- Microsoft is unveiling a new Microsoft 365 tool that would let businesses spot “internal risks,” including the mishandling or theft of company files.
- Microsoft Chief Information Security Officer Bret Arsenault said the new technology, called Microsoft Insider Risk Management, uses AI and machine learning to allow businesses to monitor the way information flows within a network.
- The tool would enable a business to quickly identify risks, including unintentional transfer or storage of files, that could lead to improved security and workplace policies.
- “It’s not just about finding the malicious insider,” he said. “Over half the value is just from finding the inadvertent things that are happening. It allows you to shape and drive your culture by making people aware, ‘Oh, I didn’t know, I wasn’t supposed to do that. But now I do.”
- Click here for more BI Prime stories.
Hackers using increasingly sophisticated tools and tactics to break into their networks is a major headache for businesses. Bret Arsenault, Microsoft’s chief information security officer, is also pointing to another danger: the threats from within.
These “internal risks” range from inadvertent mishandling of a sensitive file to the theft of company secrets, sometimes by a departing employee. This week, Microsoft said it now has a better way to take these on with a new Microsoft 365 tool, called “Microsoft Insider Risk Management,” which tracks the way information flows within a network, and to quickly identify potential risks.
“Many of us were focused on external adversaries and I don’t think it’s a mistake,” Arsenault told Business Insider. “But we realized we also have a real issue with insider threat. You have thousands of people that are inside your organization as employees, approved vendors logging into your systems all the time. And therefore, it makes sense to be concerned about those people.”
The new cloud-based tool offers a more efficient way of flagging risk, Arsenault said. This is especially true in the case of departing employees suspected of stealing sensitive files, he said. Arsenault cited cases in the semiconductor industry where an employees left one company to join another and stole intellectual property from a company.
Tallah Mir, a Microsoft product manager, said a typical company practice is to “bring all the signals to this magic box, and I’ll see what looks like suspicious activity.”
“They come in and they say, ‘Look, here’s a big pop, and I want you to throw anything and everything in the kitchen sink at it.'” Mir told Business Insider. “And I’ll see if I can find something suspicious. That’s boiling the ocean.”
Arsenault said that, in the past, some companies perform an audit shortly before or right after the employee leaves, which can lead to errors, including, especially “false positives.”
“To be honest, there’s a little bit like looking for a needle in a haystack when you’re trying to do it in the old model,” Arsenault said. “The new model is much more proactive where it’s continuously using the signals to let us know…It’s like finding a polar bear in a snowstorm or a blizzard. We have this amazing capability to separate signals to noise.”
For example, a system may flag an employee who downloaded a huge amount of data. “But if it’s their 40 megabytes of data that’s not confidential or critical, and they were storing their pictures in it, it’s a huge waste of time to go look at that stuff,” Arsenault said.
The Microsoft tool gives a business the ability to monitor information flow in real time. The technology allows a company to define the risky practices to look out for.
“It’s not going to raise things to you unless you tell it to look for specific things,” Mir said. “You can come in and say things like, ‘Yes, I want you to look at their download activity. Yes, I want you to look at their copying activity. No, I don’t want you to look at their email.'”
‘Not just about finding the malicious insider’
Alym Rayani, a senior director for Microsoft’s 365 product, said a business may focus on a specific security concern. For example, it could flag activities related to a specific company project.
“I know that’s a super secret project that’s supposed to be protected,” he told Business Insider. “It’s not what you want outside the organization. And clearly this file has been downloaded. So now I know this is a serious issue. I now need to get folks involved from HR from legal and started going through the process.”
But Arsenault said the Microsoft tool isn’t just about stopping intellectual property theft and other malicious acts. It can also help them come up with better policies related to the way information is stored and managed within the organization.
“It is not just about finding the malicious insider,” he said, noting that the Microsoft tool can also pinpoint “the inadvertent things that are happening,” including practices that lead to the mishandling of data.
“When we say inadvertent it still has potential ramifications,” he said. The Microsoft tool can be used to fine-tune the way the organization works, “by making people aware, ‘Oh, I didn’t know, I wasn’t supposed to do that. But now I do.’ And then they spread the word and it becomes part of our training.”
Got a tip about Microsoft or another tech company? Contact this reporter via email at firstname.lastname@example.org, message him on Twitter @benpimentel or send him a secure message through Signal at (510) 731-8429. You can also contact Business Insider securely via SecureDrop.
Join the conversation about this story »
NOW WATCH: Apple forever changed the biggest tech event of the year by not showing up