Microsoft published a fascinating blog post

In the blog post, they said they were experimenting with "novel approaches" when it comes to harnessing the power of AI to spot threats on the threat landscape before they become a problem.

In particular, the company is focused on stopping ransomware attacks while they're still in their earliest stages.

To get even more fine-grained than that, they are specifically targeting human-operated ransomware campaigns. They note that there are certain indicators in common where human-operated ransomware campaigns are concerned, and these commonalities can be used to stop future attacks.

The example that Microsoft gives in their blog post is that of a hacker who has stolen the network credentials of a company.  They will first log in to test those credentials, and once inside, will almost certainly move about inside the network in ways that the proper owner of those credentials would not.


Areas that AI can focus on

This creates specific data points that the AI can be on the alert for.

Broadly speaking, these fall into three categories: Time based, Graph based, and Device based.

An example of a time-based data point would be if the hacker logged in to test the credentials at 3:00 in the morning and the owner of those credentials historically logs in at 8:00 am.

Graph-based patterns are the graphical representation of physical moves across a network space, plotted against expected moves.

And device-based data points are exactly what they sound like.  The AI would expect that the owner of the stolen credentials would log in from his or her workstation and not a laptop hidden behind layers of proxies, which is suspicious in and of itself.


My perspective

It's a great idea, though Microsoft is quick to point out that it is still very much in its infancy.  Even so, it's easy to see how this could become an indispensable tool.


We will soon be saying: "It's alive! It's alive!"


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short.

For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work-at-home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.


Contact me if you would like me to speak to your association