unintended application behavior
Key vulnerabilities Tobias looks for when researching Microsoft products

Some Questions We Ask:

Have you submitted any AI-related findings to Microsoft or other bug bounty programs?
How does the lack of visibility into AI models impact the research process?
Has your approach to security research changed when working with AI versus traditional systems?

Resources:

The increasing threat of cryptocurrency miners

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Hosted on Acast. See acast.com/privacy for more information.

Cryptojacking, and Farewell for Now!

Wed, 16 Feb 2022 08:05:00 GMT

The success of crypto inspired dozens of other cryptocurrencies like Ethereum, Tether, and Dogecoin. Today, people worldwide use cryptocurrencies to buy things, sell things, and make investments. One thing is certain; digital currencies are here to stay, no matter how many times you have to explain what a bitcoin is. Unfortunately, it also created the world of cryptojacking, a form of cybercrime that remains completely hidden from the target and can infect millions of computers with cryptojacking malware. Which brings us to the fundamental question: What can organizations do to protect themselves?

In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by Microsoft senior software engineer Amitrajit Banerjee and senior staff architect at Intel Rahul Ghosh to discuss the history and prevalence of cryptojacking. The push behind a cryptojacking attack is almost always motivated by money. Mining cryptocurrencies can be very lucrative, but making a profit is challenging unless you cover high costs. They discuss the importance of understanding the actual concept of mining, how victims' CPU power and computing resources can be used, and why it isn't easy in general to detect crypto miners.

In This Episode You Will Learn:

How prevalent is cryptojacking and who should be worried
When and how people are exposed to these new types of threats
Why you should be familiar with cryptojacking

Some Questions We Ask:

How are victims' CPU power and computing resources used to mine cryptocurrencies?
What created this environment where cryptojacking is possible?
What are some general techniques when trying to identify cryptojacking?

Resources:

Defending against cryptojacking

Guidance for preventing, detecting, and hunting for exploitation

View Amitrajit Banerjee on LinkedIn

View Rahul Ghosh on LinkedIn

Microsoft Digital Defense Report

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

A look at Cybercrime in 2021

Wed, 02 Feb 2022 08:05:00 GMT

Ransomware attacks have never been so successful. The returns from these attacks are soaring and only becoming easier to conduct. In chapter two of the Microsoft Digital Defense Report, the growing threat of cybercrime is covered in great detail. As we continue to go over the MDDR, it's more apparent than ever that the cybercrime economy and services it provides are stronger and more complex than ever. Cryptocurrency, malware, and adversarial machine learning are just a few of the topics we believe need to be covered in more detail.

In this episode of Security Unlocked, host’s Natalia Godyla and Nic Fillingham are joined by Jason Lyons, principal investigator in the digital crimes unit at Microsoft. Jason is an experienced investigator specializing in computer investigations. He is trained and experienced in hacker methodology/techniques, computer forensics, and incident response. Jason joined the show to discuss Chapter two of the Microsoft Digital Defense Report, which focuses on the state of cybercrime. He also speaks on how cryptocurrency has created new challenges in ransomware, why ransomware continues to grow, and recent trends we are currently seeing in malware.

In This Episode You Will Learn:

How to decide whether to pay the ransomware or not
New ways for security teams to protect against malware
Why we are seeing a rise in cybercrime due to cryptocurrency.

Some Questions We Ask:

What's new in the way the cybercrime economy operates?
Why is ransomware still such a big thing and maybe even getting bigger?
What trends are we seeing with malware right now?

Resources:

View Jason Lyons on LinkedIn

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

What’s a BISO?

Wed, 19 Jan 2022 08:05:00 GMT

Everything is exciting and new when you're a kid, and curiosity inspires many of us to branch out and try new things. For some, that means drawing from our imagination or trying all kinds of sports. And for others it means spending days at the library, checking out books on modem communications, and eventually hacking into the local dial-up community service. That's just a random example, of course... Either way, curiosity can be a powerful tool, even at a young age. To the point that it may help kickstart a career, you didn't even know existed.

In this episode of Security Unlocked, host Natalia Godyla is joined by S&P Global Ratings BISO Alyssa Miller. Alyssa is a life-long hacker and highly experienced security executive. She runs the security strategy for S&P Global Ratings as the Business Information Security Officer (BISO), bringing together corporate security objectives and business objectives. Natalia and Alyssa discuss her journey in security from a young and curious hacker to a BISO of the largest credit-rating agency, and how she is shaping what the role of the BISO will be for future generations.

In This Episode You Will Learn:

What are the roles and responsibilities of a BISO
How a BISO should interact with the rest of the organization
How to put yourself on track to become a BISO

Some Questions We Ask:

What are the gaps that the BISO function is trying to address?
What other roles should exist in security, but don’t?
How will the BISO role evolve over time?

Resources:

View Alyssa Miller on LinkedIn

Microsoft Digital Defense Report 2021

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Disinformation in the Enterprise

Wed, 05 Jan 2022 08:05:00 GMT

Disinformation refers to the calculated use of false information to influence others and has been a steadily growing form of information warfare. Unfortunately, disinformation is everywhere these days, often hidden in plain sight. Criminals will also adapt and take advantage of technologies, such as AI and deepfakes, to increase the effectiveness of disinformation campaigns. Of course, there are ways to combat these types of attacks, and we cover recommendations for protecting the enterprise in the 2021 Microsoft Digital Defense Report (MDDR).

In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by the Director of Enterprise Continuity and Resilience at Microsoft, Irfan Mirza, who authored the chapter on disinformation in the enterprise in the 2021 MDDR. Irfan joins to discuss what disinformation is, why the use of disinformation is growing, how cognitive hacking occurs, and how cybersecurity can start thinking about adapting their strategies.

In This Episode You Will Learn:

How to identify disinformation campaigns
How to train users and protect your organization from disinformation
Why we need AI to defend against disinformation

Some Questions We Ask:

What is the difference between misinformation and disinformation?
How does disinformation impact cybersecurity?
What new skills do cybersecurity professionals need to be able to protect the enterprise from this new threat?

Resources:

View Irfan Mirza on LinkedIn

Microsoft finds new macOS vulnerability - Shrootless

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

I am Shroot-less

Wed, 22 Dec 2021 08:05:00 GMT

Microsoft works around the clock to protect their customers, no matter what product they’re using, Microsoft or otherwise. In some instances Microsoft teams up with other companies, creating an all-star cybersecurity team, to handle newly discovered vulnerabilities. It helps everyone stay more secure, and of course, that's the ultimate goal, right?

In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are re-joined by Jonathan Bar Or, Principal Security Researcher at Microsoft. Jonathan discusses the recently discovered vulnerability that could let attackers bypass System Integrity Protection (SIP) in macOS, why he believes in investing in cross-platform protection, and the importance of collaboration between security researchers, software vendors, and the larger security community.

In This Episode You Will Learn:

What is System Integrity Protection (SIP)
How attackers can bypass SIP
How attackers can use the Shrootless vulnerability

Some Questions We Ask:

How did you find the Shrootless vulnerability?
How do you decide what products to assess?
How does the process of submitting a vulnerability to Apple work?

Resources:

View Jonathan Bar Or on LinkedIn

Decoding NOBELIUM: Video Series

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Decoding NOBELIUM

Wed, 08 Dec 2021 08:05:00 GMT

In December 2020, Microsoft began sharing information with the cybersecurity industry on a group of Russia-based hackers who gained access to multiple enterprises through vulnerable software code, stolen passwords, compromised on-premises servers, and minted SAML tokens. In this supply chain attack, hackers could access the SolarWinds code, slip malicious code into a piece of the software, and use the vendor’s legitimate software updates to spread malware to customer systems.

Security Unlocked is excited to share with you, Decoding NOBELIUM. The docuseries gives you an inside look into the NOBELIUM incident, now viewed as one of the most advanced nation-state and supply chain attacks in history, with stories from the frontline defenders who tracked and responded to the attackers.

Resources:

Defending Against Nation-State Attacks | Microsoft Security

Zero Trust Adoption Report

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Trusting Your Hybrid Workforce

Wed, 24 Nov 2021 08:05:00 GMT

We are back, covering more of the 2021 Microsoft Digital Defense Report, and this time we’re taking a deep dive into chapter five on Hybrid Workforce Security and Zero Trust. Zero Trust means precisely what it sounds like, never assuming any device or identity is secure; it's like having major trust issues, but in a professional way. With most businesses moving to remote work because of the pandemic, cybercriminals, of course, found new ways to take advantage, especially since most people are now moving between business and personal activity online. For the first time, we’re going to cover a full 12-month recap of what securing the hybrid workforce has been like.

In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by Carmichael Patton, Lead Architect for Microsoft's Internal Zero Trust Deployment. Carmichael joins the show to discuss security challenges and trends impacting the hybrid workforce, the three most significant insider risk vulnerabilities, and why some customers are still not using MFA.

In This Episode You Will Learn:

Security challenges and trends impacting the hybrid workforce
How Microsoft approached their Zero Trust journey
Prioritizing security initiatives during a time of massive change

Some Questions We Ask:

What were some of the major hybrid workforce attacks?
Why are some customers still not using MFA?
When and how should you deal with insider risk?

Resources:

The 2021 Microsoft Digital Defense Report

View Carmichael Patton on LinkedIn

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

When Privacy Meets Security

Wed, 10 Nov 2021 08:05:00 GMT

The way most people operate online these days, what would you even consider private anymore? We are so quick to share details about our job, home, friends, and family without even thinking about how much personal info we're giving away. Privacy and user agreements are a part of almost everyone's life at this point, and what do you know about them? For the most part, we often see a user agreement pop up, click agree and move on, but do you know what you just agreed to? Privacy choices have become routine, though they shouldn’t be.

In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by Privacy Counsel and Data Protection Officer at Asana, Whitney Merrill. She is an accomplished attorney with 7+ years of privacy, data security, and data governance experience. Whitney discusses how to avoid common privacy mistakes, current privacy attack trends, and the importance of thinking like an attacker.

In This Episode You Will Learn:

The role of encryption in privacy
Privacy attack trends you should be paying attention to
Why some organizations have different approaches to privacy

Some Questions We Ask:

How, and when, do privacy and security come together?
Why has a common framework been so difficult to establish?
Should regulators play a role in establishing a baseline of privacy awareness?

Resources:

View Whitney Merrill on LinkedIn

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Securing Modern Software

Wed, 27 Oct 2021 07:05:00 GMT

The newfound popularity of the internet in the nineties spurned an obsession with hacking. Unfortunately, most movies believed that it wasn't possible to show real hacking and still be entertaining; hence all the awkward video game graphics and characters living in sketchy basements regularly yelling out, "We're in!" while pounding on their keyboards. I'd also like to address their outfit choices but now is not the appropriate time. The point is, hackers have been portrayed as the same character repeatedly when in reality, there are many possibilities to turn these skills into a legitimate career.

In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by Co-Founder and Chief Technology Officer at Veracode Chris Wysopal. In the ’90s, Chris was one of the first vulnerability researchers at The L0pht, a hacker think tank, where he publicized his findings on the dangers of insecure software. Chris shares guidance for anyone getting started with modern secure software development, the best tools to monitor for vulnerabilities in open-source code, and shares what he believes is one of the greatest threats to software development.

In This Episode You Will Learn:

How to use open-source code safely
Best tools for monitoring vulnerabilities
How to detect and respond to threats to insecure software

Some Questions We Ask:

What is modern secure software development?
What are the biggest threats to software today?
How should companies allocate ownership of secure code across the software development lifecycle?

Resources:

View Chris Wysopal on LinkedIn

2021 Microsoft Digital Defense Report

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

The 2021 Microsoft Digital Defense Report

Wed, 20 Oct 2021 07:05:00 GMT

Okay, look, we know you plan on reading the entire 2021 MDDR at some point. But you're busy. Life gets in the way. We get it. Who has the time! Well, we've got the time, but that's beside the point, and honestly... fortunate for you. We've read the report front to back and have decided to cover some of it today on the podcast, but you'll still need to read all 134 pages yourself if you truly want to grasp the entire piece. Unless you want to be that person who listens to a single podcast and pretends they read the whole thing... then go ahead; we won't tell.

In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by Sian John, Microsoft's director of strategic growth. Sian is currently working with the business development team, exploring growth opportunities for Microsoft to strengthen security, compliance, and identity offerings that address unfulfilled needs in the market. As a security professional with over 25 years of experience, Sian accompanies us as we discuss the 2021 Microsoft Digital Defense Report, which she personally contributed to.

In This Episode You Will Learn:

The history and analysis of the 2021 Microsoft Digital Defense Report
The evolution of cybercrime services that are for sale
What's providing new attackers with access to deeper data

Some Questions We Ask:

How did Microsoft settle on the topics and themes of the 2021 MDDR?
What are some takeaways from the newly added disinformation chapter?
Why isn't Zero Trust being implemented, considering the conversations we've had that it's more critical than ever?

Resources:

View Sian John on LinkedIn

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Mobile 4N6 101

Wed, 13 Oct 2021 07:05:00 GMT

What would you say is the most personal possession that you own? Most would say their cell phone... unless you still have a few journals from high school. And if you do, this is your reminder that it might be time to let those go. It's become increasingly apparent lately how much info our phones collect from us, from the first app you check in the morning after waking up, recent calendar entries, and your actual heart rate by 9 am. The crazy part is most people don't give it a second thought. It doesn't interest us... until something or someone goes missing, then it becomes a road map to whatever it is you did.

In this episode of Security Unlocked, host's Natalia Godyla and Nic Fillingham are joined by Senior Digital Forensics Researcher at Cellebrite, SANS Author and Senior Instructor Sarah Edwards. Sarah walks us through the world of mobile digital forensics while also crushing our dreams on how not so relatable it is to our favorite CSI television shows. She explains what makes mobile forensics unique while incredibly intimate and how a mobile device can be used as part of an attack chain.

In This Episode You Will Learn:

The specific tools used during a digital forensics investigation
What the typical threat landscape looks like for mobile devices
Big trends and changes happening in the past few years

Some Questions We Ask:

How is mobile forensics particularly unique?
What is typically looked for during an investigation?
How is a mobile device used as part of an attack chain?

Resources:

mac4n6.com

View Sarah Edwards on LinkedIn

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

View Microsoft Security Blog

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Untangling Botnets

Wed, 06 Oct 2021 07:05:00 GMT

You're back home celebrating the holidays with friends and family, sharing stories, catching up, and discussing your plans for the year ahead. Next thing you know, that cousin who wouldn't stop sending you emails about the "future of bitcoin" and coin mining kicks the door open, and he's ready to spread some holiday knowledge. Oh yeah, he's also going to cut you in on a sweet deal he has going on with his buddy Carl, who he met at dollar wing night. Unfortunately, Carl is one of the bad guys. He is secretly infecting multiple devices with botnets, collecting crypto-cash at the expense of the naive device owners who don't know that their machines are being used.

In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are re-joined by Microsoft Defender 365 threat intelligence team member Elif Kaya, whose current primary focus is with botnets, commodity threats, and phishing delivered malware. Elif explains some of the new techniques from botnets, how they're being used for financial theft via cryptocurrency mining, and the impact on the defender's view of these actions.

In This Episode You Will Learn:

An overview and detailed description of what botnets are
The fundamentals of cryptocurrency mining & botnets on a machine
Best practices when trying to identify new botnets

Some Questions We Ask:

How can Microsoft contribute to helping take down these botnets?
What direction are the new botnets moving towards?
How common is competition-killing activity within new botnets and crypto mining?

Resources:

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

View Elif Kaya on LinkedIn

Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

What the Fuzz?!

Wed, 29 Sep 2021 07:05:00 GMT

Do you have a data science or engineering background? If so, you're in luck. If not, you're also in luck because today's guest found a way to make a few complex subjects understandable for everyone. The first of many topics... Fuzzy hashing. It might sound like an adorable, adventurous Muppet character, but I promise you the reason behind it is not cute at all. The short explanation is "fighting crime with math," and honestly, the short version is all I've got for you. So, sit back and pay attention to an episode even the hosts plan on listening to twice.

In this episode of Security Unlocked, hosts Nic Fillingham and Natalia Godyla are joined by Edir Garcia Lazo, a data scientist currently working for the Microsoft Defender Cybersecurity Artificial Intelligence Team. Edir specializes in writing cloud machine learning models for the Malware Classification sub-team, working with threat hunters, reverse engineers, or security researchers. Edir talks us through character changes in malicious payloads, polymorphic malware, and the difference between fuzzing and fuzzy hashing.

Questions we ask:

What inspired the team to look at fuzzy hashing and deep learning as techniques for detection instead of some of the more traditional methods?
Is there a limit to how much change the fuzzy hashing methodology can recognize?
What are some of the major differences between fuzzing and fuzzy hashing?

What you’ll learn:

Why fuzzy hashes aren't a cure-all and continue to have problems with radically new malware.
Differences between perceptron and a multilayer perceptron.
The compatibility between deep learning and fuzzy hashing.

Resources:

View Edir on LinkedIn

View Nic’s LinkedIn

View Natalia’s LinkedIn

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

The ‘Three E’s’ of Scam Disruption

Wed, 22 Sep 2021 07:05:00 GMT

Juan Hardoy leads an international team of investigators, analysts, and lawyers inside the Digital Crimes Unit who share a joint mission to protect customers and promote trust in Microsoft technologies. Hearing that might take your imagination to a place where Juan is deputized to fight crime in digital space, and you wouldn't be completely wrong. Still, unfortunately, he's not sitting at his desk with a sheriff's badge and a cowboy hat. It's not as simple as the days in the west, where you can challenge someone to a duel because of a simple "Pop Up" and claim victory with a glass of whiskey, moving on to the next town with problems. Because in every organization, there's at least one person that will click on anything. These issues will continue to grow and evolve in a world where international and national law enforcement are needed, along with a team of investigators creating what some would call the "secret sauce" for tackling cybercrime.

In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by Juan Hardoy, an assistant general counsel with the DCU, to discuss his partnership with governments, elected officials, and policymakers. Juan explains the proactive action against cybercriminals trying to hurt our customers, why people aren't going to use our technology or the internet if they don't trust it, and how they bring them to justice in the form of criminal referrals with civil actions.

In this episode you will learn:

How Juan earned the role of assistant general counsel
What new services and technology criminals are using
Why education is the best defense against cybercrime and tech scams

Some questions we ask:

Are there any tactics that Microsoft tried in the past that didn't successfully stop the tech support scammers?
What is the mission of the digital crimes unit and how do they partner with government and elected officials?
Why do tech support scammers seem to target consumers and individuals instead of enterprises and organizations?

Resources:

Visit Juan Hardoy on LinkedIn

Visit Natalia on LinkedIn

Visit Nic on LinkedIn

Visit Microsoft Security Blog

Listen to: Security Unlocked

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Entering the Virtual Battlefield

Wed, 15 Sep 2021 07:05:00 GMT

Have you ever thought about a career in threat intelligence or cyber security? Possibly finishing school with a degree in computer programming and feel overwhelmed with what to do next? Don't worry; we've all experienced this. Maybe not specifically with computer programming, but the figuring it out aspect. You could be ending active military service and working in cyber operations, helping offensive and defensive cyberspace operations, wondering about the next step. The thought of making the transition from military to private industry can be exciting but also nerve-racking. The good news is that there are many different roads to travel, and with the experience and education you've obtained, you'll most likely have more options than you could have ever imagined.

In this episode of Security Unlocked, host Natalia Godyla is joined by Senior Threat Intelligence Analyst Justin Underwood, an army veteran with the personality and charm to calm your nerves. Currently working for a group known as OPTIC, the Operational Threat Intelligence Center at Microsoft, Justin and Natalia discuss his time at Bank of America and Xbox. He explains how it gave him a better understanding of cybersecurity, how he obtained the title of Human Intelligence Collector, and what helped him transition from the army into the world of threat intelligence and cyber security.

In This Episode You Will Learn:

How to find your place in the world of cybersecurity
The challenges faced when making the transition from military to private industry
What the role of a Human Intelligence Collector is

Some Questions We Ask:

How does military experience help you succeed in the private industry?
What military tools are used and overlap in the private sector?
What are some big projects currently being worked on?

Resources:

View Justin Underwood on LinkedIn

BazaCall: Phony call centers lead to exfiltration and ransomware

Visit Microsoft Security Blog

Listen to: Security Unlocked

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Battling BazaCall BuzzKill

Wed, 01 Sep 2021 07:05:00 GMT

It's finally Friday. You successfully made it through another week and the weekend is so close you can taste it. You pour yourself a bowl of your favorite cereal, but before you can get that first bite your phone rings. It's a random number, but for some reason you're feeling chatty and decide to answer. Unfortunately, it's a robot that somehow knows your name and is asking for your social security number, home address, and password from that first AOL account you made in 1998! It’s easy to recognize classic scams like these, but some of the newer, creative scams can be more challenging to identify. One of these is called BazaCall, and they don’t call you – oh, no. BazaCall will have YOU calling THEM!

In this episode of Security Unlocked, host Natalia Godyla is re-joined by Microsoft Threat Analysts Emily Hacker and Justin Carroll to talk about a relatively new delivery method for malware and ransomware called BazaCall campaigns. They discuss the different delivery methods used, how attackers evade detection, and where the attack chain begins.

In This Episode You Will Learn:

What makes BazaCall campaigns unique from other email/phone scams
How the delivery system works
About a new technique called “double extorsion”

Some Questions We Ask:

What is the flow of the attack chain?
What are some new tactics used by BazaCall centers?
How can organizations mitigate attacks?

Resources:

View Emily on LinkedIn

View Justin on LinkedIn

Listen to: Security Unlocked

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Turning to the Purple Side

Wed, 25 Aug 2021 07:05:00 GMT

Picture this: you’re working on a new software that will revolutionize your industry. You’ve got your work cut out for you, from design to programming to integration. But what about security? Keeping your software secure should be in the conversation from day one, but not all developers are well-versed in application security. The good news is that you’re not alone, and even if this picture that we’ve painted isn’t of you, there are still very accessible ways to learn about application security and information security. One of these ways is We Hack Purple, created by a Microsoft alumnus.

In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by the founder of We Hack Purple and former Microsoft Senior Cloud Advocate, Tanya Janca, to discuss her company, trainings, and why it’s so important to keep up with the newest movements in the world of security. Before founding her company, Tanya found herself red-teaming and blue-teaming, and declared herself in the world of Purple. She brings us into that world, breaks down app-sec framework, and even gives a few sci-fi book recommendations.

In This Episode You Will Learn:

How to keep up with new practices for security professionals
The frame work for application security
How to work with and communicate effectively with software developers

Some Questions We Ask:

How do we bridge the gap between developers and the security world?
What are the pros and cons of threat modeling?
Who should get involved in application security?

Resources:

We Hack Purple

View Tanya on LinkedIn

Defending the power grid against supply chain attacks—Part 1: The risk defined

Listen to: Security Unlocked

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Protecting the Power Grid

Wed, 18 Aug 2021 07:05:00 GMT

Electricity is all around us. In fact, you’re using it to read this right now. It powers (no pun intended) our everyday lives, and it works without us having to think about it. It’s kind of like breathing. I mean, you don’t have to tell your lungs “Hey! Start breathing right now!” But just like with breathing, the problems that can follow an interruption of electricity can be deadly. It shouldn’t be shocking (pun intended) that keeping power grids secure is an international priority.

In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by Microsoft’s Chief Security Advisor, Hafid Elabdellaoui, to talk about making our power grids safe and stable. So much relies on the stability of our power grids, it’s easy to forget how dependent we are. Hafid discusses the growing concerns with supply chain attacks and explains the importance of cyber hygiene at all levels of an organization.

In This Episode You Will Learn:

The challenges of bringing new security practices to the old field of utilities
Where cybersecurity meets physical security when utilities companies are under threats
Why keeping a software inventory is crucial to your security

Some Questions We Ask:

How do current power grid risks and threats compare to concerns 20 years ago?
How do utilities companies work with the government to prevent large-scale power grid failures?
How does Microsoft prepare for potential threats, and practice their responses?

Resources:

Defending the power grid against supply chain attacks—Part 2: Securing hardware and software

Defending the power grid against supply chain attacks—Part 3: Risk management strategies for the utilities industry

View Hafid Elabdellaoui on LinkedIn

Becoming resilient by understanding cybersecurity risks: Part 1

Listen to: Security Unlocked

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Making the Leap to the Cloud

Wed, 11 Aug 2021 07:05:00 GMT

8 trillion. It’s kind of a big number, right? That’s how many signals are collected, processed, and analyzed by Microsoft’s security team every single day. Those signals are travelling from the cloud, coming through endpoints, coming through Bing, coming through Xbox. All of these signals are turned into intelligence, and if you’re a cloud user, that intelligence is an asset to your security. By making the leap to the cloud, the power, size, and flexibility of Microsoft’s threat intelligence becomes your resource.

In this episode of Security Unlocked, hosts Nic Fillingham and Natalia Godyla are re-joined by Microsoft’s Chief Security Advisor, Sarah Armstrong-Smith, to dive deeper into the back half of her four-part series on Becoming Resilient. We explore different cloud models, the shared responsibility of your cloud service provider, and the growing risks of insider threats.

In This Episode You Will Learn:

Best practices on switching to the cloud and ensuring utmost security
Why you need to adapt to stay ahead of threats
How to build security cleanly into your foundation and keep from it being a messy afterthought

Some Questions We Ask:

What do new users gain by moving to the cloud?
What errors are organizations making when moving to the cloud?
How do we effectively communicate with our security team about business decisions?

Resources:

Becoming resilient by understanding cybersecurity risks: Part 2

Becoming resilient by understanding cybersecurity risks: Part 3—a security pro’s perspective

Becoming resilient by understanding cybersecurity risks: Part 4—navigating current threats

Cloud Adoption Framework

View Sarah Armstrong-Smith on LinkedIn

Global Tech Support Scam Research

Listen to: Security Unlocked

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Mary Had a Little Scam Report

Wed, 04 Aug 2021 07:05:00 GMT

How likely are you to fall for a scam? Survey Says… depends on your demographic. Scammers are evolving, from cold calls on the phone, to computer desktop pop-ups with nagging alarm sounds, to buying out search terms like “email support.” Tech support scams have become an ever-present threat in our online world with 3 out of 5 people globally experiencing them and 1 out of 6 people actually giving their money or personal information to the scammers. Even though there are some honorable people who do what they can to help prevent others from being scammed, the prevalence of these frauds shows they aren’t going away anytime soon.

On this episode of Security Unlocked, hosts Nic Fillingham and Natalia Godyla chat with Mary Jo Schrade, the Asia Regional Lead for Microsoft’s Digital Crimes Unit, about the most recent Global Tech Support Scam Research. The survey covers over 16,000 people in 16 countries and reveals some insights that will leave some feeling hopeful, and some feeling... a little concerned. It’s a relief to know that scam awareness is on the rise globally; however, the groups most susceptible to giving money to scammers may shock you.

In This Episode You Will Learn:

Which regions are being targeted most
How to help those you think are susceptible
How to recover your money after you’ve been scammed

Some Questions We Ask:

Who is falling for these scams?
How has the public’s awareness shifted over the past few years?
Is it ok to pretend to fall for a scam in order to waste a scammer’s time?

Resources:

Report a scam

Mary Jo Schrade’s LinkedIn

Sarah Armstrong-Smith's Blog post part 1

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Talking Security With Non-Security Professionals

Wed, 28 Jul 2021 07:05:00 GMT

Every occupation has its unique jargon that allows professionals to speak their own language and understand each other’s shorthand. Those of us in the world of cybersecurity are no exception as we frequently toss around acronyms and abbreviations, but how can we cybersecurity professionals communicate all of this crucial ingrained knowledge to people who haven’t the faintest idea about technology, security, or what our conversational shorthand even means?

In this episode of Security Unlocked, hosts Nic Fillingham and Natalia Godyla speak with Microsoft’s Chief Security Advisor, Sarah Armstrong-Smith, about the most effective ways to communicate high-level security topics with non-security professionals. In order to create a more secure world, it’s paramount that the non-tech savvy are equally informed and protected, and Sarah has some excellent tips in achieving that goal.

In This Episode You Will Learn:

How important it is to define ‘risk’
Why it's a mistake to think of cyber protections as a necessary evil in a corporation
The value of introducing topics by asking questions rather than lecturing

Some Questions We Ask:

Who should be driving security conversations in an organization?
How should we introduce cybersecurity concepts non-cybersecurity professionals?
What are some tips for complex organizations introducing their teams to cybersecurity concepts?

Resources:

Sarah Armstrong-Smith's Blog post part 2

Sarah Armstrong-Smith's Blog post part 3

Sarah Armstrong-Smith's Blog post part 4

Sarah Armstrong-Smith's LinkedIn

Jonathan Bar Or’s Blog Post

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Discovering Router Vulnerabilities with Anomaly Detection

Wed, 21 Jul 2021 07:05:00 GMT

Ready for a riddle? What do 40 hypothetical high school students and our guest on this episode have in common? Why they can help you understand complex cyber-attack methodology, of course!

In this episode of Security Unlocked, hosts Nic Fillingham and Natalia Godyla are brought back to school by Principal Security Researcher, Jonathan Bar Or who discusses vulnerabilities in NETGEAR Firmware. During the conversation Jonathan walks through how his team recognized the vulnerabilities and worked with NETGEAR to secure the issue, and helps us understand exactly how the attack worked using an ingenious metaphor.

In This Episode You Will Learn:

How a side-channel attack works
Why attackers are moving away from operating systems and towards network equipment
Why routers are an easy access point for attacks

Some Questions We Ask:

How do you distinguish an anomaly from an attack?
What are the differences between a side-channel attack and an authentication bypass?
What can regular users do to protect themselves from similar attacks?

Resources:

Jonathan Bar Or’s LinkedIn

Arjmand Samuel’s LinkedIn

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Securing the Internet of Things

Wed, 14 Jul 2021 07:05:00 GMT

There used to be a time when our appliances didn’t talk back to us, but it seems like nowadays everything in our home is getting smarter. Smart watches, smart appliances, smart lights - smart everything! This connectivity to the internet is what we call the Internet of Things (IoT). It’s becoming increasingly common for our everyday items to be “smart,” and while that may provide a lot of benefits, like your fridge reminding you when you may need to get more milk, it also means that all of those devices become susceptible to cyber attacks.

On this episode of Security Unlocked, hosts Nic Fillingham and Natalia Godyla talk to Arjmand Samuel about protecting IoT devices, especially with a zero trust approach. Listen in to learn not only about the importance of IoT security, but also what Microsoft is doing to protect against such attacks and how you can better secure these devices.

In This Episode You Will Learn:

What the techniques are to verify explicitly on IoT devices
How to apply the zero trust model in IoT
What Microsoft is doing to protect against attacks on IoT

Some Questions We Ask:

What is the difference between IoT and IT?
Why is IoT security so important?
What are the best practices for protecting IoT?

Resources:

FBI’s 2020 Internet Crime Report

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Looking a Gift Card Horse in the Mouth

Wed, 07 Jul 2021 07:05:00 GMT

Is it just me, or do you also miss the good ole days of fraudulent activity? You remember the kind I’m talking about, the emails from princes around the world asking for just a couple hundred dollars to help them unfreeze or retrieve their massive fortune which they would share with you. Attacks have grown more nuanced, complex, and invasive since then, but because of the unbelievable talent at Microsoft, we’re constantly getting better at defending against it.

On this episode of Security Unlocked, hosts Nic Fillingham and Natalia Godyla sit down with returning champion, Emily Hacker, to discuss Business Email Compromise (BEC), an attack that has perpetrators pretending to be someone from the victim’s place of work and instructs them to purchase gift cards and send them to the scammer. Maybe it’s good to look a gift card horse in the mouth?

In This Episode You Will Learn:

Why BEC is such an effective and pervasive attack
What are the key things to look out for to protect yourself against one
Why BEC emails are difficult to track

Some Questions We Ask:

How do the attackers mimic a true-to-form email from a colleague?
Why do we classify this type of email attack separately from others?
Why are they asking for gift cards rather than cash?

Resources:

Emily Hacker’s LinkedIn

Roberto Rodriguez’s LinkedIn

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Simulating the Enemy

Wed, 30 Jun 2021 07:05:00 GMT

How does that old saying go? Keep your friends close and keep your understanding of a threat actor’s underlying behavior and functionality of tradecraft closer? As new tools are developed and implemented for individuals and businesses to protect themselves, wouldn’t it be great to see how they hold up against different attacks without actually having to wait for an attack to happen? Microsoft’s new open-source tool, Simuland, allows users to simulate attacks on their own infrastructure to see where their own weaknesses lie.

In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham sit down with Roberto Rodriguez, Principle Threat Researcher for the Microsoft Threat Intelligence Center (MSTIC) and Simuland’s developer, to understand how the project came to life, and what users can expect as they use it.

In This Episode You Will Learn:

How community involvement will help Simuland grow
How individuals can use Simuland to see examples of actions threat actors can take against their infrastructure
What other projects and libraries went into Simuland’s development

Some Questions We Ask:

What exactly is being simulated in Simuland?
What do does Roberto hope for users to take away from Simuland?
What is next for the Simuland project?

Resources:

Roberto’s blog post, SimuLand: Understand adversary tradecraft and improve detection strategies

Roberto’s Twitter: Cyb3rWard0g

Microsoft Security Services

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Dial 'T' for Tech Support Fraud

Wed, 23 Jun 2021 07:05:00 GMT

We’ve all had a family dinner, Netflix binge, or otherwise relaxing moment ruined by a telemarketer trying to sell you something you didn't need – a magazine subscription, insurance, you name it! But recently, people have been getting calls that are much more sinister in nature; people claiming to be employees of Microsoft, or Apple, or Amazon, have been calling unsuspecting victims and urging them to pay the caller in exchange for cleaning their computer of viruses. Viruses that don’t exist. None of these people work for the companies they claim to, but rather are a small cog in a larger machine working to defraud the public.

On this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham kick off a three-episode arc discussing tech support scams. To get started, they speak with Anup B Kumar, Microsoft’s Digital Crime Unit’s Asia lead of investigation and analytics, to get a better sense of who is behind these scams, what their motivations are, and some ideas on how to stop them.

In This Episode You Will Learn:

Who these scammers target and why
How the scammers trick victims into trusting them.
Why working with law enforcement is crucial to stopping the problem

Some Questions We Ask:

Do the scammers know that they are scamming?
How pervasive is this scam?
Can we stop the scam by helping to facilitate legitimate employment?

Resources:

Anup Kumar’s LinkedIn

Microsoft Report a Scam

Hyrum Anderson’s LinkedIn

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

A Day in the Life of a Microsoft Principal Architect

Wed, 16 Jun 2021 07:05:00 GMT

We’re formally sending out a petition to change the phrase “Jack of all trades” to “Hyrum of all trades” in honor of this episode’s guest, Hyrum Anderson. In this episode, hosts Natalia Godyla and Nic Fillingham sit down with Hyrum Anderson who, when he’s not fulfilling his duties as the Principal Architect of the Azure Trustworthy ML group, spends his time playing accordions, making cheese, and founding impressive technology conferences. He does it all!

Rather than chatting with Hyrum about a specific capability that he’s helped to develop, or a blog post that he co-authored – because, believe us, the episode would last for hours – we decided to have a chat with him about his life, how he first got into the world of technology, and his thoughts on the current state of cyber security.

In This Episode You Will Learn:

The differences between a risk and a threat
Why it’s easier to attack than defend
What a Principal Architect of the Azure Trustworthy ML group does in his spare time

Some Questions We Ask:

How does Hyrum think about adversarial machine learning and protecting A.I. systems?
What is it like for Hyrum to oversee both the red teaming and defensive side of operations?
Why are we better at finding holes in security than we are at making sure they don’t exist in the first place?

Resources:

Hyrum Anderson’s Twitter

Conference on Applied Machine Learning in Information Security (CAMLIS)

Machine Learning Security Evasion Competition

AI security risk assessment using Counterfit

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Red-teaming AI with CounterFit

Wed, 09 Jun 2021 07:05:00 GMT

It’s an all out offensive on today’s episode while we talk about how the best defense is a good offense. But before we plan our attack, we need to know our vulnerabilities, and that’s where our guest comes in.

On this episode, hosts Nic Fillingham and Natalia Godyla are joined by Will Pearce, who discusses his role as AI Red Team Lead from the Azure Trustworthy ML Group and how he works to find weaknesses in security infrastructure to better develop ways to prevent against attacks.

In This Episode You Will Learn:

The three main functions of counterfeit
Why the best defense is a good offense
Why Will and his team aren’t worried about showing their hand by releasing this software as open source

Some Questions We Ask:

What previously developed infrastructure was the counterfeit tool built upon?
How AI red teaming differs from traditional specops red teaming
How did the counterfeit project evolve from conception to release?

Resources:

Will Pearce’s LinkedIn

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Pearls of Wisdom in the Security Signals Report

Wed, 02 Jun 2021 07:05:00 GMT

It’s our 30th episode! And in keeping with the traditional anniversary gift guide, the 30th anniversary means a gift of pearls. So from us to you, dear listener, we’ve got an episode with some pearls of wisdom!

On today’s episode, hosts Nic Fillingham and Natalia Godyla bring back returning champion, Nazmus Sakib, to take us through the new Security Signals Report. Sakib walks us through why the report was done and then helps us understand the findings and what they mean for security.

In This Episode You Will Learn:

How pervasive firmware is in our everyday lives
Why many people were vulnerable to firmware attacks
How companies are spending the money they allocate towards digital protection

Some Questions We Ask:

What was the hypothesis going into the Security Signals Report?
How do we protect ourselves from vulnerabilities that don’t exist yet?
Were any of the findings from the report unexpected?

Resources

Nazmus Sakib’s LinkedIn

Security Signals Report

Venki Krishnababu’s LinkedIn

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Securing Hybrid Work: Venki Krishnababu, lululemon

Wed, 26 May 2021 07:05:00 GMT

On this week’s Security Unlocked we’re featuring for the second and final time, a special crossover episode of our sister-podcast, Security Unlocked: CISO Series with Bret Arsenault.

Lululemon has been on the forefront of athleisure wear since its founding in 1998, but while many of its customers look at it exclusively as a fashion brand, at a deeper level this fashion empire is bolstered by a well thought out and maintained digital infrastructure that relies on a hard working team to run it.

On today’s episode, Microsoft CISO Bret Arsenault sits down with Venki Krishnababu, SVP of Global Technology Services at Lululemon. They discuss the ways in which technology plays into the brand, how Venki lead a seamless transition into the remote work caused by the pandemic, and how he’s using the experiences of the past year to influence future growth in the company.

In This Episode You Will Learn:

Why Venki feels so passionately about leading with empathy
Why Venki saw moving to remote work as only the tip of the iceberg; and how he handled what laid below.
Specific tools and practices that have lead to Venki’s success

Some Questions We Ask:

What is the biggest lesson learned during the pandemic?
How does one facilitate effective management during this time?
How does Lululemon view the future of in-person versus remote work?

Resources:

Brett Arsenault’s LinkedIn

Investigating a Unique ‘Form’ of Email Delivery for IcedID Malware

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Contact Us; Phish You!

Wed, 19 May 2021 07:05:00 GMT

Threat actors are pesky and, once again, they’re up to no good. A new methodology has schemers compromising online forms where users submit their information like their names, email addresses, and, depending on the type of site, some queries relating to their life. This new method indicates that the attackers have figured out a way around the CAPTCHA’s that have been making us all prove we’re not robots by identifying fire hydrants since 1997. And what’s more, we’re not quite sure how they’ve done it.

In this episode, hosts Natalia Godyla and Nic Fillingham sit down with Microsoft threat analyst, Emily Hacker, to discuss what’s going on behind the scenes as Microsoft begins to dig into this new threat and sort through how best to stop it.

In This Episode You Will Learn:

Why this attack seems to be more effective against specific professionals.
Why this new method of attack has a high rate of success.
How to better prepare yourself for this method of attack

Some Questions We Ask:

What is the endgame for these attacks?
What are we doing to protect against IceID in these attacks?
Are we in need of a more advanced replacement for CAPTCHA?

Resources:

Emily Hacker

CISO Series with Bret Arsenault

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Securing the Cloud with Mark Russinovich

Wed, 12 May 2021 07:05:00 GMT

On this week’s Security Unlocked, we’re pulling a bait and switch! Instead of our regularly scheduled programming, we’re going to be featuring the first episode of our new podcast, Security Unlocked: CISO Series with Bret Arsenault. Each episode is going to feature Microsoft’s CISO Bret Arsenault sitting down with other top techies in Microsoft and other companies in the industry.

In its inaugural episode – which we’re featuring on this episode – Bret sits down with Mark Russinovich, Chief Technology Officer of Microsoft’s Azure. Mark has a unique perspective on cloud technologies and offers insight into the changes that have occurred over the past few years due to advancing technology and the unique challenges brought about during the coronavirus pandemic. Enjoy this first episode of the new series and remember to subscribe so you catch all the rest that are yet to come.

In This Episode You Will Learn:

The initialism FFUUEE and why it’s important in understanding people’s resistance to adopting newer security capabilities
Mark Russinovich’s three points of advice for those looking to become more secure
Theories on improving MFA adoption across the board

Some Questions We Ask:

How do we think of cloud security now versus ten years ago?
What does a leading engineer think of moving toward a hybrid workforce?
How do you find and screen potential new team members in a remote world?

Resources

Brett Arsenault’s LinkedIn

Mark Russinovich’s LinkedIn

OpenAI Plays Hide and Seek…and Breaks The Game! 🤖

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Ready or Not, Here A.I. Come!

Wed, 05 May 2021 07:05:00 GMT

Remember the good ole days when we spent youthful hours playing hide and seek with our friends in the park? Well it turns out that game of hide and seek isn’t just for humans anymore. Researchers have begun putting A.I. to the test by having it play this favorite childhood game over and over and having the software optimize its strategies through automated reinforcement training.

In today’s episode, hosts Nic Fillingham and Natalia Godyla speak with Christian Seifert and Joshua Neil about their blog post Gamifying machine learning for stronger security and AI models, and how Microsoft is releasing this new open-sourced code to help it learn and grow.

In This Episode, You Will Learn:

What is Microsoft’s CyberBattleSim?
What reinforcement learning is and how it is used in training A.I.
How the OpenAI Gym allowed for AI to be trained and rewarded for learning

Some Questions We Ask:

Is an A.I. threat actor science fiction or an incoming reality?
What are the next steps in training the A.I.?
Who was the CyberBattleSim created for?

Resources:

Gamifying Machine Learning for Stronger Security and AI Models

Christian Seifert’s LinkedIn

Joshua Neil’s LinkedIn

Justin, Melissa’s, and Cole’s blog post

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Knowing Your Enemy: Anticipating Attackers’ Next Moves

Wed, 28 Apr 2021 07:05:00 GMT

Anyone who’s ever watched boxing knows that great reflexes can be the difference between a championship belt and a black eye. The flexing of an opponent’s shoulder, the pivot of their hip - a good boxer will know enough not only to predict and avoid the incoming upper-cut, but will know how to turn the attack back on their opponent. Microsoft’s newest capabilities in Defender puts cyber attackers in the ring and predicts their next attacks as the fight is happening.

On today’s episode, hosts Nic Fillingham and Natalia Godyla speak with Cole Sodja, Melissa Turcotte, and Justin Carroll (and maybe even a secret, fourth guest!) about their blog post on Microsoft’s Security blog about the new capabilities of using an A.I. to see the attacker’s next move.

In This Episode, You Will Learn:

What kind of data is needed for this level of threat detection and prevention?
The crucial nature of probabilistic graphical modeling in this process
The synergistic relationship between the automated capabilities and the human analyst

Some Questions We Ask:

What kind of modeling is used and why?
What does the feedback loop between program and analyst look like?
What are the steps taken to identify these attacks?

Resources:

Justin Carroll’s LinkedIn

Melissa Turcotte’s LinkedIn

Cole Sodja’s LinkedIn

Joshua Neil’s LinkedIn

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Below the OS: UEFI Scanning in Defender

Wed, 21 Apr 2021 07:05:00 GMT

All of us have seen – or at least, are familiar with – the antics of Tom and Jerry or Road Runner and Wile E. Coyote. In each one the coyote or the cat set up these elaborate plans to sabotage their foe, but time and time again, the nimble mouse and the speedy bird are able to outsmart their attackers.

In our third episode discussing Ensuring Firmware Security, hosts Nic Fillingham and Natalia Godyla speak with Shweta Jha and Gowtham Reddy about developing the tools that allow for them to stay one step ahead of cybercriminals in the cat & mouse game that is cyber security.

In this Episode You Will Learn:

The new capabilities within Microsoft Defender to scan the Unified Extensible Firmware Interface (UEFI)
How the LoJax attack compromised UEFI firmware
How UEFI scanning emerged as a capability

Some Questions that We Ask:

Has UEFI scanning always been possible?
What types of signals is UEFI scanning searching for?
What are the ways bad actors may adjust to avoid UEFI scanning?

Resources:

Shweta Jha’s LinkedIn

Gowtham Reddy’s LinkedIn

Defender Blog Post

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Inside Insider Risk

Wed, 14 Apr 2021 07:05:00 GMT

Throughout the course of this podcast series, we’ve had an abundance of great conversations with our colleagues at Microsoft about how they’re working to better protect companies and individuals from cyber-attacks, but today we take a look at a different source of malfeasance: the insider threat. Now that most people are working remotely and have access to their company’s data in the privacy of their own home, it’s easier than ever to access, download, and share private information.

On today’s episode, hosts Nic Fillingham and Natalia Godyla sit down with Microsoft Applied Researcher, Rob McCann to talk about his work in identifying potential insider risk factors and the tools that Microsoft’s Internal Security Team are developing to stop them at the source.

In This Episode, You Will Learn:

The differences between internal and external threats in cybersecurity
Ways that A.I. can factor into anomaly detection in insider risk management
Why the rise in insider attacks is helping make it easier to address the issue

Some Questions We Ask:

How do you identify insider risk?
How do you create a tool for customers that requires an extreme amount of case-by-case customization?
How are other organizations prioritizing internal versus external risks?

Resources:

Rob McCann’s Linkedin

Rob McCann on Uncovering Hidden Risk

Insider Risk Blog Post

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

The Language of Cybercrime

Wed, 07 Apr 2021 07:05:00 GMT

How many languages do you speak? The average person only speaks one or two languages, and for most people that’s plenty because even as communities are becoming more global, languages are still very much tied to geographic boundaries. But what happens when you go on the internet where those regions don’t exist the same way they do in real life? Because the internet connects people from every corner of the world, cybercriminals can perpetrate scams in countries thousands of miles away. So how do organizations like Microsoft’s Digital Crime Unit combat cybercrime when they don’t even speak the language of the perpetrators?

On today’s episode of Security Unlocked, hosts Nic Fillingham and Natalia Godyla sit down with Peter Anaman, Principal Investigator on the Digital Crimes Unit, to discuss how Peter looks at digital crimes in a very interconnected world and how language and culture play into the crimes being committed, who’s behind them, and how to stop them.

In This Episode, You Will Learn:

Some of the tools the Digital Crime Unit at Microsoft uses to catch criminals.
How language and cultural factors into cyber crime
Why cyber crime has been on the rise since Covid began

Some Questions We Ask:

How has understanding a specific culture helped crack a case?
How does a lawyer who served as an officer in the French Army wind up working at Microsoft?
Are there best practices for content creators to stay safe from cyber crime?

Resources

Peter Anaman’s LinkedIn

Advancing Minorities’ Interest in Engineering

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

The Human Element with Valecia Maclin

Wed, 31 Mar 2021 07:05:00 GMT

For Women’s History Month, we wanted to share the stories of just a few of the amazing women who make Microsoft the powerhouse that it is. To wrap up the month, we speak with Valecia Maclin, brilliant General Engineering Manager of Customer Security & Trust, about the human element of cybersecurity.

In discussion with hosts Nic Fillingham and Natalia Godyla, Valecia speaks to how she transitioned into cybersecurity after originally planning on becoming a mechanical engineer, and how she oversees her teams with a sense of humanity - from understanding that working from home brings unique challenges, to going the extra mile to ensure that no member of the team feels like an insignificant cog in a big machine - Valecia is a shining example of what leadership should look like, and maybe humanity too.

In this Episode You Will Learn:

The importance of who is behind cybersecurity protocols
How Microsoft’s Engineering, Customer Security & Trust team successfully transitioned to remote work under Valecia’s leadership
Tips on being a more inclusive leader in the security space

Some Questions that We Ask:

What excites Valecia Maclin about the future of Cybersecurity
How does a mechanical engineering background affect a GM’s role in Infosec
How Valecia Maclin, General Manager of Engineering, Customer Security & Trust, got to where she is today

Resources:

Valecia’s LinkedIn

SAFECode

Microsoft’s TEALS

Microsoft’s DigiGirlz

#IdentityJobs at Microsoft

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Identity Threats, Tokens, and Tacos

Wed, 24 Mar 2021 07:05:00 GMT

Every day there are literally billions of authentications across Microsoft – whether it’s someone checking their email, logging onto their Xbox, or hopping into a Teams call – and while there are tools like Multi-Factor Authentication in place to ensure the person behind the keyboard is the actual owner of the account, cyber-criminals can still manipulate systems. Catching one of these instances should be like catching the smallest needle in the largest haystack, but with the algorithms put into place by the Identity Security team at Microsoft, that haystack becomes much smaller, and that needle, much larger.

On today’s episode, hosts Nic Fillingham and Natalia Godyla invite back Maria Puertos Calvo, the Lead Data Scientist in Identity Security and Protection at Microsoft, to talk with us about how her team monitors such a massive scale of authentications on any given day. They also look deeper into Maria’s background and find out what got her into the field of security analytics and A.I. in the first place, and how her past in academia helped that trajectory.

In this Episode You Will Learn:

How the Identity Security team uses AI to authenticate billions of logins across Microsoft
Why Fingerprints are fallible security tools
How machine learning infrastructure has changed over the past couple of decades at Microsoft

Some Questions that We Ask:

Is the sheer scale of authentications throughout Microsoft a dream come true or a nightmare for a data analyst?
Do today’s threat-detection models share common threads with the threat-detection of previous decades?
How does someone become Microsoft’s Lead Data Scientist for Identity Security and Protection?

Resources:

Maria’s First Appearance on Security Unlocked, Tackling Identity Threats with A.I.

Maria’s Linkedin

What tracking an attacker email infrastructure tells us about persistent cybercriminal operations

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Re: Tracking Attacker Email Infrastructure

Wed, 17 Mar 2021 07:05:00 GMT

If you use email, there is a good chance you’re familiar with email scams. Who hasn’t gotten a shady chain letter or suspicious offer in their inbox? Cybercriminals have been using email to spread malware for decades and today’s methods are more sophisticated than ever. In order to stop these attacks from ever hitting our inboxes in the first place, threat analysts have to always be one step ahead of these cybercriminals, deploying advanced and ever-evolving tactics to stop them.

On today’s podcast, hosts Nic Fillingham and Natalia Godyla are joined by Elif Kaya, a Threat Analyst at Microsoft. Elif speaks with us about attacker email infrastructure. We learn what it is, how it’s used, and how her team is combating it. She explains how the intelligence her team gathers is helping to predict how a domain is going to be used, even before any malicious email campaigns begin. It’s a fascinating conversation that dives deep into Elif’s research and her unique perspective on combating cybercrime.

In This Episode, You Will Learn:

The meaning of the terms “RandomU” and “StrangeU”
The research and techniques used when gathering intelligence on attacker email structure
How sophisticated malware campaigns evade machine learning, phish filters, and other automated technology
The history behind service infrastructure, the Netcurs takedown, Agent Tesla, Diamond Fox, Dridox, and more

Some Questions We Ask:

What is attacker email infrastructure and how is it used by cybercriminals?
How does gaining intelligence on email infrastructures help us improve protection against malware campaigns?
What is the difference between “attacker-owned infrastructure” and “compromised infrastructure”?
Why wasn’t machine learning or unsupervised learning a technique used when gathering intelligence on attacker email campaigns?
What should organizations do to protect themselves? What solutions should they have in place?

Resources:

Elif Kaya

Dr. Anna Bertiger’s LinkedIn

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Celebrating Women in Security

Mon, 08 Mar 2021 08:05:00 GMT

Today is International Women’s Day, and we are celebrating with a very special episode of Security Unlocked. Hosts Nic Fillingham and Natalia Godyla revisit their favorite interviews with some of the prominent women featured previously on the podcast.

We speak with Holly Stewart, a Principal Research Lead at Microsoft and known in the Defender organization as “The Queen of AI.” Holly shares how building a security team with different perspectives helps to better understand and stop threats.

Next, we talk with Dr. Anna Bertiger, a Senior Applied Scientist at Microsoft. Anna has an incredible passion for math and explains how she’s using math to catch villains and make computer networks safer.

Finally, we explore what it’s like to hunt down threats with Sam Schwartz, a Program Manager with Microsoft Threat Experts. She came to Microsoft right out of college and didn’t even know what malware was; now she’s helping coordinate a team of threat hunters on the cutting edge of attack prevention.

Security Unlocked will be highlighting female security leaders at Microsoft throughout the month of March. Subscribe now to make sure you don’t miss an episode!

In This Episode, You Will Learn:

How math is used to help analyze attack trends
How AI and ML help identify patterns that can stop attacks
How threat hunters are tracking down the newest security risks
Why Microsoft Threat Experts are focused on human adversaries, not malware

Some Questions We Ask:

How do AI and ML factor into solving complicated security problems?
What’s next on the horizon for data science?
How do you use math to determine if an action is dangerous or benign?
Why do threat hunters need to limit the scope of their work?
What skills do you need to be a security program manager?

Resources:

Sam Schwartz’s LinkedIn

Holly Stewart’s LinkedIn

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Digital Crimes Investigates: Counterfeit Tales

Wed, 03 Mar 2021 08:05:00 GMT

Digital crime-fighter Donal Keating revisits the podcast, but this time… it’s personal. *cue dramatic crime-fighting music* The Director of Innovation and Research of the Digital Crimes Unit (DCU) at Microsoft joins hosts Nic Fillingham and Natalia Godyla to regale us with the origin story of the DCU and his captivating career exploits. Whether it’s tales of his early days preventing Windows 98 counterfeits in Ireland or the many international law enforcement raids he’s participated in…there’s no shortage to Donal’s crime-fighting adventures.

In This Episode, You Will Learn:

The mission of Microsoft’s DCU and the techniques used to combat fraud
The events and needs that led to the creation of a forensic analytic lab at Microsoft
How counterfeiting and intellectual property crime have evolved over the years with advanced technology
What it’s like partnering with law enforcement to take down criminals around the world

Some Questions We Ask:

What does a day in the life of Donal look like in the DCU?
Was there ever a counterfeit example that shocked Donal at just how good it was?
With so many shifts in Donal’s work, what in his background has prepared him to stay on top of the changes?
What does a digital crime fighter do in their time off?

Resources:

Donal’s LinkedIn

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Judging a Bug by Its Title

Wed, 24 Feb 2021 22:16:00 GMT

Most people know the age-old adage, “Don’t judge a book by its cover.” I can still see my grandmother wagging her finger at me when I was younger as she said it. But what if it's not the book cover we’re judging, but the title? And what if it’s not a book we’re analyzing, but instead a security bug? The times have changed, and age-old adages don’t always translate well in the digital landscape. In this case, we’re using machine learning (ML) to identify and “judge” security bugs based solely on their titles. And, believe it or not, it works! (Sorry, Grandma!)

Mayana Pereira, Data Scientist at Microsoft, joins hosts Nic Fillingham and Natalia Godyla to dig into the endeavors that are saving security experts’ time. Mayana explains how data science and security teams have come together to explore ways that ML can help software developers identify and classify security bugs more efficiently. A task that, without machine learning, has traditionally provided false positives or led developers to overlook misclassified critical security vulnerabilities.

In This Episode, You Will Learn:

How data science and ML can improve security protocols and identify and classify bugs for software developers
How to determine the appropriate amount of data needed to create an accurate ML training model
The techniques used to classify bugs based simply on their title

Some Questions We Ask:

What questions need to be asked in order to obtain the right data to train a security model?
How does Microsoft utilize the outputs of these data-driven security models?
What is AI for Good and how is it using AI to foster positive change in protecting children, data and privacy online?

Resources:

Article: “Identifying Security Bug Reports Based Solely on Report Titles and Noisy Data”

Mayana’s LinkedIn

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Enterprise Resiliency: Breakfast of Champions

Wed, 17 Feb 2021 08:05:00 GMT

Prior to the pandemic, workdays used to look a whole lot different. If you had a break, you could take a walk to stretch your legs, shake the hands of your co-workers, or get some 1-on-1 face time with the boss. Ahh... those were the days. That close contact we once had is now something that many of us yearn for as we’ve had to abruptly lift and shift from living in our office to working from our home. But communicating and socializing aren’t the only things that were easier back then. The walls of your office have expanded, and with them, the boundaries of your security protocols. Small in-office tasks like patching a server have now become multi-step processes that require remote management, remote updates, and remote administrative control. With that comes the prioritization of resilience and what it means for enterprises, customers, and security teams alike. That’s where remote enterprise resiliency comes into play.

Today on the pod, we explore the final chapter of the MDDR. Irfan Mirza, Director of Enterprise Continuity and Resilience at Microsoft, wraps up the observations from the report by giving hosts Nic Fillingham and Natalya Godyla the rundown on enterprise resiliency and discusses how we can ensure the highest levels of security while working from home. Irfan explains the Zero trust model and how Microsoft is working to extend security benefits to your kitchen or home office, or... that make-shift workspace in your closet.

In the second segment, Andrew Paverd, Senior Researcher on the Microsoft Security Response Center Team and jack of all trades, stops by… and we’re not convinced he’s fully human. He’s here to tell us about the many hats he wears, from safe systems programming to leveraging AI to help with processes within the MSRC, and shares how he has to think like a hacker to prevent attacks. Spoiler alert: he’s a big follower of Murphy’s Law.

In This Episode, You Will Learn:

How classical security models are being challenged
What the Zero Trust Model is and how it works
The three critical areas of resilience: extending the enterprise boundary, prioritizing resilient performance, and validating the resilience of our human infrastructure.
How hackers approach our systems and technologies

Some Questions We Ask:

How has security changed as a product of the pandemic?
Do we feel like we have secured the remote workforce?
What frameworks exist to put a metric around where an organization is in terms of its resiliency?
What is Control Flow Guard (CFG) and Control-Flow Integrity?
What’s the next stage for the Rust programming language?

Resources:

Irfan’s LinkedIn

Andrew’s LinkedIn

Microsoft Pluton Announcement

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Pluton: The New Bedrock for Device Security

Wed, 10 Feb 2021 08:05:00 GMT

Close your eyes, and imagine a world where booting up your computer wasn’t a susceptibility point for attacks. Imagine a Root of Trust that’s integrated into the CPU. Imagine all of your devices being protected against advanced attacks. Now, what if I told you there’s a cutting-edge processor that’s battle-tested for hardware penetrations, easy to update, and protects credentials, encryption keys, and personal data all at once? What if I told you it was already here, and your systems might already be using it?! Open your eyes, and get ready to be amazed! It’s Pluton, baby! Peter Waxman, Group Program Manager at Microsoft, joins hosts Nic Fillingham and Natalia Godyla in a tell-all about Pluton. Trust us, Pluton is sure to knock your SOCs off (that’s System on a Chip)!

Now that your eyes have been opened to a more secure system, we’d like to ask you to keep the volume down, because you’ve just entered the Library of Threats. While it may sound like inspiration for the next installment of National Treasure, you won’t find Nicolas Cage in this library (at least you shouldn’t). However, you will find Madeline Carmichael, MSTIC’s Threat Intel Librarian, whose movie-worthy title is just as impressive as it sounds. To be honest though, you might not find anyone in the library, as it bears more resemblance to Professor X’s Cerebro than it does your local hardcover sanctuary.

In This Episode, You Will Learn:

What the Pluton Security Processor is and how it was created
The architecture of the Pluton Security Processor
What challenges were faced while bringing the Pluton Security Processor to life
The Root of Trust today vs. The Future with Pluton
The naming systems for threat actors, from periodic elements to volcanoes

Some Questions We Ask:

What differentiates the Pluton Security Processor from previous methodologies?
Why is the Pluton Processor better than what we have used in the past?
What challenges lie ahead with the next steps around Pluton?
What has changed since Pluton was in Xbox to where it is now?
What tools and platforms does a Threat Intel Librarian utilize?

Resources:

Peter’s LinkedIn

Madeline’s LinkedIn

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

BEC: Homoglyphs, Drop Accounts, and CEO Fraud

Wed, 03 Feb 2021 08:30:00 GMT

CCI: Cyber Crime Investigation. Another day, another email attack - something smells “phishy” in the network. *Slowly puts on sunglasses and flips up trench coat collar* Time to go to work.

Just how easy is it for someone to steal your credentials? Because once they’re stolen, and sold for pocket change, it’s open season. Homoglyphs, drop accounts, email forwarding… is it any wonder billions of dollars have been lost to BEC (business email compromise)?

Join hosts Nic Fillingham and Natalia Godyla for a fascinating conversation with Peter Anaman, Director and Principal Investigator of the CELA Digital Crimes Unit, as they unpack the cybercrime section of the Microsoft Digital Defense Report to see what these phishers are up to. Scott Christiansen joins us later in the show to recount his journey to security and his role as an Adjunct Professor for Bellevue University's Master of Science in Cybersecurity, along with some great advice for choosing security as a profession.

In This Episode, You Will Learn: 

The difference between consumer and enterprise phishing
The types of people and professions that are usually targeted in cyber attacks
How putting policies on backups and policies to protect the organization in place will help prevent digital crimes
The four categories of the internet: the dark web, the surface web, the deep web, and the vetted web

Some Questions We Ask:

What would an example of credential phishing look like?
What is the end goal for phishers?
How are phishing and business email compromise techniques leveraged during the pandemic?
What patterns are being seen when it comes to credential phishing?
How do you use ML to classify whether a bug is security-related or not?

Resources:

Peter’s LinkedIn

Scott’s LinkedIn

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

All Your Pa$$w0rd Are Belong to Us

Wed, 27 Jan 2021 08:05:00 GMT

Special Edition!

We’ve been told for years how important passwords are, taught how to make them stronger and longer and better, and we frantically tear up our home or office when we can’t find that sticky note where we wrote them down. Life feels like it comes to a screeching halt when we’ve lost our passwords, but… what would life be like if we didn’t need them? Can your passwords truly become a thing of the past? Sounds a bit unnerving, but we can promise you, it’s always security first here at Microsoft.

On this special edition episode of the Security Unlocked podcast, hosts Nic Fillingham and Natalia Godyla explore the journey of becoming passwordless with Alex Weinert, Director of Identity Security at Microsoft, as he explains why your passwords don’t matter and how going passwordless can protect you from attackers.

In This Episode, You Will Learn: 

The risks that are being mitigated through passwordless authentication
Where the challenges lie within using passwordless authentication
The functions of Windows Hello, Microsoft Authenticator and FIDO tokens
How ML is used in these technologies

Some Questions We Ask:

What does passwordless mean?
What are some common misconceptions or risks?
Where are customers on their journey to going passwordless?
hat is the end goal for passwordless authentication?

Resources:

Alex’s Blog Post

Alex’s LinkedIn

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Under the Hood: Ensuring Firmware Integrity

Wed, 20 Jan 2021 08:05:00 GMT

How do we ensure firmware integrity and security? Join hosts Nic Fillingham and Natalia Godyla and guest Nazmus Sakib, a Principal Lead Program Manager at Microsoft, to dive deeper and assess the complexities and challenges that come along with securing firmware - bootstraps and all!

Megamind Bhavna Soman, a Senior Security Research Lead, joins us later in the show and we learn about her journey in optimizing AI and ML to improve efficiency in security and give the humans a break.

In This Episode, You Will Learn:

How Microsoft ensures firmware integrity and security
How firmware is making it harder for attackers
Where AI and ML will take threat intelligence in the near future

Some Questions We Ask:

What is firmware?
Do we know where firmware attacks begin?
What does the threat landscape look like for firmware?
What part of ML should be automated better so that humans can shift to other tasks?

Resources:

Nazmus’s LinkedIn

Bhavna’s LinkedIn

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Tracking Nation State Actors

Wed, 13 Jan 2021 08:30:00 GMT

Watchdogs in tow, hosts Nic Fillingham and Natalia Godyla are joined by guest Randy Treit, Principal Security Leader at Microsoft, to examine the process of identifying the source of a threat and stopping the spread by protecting “patient zero.” Randy has a few key tricks up his sleeve as a defender, but you can decide if they’re more impressive than the antics he and his identical twin have pulled while working at Microsoft.

In the second segment, Jeremy Dallman, Principal Program Manager at Microsoft, discusses why some bad actors are known in the security world under some of the most seemingly harmless codenames, such as “Fancy Bear” and “Charming Kitten”, and highlights the techniques his team is using to protect Microsoft’s customers from Nation-State actors.

In This Episode, You Will Learn: 

How Microsoft is defending and protecting patient zero
The history of Defender and antimalware
The process of finding gaps in protections
The importance of protecting customers from Nation-State actors
How and why security vendors use codenames to refer to threat activity groups

Some Questions We Ask:

What is different about focusing on patient zero than other aspects of security?
How does Microsoft measure the false positive rate in protecting patient zero?
What tools are being used on a day-to-day basis in defender security?
Why does Microsoft partner with the industry to identify Nation-State actors?
How many groups are utilizing AI and ML to enhance their ability to become a threat?

Resources:

Randy’s LinkedIn

Jeremy’s LinkedIn

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Unpacking the New ML Threat Matrix

Wed, 06 Jan 2021 08:00:00 GMT

Yeehaw! “Data Cowboy” is in the building. Join us as Nic Fillingham and Natalia Godyla sit down with Ram Shankar Siva Kumar, aka “Data Cowboy” at Microsoft, for an exciting conversation about the release of a new adversarial ML threat matrix created for security analysts. Have no fear, we made sure to find out how Ram acquired the name, “Data Cowboy”, so saddle up and get ready for the ride!

Stick around to hear Nic and Natalia explore the urgency of surfacing threats at a faster rate with Justin Carroll, a Threat Analyst at Microsoft, and why it is more important now than ever before.

In This Episode, You Will Learn:

How Microsoft is using the new ML threat matrix against cyber attacks
The approach and philosophy for putting the threat matrix on GitHub
ML applications in regard to healthcare and why it is worrisome
What needs to happen in order to be successful in combating certain threats

Some Questions We Ask:

What is an adversarial ML threat matrix?
How will the community on GitHub contribute to the evolution of the ML threat matrix?
What resources are available to learn about all things VM?
What techniques are being used to find threats at a faster speed?
How do AI and ML factor into the role of managing data and collaborating with other teams?

Resources

Ram’s Blog

Ram’s LinkedIn

Justin’s LinkedIn

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Tackling Identity Threats With AI

Wed, 23 Dec 2020 08:05:00 GMT

The last thing we all need this year is an identity crisis. Fear not, hosts Nic Fillingham and Natalia Godyla are here with Maria Puertas Calvo, Data Science Lead of Microsoft’s Identity Security and Protection Team, to learn how AI is being used to protect our personal identities. Maria also reveals previously undisclosed information – her favorite food and her famous top-secret recipe, so get ready to take notes!

Later, the hosts bring back a previous guest, Geoff McDonald, ML Research Lead at Microsoft to unpack his career in cybersecurity and how game hacking led him to where he is now.

In This Episode, You Will Learn:

How offline detections are used for account compromise prevention
The importance of multi-factor authentication
How Microsoft is taking a new approach with AI to identify threats with real-time prevention
The problem with adversaries and malware attackers

Some Questions We Ask:

How is Microsoft applying AI to solve problems for account compromise prevention?
How do humans play a role in labeling data sets?
How is Microsoft measuring success of their new enhanced AI?
What is the future for neural networks?

Resources

Maria’s Blog

Threat Modeling AI Systems and Dependencies

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Threat Modeling for Adversarial ML

Wed, 09 Dec 2020 08:00:00 GMT

How ready is your corporate security team to handle AI and ML threats? Many simply don’t have the bandwidth or don’t see it as a priority. That’s where security engineers like Microsoft’s Andrew Marshall step in. In this episode, hosts Nic Fillingham and Natalia Godyla speak with Andrew about just what his team is doing to teach security professionals and policy makers about the dangers of AI and ML attacks, and walks through some of the documentation, available for free online, that can help guide the response. Plus, why he really, really doesn’t want to talk about Windows Vista.

Nic and Natalia then explore what it’s like to hunt down threats with Sam Schwartz, a program manager with Microsoft Threat Experts. She came to Microsoft right out of college and didn’t even know what malware was. Now, she’s helping coordinate a team of threat hunters on the cutting edge of attack prevention.

In This Episode, You Will Learn:

Why data science and security engineering skills don’t necessarily overlap
How attackers are using ML to change decision making
What security teams are doing to protect AI and ML systems
How threat hunters are tracking down the newest security risks
Why Microsoft Threat Experts are focused on human adversaries, not malware

Some Questions We Ask:

What does the ML landscape look like at Microsoft?
How are ML attacks evolving?
What is ‘data poisoning’?
Why do threat hunters need to limit the scope of their work?
What skills do you need to be a security program manager?

Resources

Microsoft Digital Defense Report, September 2020

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

The Mechanics of Digital Crime

Wed, 25 Nov 2020 08:05:00 GMT

Ever wonder why it's so difficult to really secure a network, systems or data? Cyber criminals are stepping up their game, even as security gets stronger and stronger, and they’re using all sorts of new techniques to break through enterprise walls. In this episode, hosts Nic Fillingham and Natalia Godyla speak with Donal Keating, Director of Innovation and Research for the Microsoft Digital Crimes Unit, about one of the key findings in the latest Microsoft Digital Defense Report: how attackers are adapting and becoming more sophisticated. Plus how social engineering is revealing the true weakest link in any security plan -- and it’s something you might not expect.

Then they dive into what it’s like to hunt threats with Michelle Lam, who brings fresh eyes to every security problem she faces at Microsoft. She explains why not spending time in a SOC early in her career helps her spot potential attacks others might miss, and why she’s so passionate about helping serve under-represented communities and inspiring the next generation of security professionals.

In This Episode, You Will Learn:

How cyber attackers are using the cloud
Why humans are the weakest link in every security system
The new steps cyber criminals are taking to get people to trust them
How threat hunters look for malicious activity
How networking helps young security professionals

Some Questions We Ask:

What new threat trends are emerging?
How should security professionals prepare for new threats?
What is a homoglyph?
Why is threat hunting a uniquely human-based activity?

Resources

Microsoft Digital Defense Report, September 2020

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Protecting Machine Learning Systems

Wed, 11 Nov 2020 08:01:00 GMT

In this episode, hosts Nic Fillingham and Natalia Godyla speak with Sharon Xia, a principal program manager for cloud and AI at Microsoft, about the role machine learning plays in security. They discuss four major themes, outlined in the Microsoft Digital Defense Report, including how to prepare your industry for attacks on machine learning systems, preventing attack fatigue, democratizing machine learning and leveraging anomaly detection for post-breach detection.

Then they speak to Emily Hacker, a threat intelligence analyst at Microsoft, about her path from professional writing to helping find and stop attacks.

In This Episode, You Will Learn:

How to prepare for attacks on machine learning systems
The dangers of a model poisoning attack
Why it’s important to democratize machine learning
How a humanities background helps when tracking threats
The latest methods attackers are using for social engineering

Some Questions We Ask:

Why are most organizations not prepared for ML attacks?
How do you assess the trustworthiness of an ML system?
How can machine learning reduce alert fatigue?
What kind of patterns are analysts seeing in email threats?
Why is business email compromise treated differently than other threats?

Resources

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

How to Catch a Villian With Math

Wed, 28 Oct 2020 07:01:00 GMT

In this episode, hosts Nic Fillingham and Natalia Godyla speak with Mike Flowers and Cole Sodja of the Microsoft Protection Team, and Justin Carroll of the Microsoft Threat Intelligence Global Engagement and Response team, about how they’re using machine learning to identify and model lateral movement attacks.

Then they speak to Dr. Anna Bertiger, Senior Applied Scientist at Microsoft, on how she’s using math to catch villains and make computer networks safer.

In This Episode, You Will Learn:

What are lateral movement attacks
How machine learning helps address security challenges
Why grouping attack data can help better prevent threats
How math is used to help analyze attack trends
How AI and ML help identify patterns that can stop attacks

Some Questions We Ask:

What are the most challenging parts of identifying lateral movement attacks?
How does machine learning help understand how attacks would happen in the future?
How do attackers change techniques as security techniques change?
How do you use math to determine if an action is dangerous or benign?
What is so beautiful about math?

Resources:

Mike, Cole & Justin’s Blog Post

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Protecting the Under-Secured With Bad Behavior

Wed, 14 Oct 2020 07:05:00 GMT

In this episode, hosts Nic Fillingham and Natalia Godyla speak with Hardik Suri of the Microsoft Defender ATP Research Team about using behavior-based detection and machine learning to block attacks against Exchange servers, and why it’s so critical to patch and enable security capabilities.

Then they speak to Dr. Karen Lavi, a Senior Data Science Lead in the Microsoft Defender Research Team, on the neuroscience of threat detection, and how her team is using AI and machine learning to predict and prevent malware attacks.

In This Episode, You Will Learn:

Why Exchange servers are so vulnerable
The best way to defend against web shells
The simple things security professionals can do to protect under-protected servers
How neuroscience factors into threat detection
How to catch ‘patient zero’ in an attack

Some Questions We Ask:

How are techniques for detecting and blocking attacks evolving?
What’s next for behavior-based blocking?
How does machine learning benefit security?
How do you build a diverse team to catch threats?
What’s the next innovation in security research?

Resources:

Hardik’s blog post

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Unmasking Malicious Scripts With Machine Learning

Wed, 14 Oct 2020 07:03:00 GMT

There are all kinds of powerful features baked into the Windows operating system. One of them is the Antimalware Scan Interface or AMSI. In this episode, hosts Nic Fillingham and Natalia Godyla speak with Ankit Garg and Geoff McDonald of the Microsoft Defender ATP Research Team to learn how AMSI operates, and how they’re utilizing ML to stop attacks.

Then they speak with Dr. Josh Neil, a Principal Data Science Manager at Microsoft, about his unique path from music to data security, and why his team is sniffing through weak signals to detect attack patterns.

In This Episode, You Will Learn:

How AMSI protects against threats
How machine learning makes it easier to catch attacks
The way security experts think about attack methodology
How computers can think unlike human brains to solve problems
The innovations coming to the world of data science

Some Questions We Ask:

What is AMSI?
How do you differentiate between the benign and malicious?
What’s next for cloud machine learning?
How do define AI
How does music theory impact your work?

Resources:

Ankit & Geoff’s blog post

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.

Hosted on Acast. See acast.com/privacy for more information.

Going Deep to Find the Unknown Unknowns

Wed, 14 Oct 2020 07:01:00 GMT

In this episode, hosts Nic Fillingham and Natalia Godyla speak with Arie Agranonik, a Senior Data Scientist in the Microsoft Defender ATP Research team, about building models using deep learning to protect against malicious attacks. It’s complicated work, requiring huge computing power and even larger amounts of data, and it could be the future of threat protection.

They also speak with Holly Stewart, a Principal Research Lead at Microsoft, on how building a security team with different perspectives helps to better understand and stop threats. Plus, her journey from the Peace Corps to Microsoft, and how that informs her decision-making.

In This Episode, You Will Learn:

The difference between deep learning, machine learning and AI
Why it’s so difficult to program a computer to think like a human
How adversarial models learn from each other to prevent attacks
Why the best security teams are made up of those with different perspectives
How data science can train machines to find things humans were not thinking about

Some Questions We Ask:

What is deep learning?
Does a neural network mimic the way the human brain functions?
How are behavioral observations evolving to combat sophisticated attacks?
How do AI and ML factor into solving complicated security problems?
What’s next on the horizon for data science?

Resources:

Arie’s blog post

View Arie Agranonik on LinkedIn