{"id":25836,"date":"2018-06-15T20:38:22","date_gmt":"2018-06-15T20:38:22","guid":{"rendered":"https:\/\/news.microsoft.com\/?p=408771"},"modified":"2018-06-15T20:38:22","modified_gmt":"2018-06-15T20:38:22","slug":"geekwire-inside-the-private-event-where-microsoft-google-salesforce-and-other-rivals-share-security-secrets","status":"publish","type":"post","link":"https:\/\/sickgaming.net\/blog\/2018\/06\/15\/geekwire-inside-the-private-event-where-microsoft-google-salesforce-and-other-rivals-share-security-secrets\/","title":{"rendered":"GeekWire: \u2018Inside the private event where Microsoft, Google, Salesforce and other rivals share security secrets\u2019"},"content":{"rendered":"

\"\"
Speaking this week on the Microsoft campus, L-R: Erik Bloch, Salesforce security products and program management director; Alex Maestretti, engineering manager on the Netflix Security Intelligence and Response Team; David Seidman, Google security engineering manager; and\u00a0Chang Kawaguchi, director for Microsoft Office 365 security. (GeekWire Photos \/ Todd Bishop)<\/figcaption><\/figure>\n<\/p>\n

REDMOND, Wash. \u2014 At first glance, the gathering inside Building 99 at Microsoft this week looked like many others inside the company,\u00a0as technical experts shared hard-earned lessons for using machine learning to defend against hackers.<\/p>\n

\"\"
Ram Shankar\u00a0Siva Kumar, Microsoft security data wrangler, spearheaded the event.<\/figcaption><\/figure>\n

It looked normal, that is, until you spotted the person in the blue Google shirt addressing the group, next to speakers from Salesforce, Netflix and Microsoft, at a day-long event that included representatives of Facebook, Amazon and other big cloud providers and services that would normally treat technical insights as closely guarded secrets.<\/p>\n

As the afternoon session ended, the organizer from Microsoft, security data wrangler Ram Shankar Siva Kumar<\/a>, complimented panelist Erik Bloch,<\/a> the\u00a0Salesforce security products and program management director, for \u201creally channeling the Ohana spirit,\u201d referencing the Hawaiian word for \u201cfamily,\u201d which Salesforce uses to describe its internal culture of looking out for one another.<\/p>\n

It was almost enough to make a person forget the bitter rivalry between Microsoft and Salesforce<\/a>.<\/p>\n

Siva Kumar then gave attendees advice on finding the location of the closing reception. \u201cYou can Bing it, Google it, whatever it is,\u201d he said, as the audience laughed at the rare concession to Microsoft\u2019s longtime competitor.<\/p>\n

It was no ordinary gathering at Microsoft, but then again, it\u2019s no ordinary time in tech. The\u00a0Security Data Science Colloquium brought the competitors together to focus on one of the biggest challenges and opportunities in the industry.<\/p>\n

Machine learning, one of the key ingredients of artificial intelligence, is giving the companies new superpowers to identify and guard against malicious attacks on their increasingly cloud-oriented products and services. The problem is that hackers are using many of the same techniques to take those attacks to a new level.<\/p>\n

\"\"
Dawn Song, UC Berkeley computer science and engineering professor.<\/figcaption><\/figure>\n

\u201cThe challenge is that security is a very asymmetric game,\u201d said Dawn Song<\/a>, a UC Berkeley computer science and engineering professor who attended the event. \u201cDefenders have to defend across the board, and attackers only need to find one hole. So in general, it\u2019s easier for attackers to leverage these new techniques.\u201d<\/p>\n

That helps to explain why the competitors are teaming up.<\/p>\n

\u201cAt this point in the development of this technology it\u2019s really critical for us to move at speed to all collaborate,\u201d explained Mark Russinovich<\/a>, the Microsoft Azure chief technology officer.\u00a0\u201cA\u00a0customer of Google is also likely a customer of Microsoft, and it does nobody any good or gives anybody a competitive disadvantage to keep somebody else\u2019s customer, which could be our own customer, insecure. This is for the betterment of everybody, the whole community.\u201d<\/p>\n

[Editor\u2019s Note: Russinovich is a keynoter at the GeekWire Cloud Tech Summit<\/a>, June 27 in Bellevue, Wash.]<\/p>\n

This spirit of collaboration is naturally more common in the security community than in the business world, but the colloquium at Microsoft has taken it to another level.\u00a0GeekWire is the first media organization to go inside the event, although some presentations weren\u2019t opened up to us, due in part to the sensitive nature of some of the information the companies shared.<\/p>\n

The event, in its second year, grew out of informal gatherings between Microsoft and Google, which resulted in part from connections\u00a0Siva Kumar made on long-distance runs with Google\u2019s tech security experts. After getting approval from his manager, he brought one of the Google engineers to Microsoft two years ago to compare notes with his team.<\/p>\n

\"\"
The closing reception for the Security Data Science Colloquium at Microsoft this week. (GeekWire Photo \/ Todd Bishop)<\/figcaption><\/figure>\n

Things have snowballed from there. After the first event, last year, Siva Kumar posted about the colloquium,<\/a>\u00a0describing it as a gathering of \u201csecurity data scientists without borders.\u201d As the word got out, additional companies asked to be involved, and Microsoft says this year\u2019s event was attended by representatives of 17 different tech companies in addition to university researchers.<\/p>\n

The event reflects a change in Microsoft\u2019s culture under CEO Satya Nadella, as well as a shift in the overall industry\u2019s approach. Of course, the companies are still business rivals that compete on the basis of beating each other\u2019s products. But in years or decades past, many treated security as a competitive advantage, as well. That\u2019s what has changed.<\/p>\n

\u201cThis is not a competing thing. This is not about us trying to one up each other,\u201d Siva Kumar said. \u201cIt just feels like, year over year, our problems are just becoming more and more similar.\u201d<\/p>\n

\"\"
Siamac Mirzaie of Netflix presents at the event. (GeekWire Photo \/ Todd Bishop)<\/figcaption><\/figure>\n

In one afternoon session this week, representatives from Netflix, one of Amazon Web Services\u2019 marquee customers, gave detailed briefings on the streaming service\u2019s internal machine learning tools, including its \u201cTrainman\u201d system for detecting and reporting unusual user activity.<\/p>\n

Developing and improving the system has been a \u201chumbling journey,\u201d said Siamac Mirzaie<\/a> from the Netflix Science & Analytics Team, before doing a deep dive on the technical aspects of Trainman.<\/p>\n

Depending on the situation, he said, Netflix uses either Python, Apache Spark or Flink to bring the data into its system and append the necessary attributes to the data. It then uses simple rules, statistical models and machine learning models to detect anomalies using Flink or Spark, followed by a post-processing layer that uses a combination of Spark and Node.js.\u00a0That\u2019s followed by a program for visualizing the anomalies in a timeline that people inside the company can use to drill down into and understand specific events.<\/p>\n

\u201cThe idea is to refine the various data anomalies that we\u2019ve generated in the previous stage into anomalies that our application owner or security analyst can actually relate to,\u201d\u00a0Mirzaie said.<\/p>\n

The stakes are high given the $8 billion that Netflix is expected to spend on content this year.<\/p>\n

But the stakes might be even higher for Facebook. The social network, which has been in the international spotlight over misuse of its platform by outside companies and groups, says it uses a combination of automated and manual systems to identify fraudulent and suspicious activity.<\/p>\n

Facebook, which\u00a0held a similar event of its own in April,<\/a>\u00a0was among the companies that presented during the gathering at Microsoft this week. Facebook\u00a0recently announced<\/a> that it used new machine learning practices to detect more than 500,000 accounts tied to financial scams.<\/p>\n

\"\"
Mark Russinovich, Microsoft Azure CTO, in his conference room on the company\u2019s Redmond campus this week. (GeekWire Photo \/ Todd Bishop)<\/figcaption><\/figure>\n

During his keynote, Microsoft\u2019s Russinovich talked in detail about Windows PowerShell, the command-line program that is a popular tool for attackers in part because it\u2019s built into the system. Microsoft\u2019s Windows Defender Advanced Threat Protection is designed to detect suspicious command lines, and Microsoft was previously using a traditional model that was trained to recognize potentially malicious sequences of characters.<\/p>\n

\u201cThat only got us so far,\u201d Russinovich said in an interview.<\/p>\n

After brainstorming ways to solve the problem, the company\u2019s security defense researchers figured out how to apply deep neural networks, more commonly used in vision-based object detection, for use in PowerShell malicious script detection, as well. They essentially came up with a way to encode command lines to make them look like images to the machine learning model, Russinovich explained. The result surpassed the traditional technique \u201cby a significant amount,\u201d he said.<\/p>\n

At the closing panel discussion, David Seidman<\/a>, Google security engineering manager, summed up the stated philosophy of the event. \u201cWe are not trying to compete on the basis of our corporate security,\u201d he said. \u201cGoogle is not trying to get ahead of Microsoft in the cloud because Microsoft got compromised. That\u2019s the last thing we want to see.\u201d<\/p>\n

\u201cWe are fighting common enemies,\u201d Seidman added. \u201cThe same attackers are coming after all of us, and an incident at one company is going to affect that customer\u2019s trust in all the cloud companies they do business with. So we have very much aligned interests here.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

Speaking this week on the Microsoft campus, L-R: Erik Bloch, Salesforce security products and program management director; Alex Maestretti, engineering manager on the Netflix Security Intelligence and Response Team; David Seidman, Google security engineering manager; and\u00a0Chang Kawaguchi, director for Microsoft Office 365 security. (GeekWire Photos \/ Todd Bishop) REDMOND, Wash. \u2014 At first glance, the […]<\/p>\n","protected":false},"author":2,"featured_media":25837,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[86,50],"class_list":["post-25836","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-news","tag-in-the-news","tag-recent-news"],"_links":{"self":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/25836","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/comments?post=25836"}],"version-history":[{"count":0,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/25836\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media\/25837"}],"wp:attachment":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media?parent=25836"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/categories?post=25836"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/tags?post=25836"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}