Security Unlocked

Share

Threat Modeling for Adversarial ML

Ep. 7

How ready is your corporate security team to handle AI and ML threats? Many simply don’t have the bandwidth or don’t see it as a priority. That’s where security engineers like Microsoft’s Andrew Marshall step in. In this episode, hosts Nic Fillingham and Natalia Godyla speak with Andrew about just what his team is doing to teach security professionals and policy makers about the dangers of AI and ML attacks, and walks through some of the documentation, available for free online, that can help guide the response. Plus, why he really, really doesn’t want to talk about Windows Vista. 

  

Nic and Natalia then explore what it’s like to hunt down threats with Sam Schwartz, a program manager with Microsoft Threat Experts. She came to Microsoft right out of college and didn’t even know what malware was. Now, she’s helping coordinate a team of threat hunters on the cutting edge of attack prevention. 

  

In This Episode, You Will Learn:   

• Why data science and security engineering skills don’t necessarily overlap 

• How attackers are using ML to change decision making 

• What security teams are doing to protect AI and ML systems 

• How threat hunters are tracking down the newest security risks 

• Why Microsoft Threat Experts are focused on human adversaries, not malware 

  

Some Questions We Ask:   

• What does the ML landscape look like at Microsoft? 

• How are ML attacks evolving? 

• What is ‘data poisoning’? 

• Why do threat hunters need to limit the scope of their work? 

• What skills do you need to be a security program manager? 


Resources


Threat Modeling AI Systems and Dependencies 


Andrew’s LinkedIn:

https://www.linkedin.com/in/andrew-marshall-47334969/


Sam’s LinkedIn:

https://www.linkedin.com/in/scschwa/


Nic’s LinkedIn:

https://www.linkedin.com/in/nicfill/ 


Natalia’s LinkedIn:

https://www.linkedin.com/in/nataliagodyla/


Microsoft Security Blog:

https://www.microsoft.com/security/blog/


Transcript

(Full transcript can be found at https://aka.ms/SecurityUnlockedEp07)


Nic Fillingham:

Hello, and welcome to Security Unlocked, a new podcast from Microsoft, where we unlock insights from the latest in news and research from across Microsoft security engineering and operations teams. I'm Nic Fillingham.


Natalia Godyla:

And I'm Natalia Godyla. In each episode, we'll discuss the latest stories from Microsoft security, deep dive into the newest threat intel research and data science.


Nic Fillingham:

And profile some of the fascinating people working on artificial intelligence in Microsoft security. If you enjoy the podcast, have a request for a topic you'd like covered, or have some feedback on how we can make the podcast better...


Natalia Godyla:

Please contact us at securityunlocked@microsoft.com, or via Microsoft Security on Twitter. We'd love to hear from you.


Nic Fillingham:

Hello, Natalia, welcome to episode seven of Security Unlocked. How are you?


Natalia Godyla:

I'm doing well. Refreshed after Thanksgiving break. What about yourself? Did you happen to eat the pork that you were planning? Those bratty pigs?


Nic Fillingham:

The bratty pigs actually have survived for another day. They live to tell another tale to eat more of my home delivered fresh produce, but we did eat a duck that we farmed on our farm. So that's the second time we've been able to enjoy some meat that we grew on the farm, the little mini farm that we live on, so that was pretty exciting.


Natalia Godyla:

Yeah. That's been the goal all along, right? To be self-sustaining?


Nic Fillingham:

To some degree. Yeah. So we achieved that a little bit over Thanksgiving which was cool. How about you, what'd you do over your Thanksgiving break?


Natalia Godyla:

Well, I made apple bread. Oh, there's a special name for the Apple bread, but I forgot it. Pull-apart Apple bread. And I spent a lot of time on WolframAlpha.


Nic Fillingham:

You spent a lot of time on WolframAlpha? Did your firewall break and it was the only accessible website? How did you even get to WolframAlpha?


Natalia Godyla:

WolframAlpha is like Sporcle. It's like if you have time, you get to play with their technology and they've got...


Nic Fillingham:

Sporcle? Sorry, Sporcle?


Natalia Godyla:

What? Do you not know Sporcle?


Nic Fillingham:

I'm really old. You'll have to explain that one to me. Is this a millennial thing?


Natalia Godyla:

Wow. Okay.


Nic Fillingham:

Bring me up to speed on Sporcle.


Natalia Godyla:

Sporcle is like fast, quick trivia games that you play with a group in one person just types in the answers while you're running through it.


Nic Fillingham:

I thought it was when you take a fork and a spoon and you dip them in glitter. Anyway, so you're on Sporcle, and you're like, "I've completed Sporcle. What's next?"


Natalia Godyla:

And you go to WolframAlpha. That's the next step?


Nic Fillingham:

So, what did you pose to WolframAlpha?


Natalia Godyla:

All right, at what point does a cat's meow become lethal to humans? Good question, right?


Nic Fillingham:

At what point does a cat's meow become lethal to a human? When it's connected to a flame thrower? When the meow is a series of poison darts? What does that mean?


Natalia Godyla:

There are a lot of use cases for cats. In this one, it's how high the decibel of their meow is, because that can eventually hurt a human. But it's really about spacing. Where you put the cat is very critical.


Nic Fillingham:

The question was how loud can I make a cat's meow, so that it hurts a human?


Natalia Godyla:

A well-trained army of cats that meow at the exact same time, synchronized cats.


Nic Fillingham:

Oh, a synchronized army of cats, all directed at a single person. Would their collective uber meow, would that serve as a rudimentary weapon? That was your question?


Natalia Godyla:

Yes.


Nic Fillingham:

And? Answer?


Natalia Godyla:

Theoretically, but it depends on how far away all the cats end up being. I'm now thinking that I should have just like planned to capture the cat's meows in a can or something.


Nic Fillingham:

Capture them in a can. What does that mean?


Natalia Godyla:

Like a can of whoopass.


Nic Fillingham:

Who would capture a cats meow in a can? Okay, Professor Farnsworth.


Natalia Godyla:

You can tell I'm not the expert on these podcasts.


Nic Fillingham:

So hang on, did you work out how many cats you needed in a single location to produce a loud enough meow to hurt somebody? Do you know the answer to this question?


Natalia Godyla:

No. No. I was more focused on total and I don't also know the answer to the question.


Nic Fillingham:

All right, to all the mathematicians out there and audiologists who have dual specialties into the capturing of cat meows into cans, and then the math required to multiply them into a focused beam of uber meow as a rudimentary weapon, please send us an email, securityunlocked@microsoft.com. Oh, Oh, segue, segue. We have email, we have email. We got messages from people who've been listening to the show and they send some very nice things, which is great. And they also gave us some topics they would like us to cover on the show, and we're going to cover one of them today.


Nic Fillingham:

Shout out to Ryan and to Christian and to Tyler who all asked us to continue to thread on adversarial ML and protecting AI systems. We're doing that exactly today on this episode. We have Andrew Marshall joining us, who is going to absolutely continue to thread that Sharon Xia started a couple episodes back talking about protecting AI systems in the MDDR report, and then who are we talking to Natalia?


Natalia Godyla:

Sam Schwartz. So she is a security PM at Microsoft and works directly with the Microsoft Threat Experts Team to deliver managed services to our customers. So she helps to provide threats Intel back to customers and is working on scaling that out, so that more and more customers can benefit from the billions of signals that we have, that we then apply to the data that we get from customers, in order to help identify threats. On to the podcast.


Nic Fillingham:

Welcome to the Security Unlocked Podcast, Andrew Marshall. Thank you for joining us.


Andrew Marshall:

Thank you. It's great to be here. Appreciate you having me on today.


Natalia Godyla:

Yeah, definitely. So why don't we start off by chatting a little bit about your role at Microsoft. Can you let us know what your day to day looks like?


Andrew Marshall:

Sure. So I'm a Principal Security Program Manager in the Customer Security and Trust Organization at Microsoft. My role is a little bit different from a lot of people who are security engineers. I'm not part of a product group. Instead, I work across the company to solve long-tail security engineering problems that maybe one particular group may not have the authority to lead all up. So I do a variety of different things, like killing off old cryptographic protocols, where we have to bring the entire company together to solve a problem.


Andrew Marshall:

And lately, I'd say the past two or three years in particular, my focus has been AI and ML. In particular, the security issues that are new to the space, because it brings an entirely new threat landscape that we have to deal with. And we have to do this as an entire company. So it was another one of those cross-company security engineering challenges that I really enjoy to tackle.


Natalia Godyla:

And what does the ML landscape look like in Microsoft? So if it's cross-company how many models are you looking at? How many different groups are using ML?


Andrew Marshall:

It's a really all over the place. And by that, I mean everybody's using it. And it really is pretty much in universal usage across the engineering groups. And while there's been a big focus to everybody, whether it's in Microsoft or elsewhere, everybody's been interested in jumping on this bandwagon. But as the past couple of years, we've started to see that there are specific security issues that are unique to AI and machine learning, that we're only now, as an industry, are starting to see come out of the world of research-driven, proof of concept contrivances, where somebody created a research paper and a vulnerability that they had to make a bunch of leaps to justify. The pivot is occurring now from that into actual weaponized exploitation of these attacks.


Andrew Marshall:

So what we're trying to solve here from a security perspective is with this worldwide rush to jump on the AI and ML bandwagon, what is the security debt around that? What are the new products and features and detections and mitigations that we need to build as a company to solve these issues for ourselves and for the world? One of those things is really focused on education right now, because we've published a series of documents that we made, we can publish them externally. We've got a machine learning threat taxonomy, which covers the intentional and unintentional threats that are specific to machine learning. We've got some documents that were built on top of that. One of which was called Threat Modeling AI/ML Systems and Dependencies.


Andrew Marshall:

And this is a foundational piece of security engineering education work that's being used at Microsoft right now. The issue being security engineers, who have been... you can be a great security engineer, with tons of experience. You could have been doing this for 15 years, or more, but it most likely also means you don't have any data science expertise, or familiarity. So security engineers and data scientists are not two skillsets that often overlap. Ann Johnson calls them, "platinum unicorns", because that's just this mythical creature that nobody really seems to see. But the idea here is that we want all of our security engineers across the company to be intimately familiar with these net new security threats, specific to AI and ML.


Andrew Marshall:

But here's the problem with all of that. This is such a nascent field, still, especially machine learning specific InfoSec, that if you are going to address these problems today, what you need is you need automation. You need new development work to be able to detect a lot of these attacks, because of the way that they occur. They can either be direct attacks against our model, or they can be attacks against the data that is used to create the model. The detections are very primitive, if they exist at all, and the mitigations are very bespoke. So that means if you find a need to mitigate one of these machine learning threats right now, it means you're probably going to have to design that detection or that mitigation specific to your service in order to deal with that issue. That's not a scalable solution for any company.


Andrew Marshall:

So where we need to be is we need to get the detections and mitigations for these machine learning specific threats, get them to be transparent, on by default, inherited by the nature of using the. Platform where it just works under the hood, and you can take it for granted, like we take for granted all of the compiled in threat mitigations that you get when you build code in Visual Studio. So for example, Visual Studio, if you build code there, you inherit all of these different compiled in threat mitigations. You don't have to be a security engineer or know anything about this stuff, but you get all of that goodness just by nature of using the platform. It's on by default and you're oblivious to it. And that makes it easy to use. So, that's where we need to get with this threat landscape too. That's just a very exciting, very challenging space to be a part of.


Nic Fillingham:

Well, I think we're done. Thanks very much, Andrew. No, joking. Wow, so much there. Thank you for that intro. So I think my first question is this conversation we're having is following one that we have with Sharon Xia recently talking about the machine learning insecurity section that was in the recently published Microsoft Digital Defense Report. You're referring to the threat modeling AI systems and dependencies work that's up on the docs page. We'll put a link to that in show notes. When we spoke to Sharon, she really called out upfront, and I think you've just really emphasized that the sort of awareness... This is a very nascent topic. And especially at the customer level, awareness is very low and there needs to be awareness in this field. So I think what is Microsoft doing... First, maybe what is Microsoft's role in promoting awareness of this new category and what are we doing there?


Andrew Marshall:

So we have a role on a couple of fronts here, both within the company and more broadly, within industry and with different governments and customers around the world. So our responsibility is to act... Internally, we'll help shaping not only the educational efforts within the company, but also the research and engineering investments that are made in order to address these issues and solve these problems in this space. There's a policy shaping side of that as well, which is working with governments and customers around the world to help them shape meaningful, actionable policy. That policy in any kind of space can be a dumping ground for good intentions. So whenever people are working on some kind of new policy or some kind of new standard, we always want to make sure that everything is as practical and as actionable as it can be with... And has to be really crisp because you can't have ambiguous goals. You have to have exit criteria for all of these things.


Andrew Marshall:

And the reason I'm elaborating on that is because my team in the company owns the security development lifecycle. And we're very, very careful about new security requirements that get introduced into that so much so to the point that we try not to introduce new security requirements there, unless we've got some kind of automation already ready to roll for people to use. And that way, we can just tell them, "Hey, this is now a mandatory thing that you have to do, but it's really just run this tool and fix these errors. It's not some kind of new manual attestation or big painful exercise to go through." And that's how we can keep adapting the SDL policy. On the responsible AI side and AI and ethics, we've got... This responsible AI standard that we're working on is basically the guiding principles around responsible AI for Microsoft in terms of how we deal with bias and fairness and transparency and reliability and safety issues as they relate to AI, as well as to security. And this is another element of policy that's being shaped within the company.


Nic Fillingham:

So you mentioned that very few of these guidances have been automated. Obviously, one of the goals is probably, I assume, to get them automated into toolsets and into SDL. So let's... I'm going to put a customer hat on. I'm a customer of Microsoft. How should I feel about the work that Microsoft is doing to secure its own AI and ML systems? So obviously, we're practicing what we preach here and putting these guidances into place. How is success being measured? Or what are the metrics that we're using to, be it manually or automated, to make sure that our own AI and ML systems are protected?


Andrew Marshall:

We're spinning up significant research and engineering investments across the company specifically to tackle these kinds of problems. Part of that is largely security. And it's part of this broader series of AI and ethics investments that we're making, but the security issues in particular, because we know that we've got customers reporting these kinds of things, and because we know that we've got our very own specific concerns in this space, we're putting together roadmaps to deal with these kinds of issues as specific sets of new product features and threat detections and mitigations in this space.


Andrew Marshall:

We understand that you can't catch any of these things manually. It takes automation to catch any of this stuff. So that gives us a roadmap of engineering investments that we can prioritize and work directly with engineering groups across the company to go solve that. And the idea here being that when we deliver those solutions, they're not just available to Microsoft services, but they'll be made available to customers of Microsoft as well.


Natalia Godyla:

So, Andrew, how are we seeing these attacks start to evolve already? So if you could talk us through a couple of examples, like data poisoning, that would be awesome.


Andrew Marshall:

Oh, I'd love to. So data poisoning is something that we've seen our own customers impacted by because as we point out in our threat modeling guidance, there's a tremendous over-reliance on using public uncurated data feeds to train machine learning models. Here's an example of a real situation that did happen. So a customer was aggregating trading data feeds for a particular futures market. Let's just say it was oil. And they're feeding these training data feeds from different trading institutions, brokerages, or trading websites or whatever. They're taking all this stuff over a secure channel, they're generating a machine learning model from it. And then they're using that ML model to make some really high consequence decisions like is this location a good place to drill for oil or bid on rights by which you can drill for oil? Or do we want to take a long position or a short position in the oil futures market?


Andrew Marshall:

So they're essentially trusting the decisions that come out of this machine learning model. And what's the nature of futures trading data feeds there's new data every day, so they're constantly incorporating this new data. Talking about the blind reliance on this untrusted data, even though it was over a secure channel, one of the training data providers was compromised not in a way that resulted in the website being shut down, but what happened was their data was contaminated. The data that they were sharing with everybody else. Unless you're actively monitoring for something like this as the provider of that data, there's no way that you're going to know that you're sending out that data to everybody else.


Andrew Marshall:

So if the providers are unaware of the compromise, then the consumer of the data is also going to be equally as oblivious to the fact. So what happens is over time, that data became trusted high confidence garbage within that trading data model. So then that led to these decisions like drilling for oil in the wrong place or longing the futures market when they should have been shorting it and vice versa. So the point here is without automation to detect that kind of data poisoning attack, you don't know anything went wrong until it blows up in your face.


Natalia Godyla:

It really gives you perspective because I feel like normally when you're hearing about cyber attacks, you are hearing about data being stolen and then sold or money itself being stolen. But in the case that you just explained, it's really about altering decision-making, it wasn't just direct money stealing.


Andrew Marshall:

That was an interesting case because we're also thinking, all right, well, was it a targeted attack against the consumer or the people building machine learning models? How did the attacker know that? Were they looking to see what kind of outcomes this would generate? Is this the only place that they were doing that? Of course the data provider doesn't know. That's one of the more interesting, more insidious attacks that we've seen because we've got to create new types of tools and protections in order to even detect that kind of stuff in the first place. So you're looking for... As your machine learning models are being built, you're looking at taking on new data and looking for statistically significant drift in certain parts of the data that deviate from what looks normal and the rest of your data, and we're looking at ways of solving that. And that's an interesting space. So, yeah.


Natalia Godyla:

So you noted that one of the potential reasons that the threat actor was playing around with that ML system for that customer example was because they were also just trying to figure out what they could do. So if it's so nascent then threat actors, are they in a similar place as us? Are they ahead of us?


Andrew Marshall:

Well, we've already had that pivot from contrived research exploits where people are just trying to show off. We've already had that pivot into actual exploitation. So I don't know how to go back and attribute the level of attacker sophistication there. I don't think it was actually... In the attack that I mentioned here, the oil company scenario, that was compromised through traditional security vulnerabilities of that data provider. And I think the jury is still out on the final attribution of all of that, as well as the level of attacker sophistication or if... What would be even more interesting than all of that is really what other customers of that data provider were compromised in this and building machine learning models that were contaminated by that data. Think about hedge funds, who else was compromised by this and never even found out? Or who else had a model blow up in their face? That'd be a very interesting thing to see.


Nic Fillingham:

The question I wanted to wrap up with, Andrew, is make me feel like we're on a good path here. Like, can we end on a high note? We talked about a lot of very serious scenarios and the consequences for adversarial ML. And obviously it's very important and very nascent, but should I feel like the good guys are winning? Should I feel like we've got good people on this? We're making great progress? That we should feel confident in AI and ML systems in-


Andrew Marshall:

Yeah, absolutely.


Nic Fillingham:

The second half of 2020?


Andrew Marshall:

That's our entire focus with the AI and ethics and engineering and research group. We are bringing the entire weight of Microsoft to bear around these issues from a research, engineering, and policy perspective. And we want to solve all these issues so that you do have trustworthy interactions with all of our products. And that's an essential thing that we realized collectively as a company that has to happen where people won't use these kinds of products. If it doesn't generate an outcome that you can trust is going to be accurate and free of bias and something that you can rely on, then people just won't use those things. So we've got the AI and security centers of gravity working across the company with research and policy experts to tackle these issues. It's a fascinating time to be a part of this. I think that... I just had my 20 year anniversary last month, and I think this is about the most fun I've had period in the past 20 years working on this stuff now.


Nic Fillingham:

It wasn't the launch of Windows Vista?


Andrew Marshall:

I have so many horror stories from that. We really don't want to air those.


Nic Fillingham:

Well, that's awesome. Gosh, what was I... I had this great question I was going to ask you and then the Vista joke popped in and now my brain is mulched.


Natalia Godyla:

I love how that took priority.


Nic Fillingham:

Like the most intelligent question I'm going to ask the entire interview and it's like just a joke bonk.


Andrew Marshall:

I have some very, very funny stories from Vista, but none that are appropriate for here.


Nic Fillingham:

Well, we may have to bring you on another time, Andrew, and try and sanitize some of those stories because the statute of limitations has surely run out on having to revere every single release of Windows. Surely we can make fun of Vista soon, right?


Andrew Marshall:

I'm sure we can.


Nic Fillingham:

So, Andrew, final question, where do you recommend folks go to learn more about this space and keep up to speed with any of the advancements, new taxonomy, new guidelines that come out?


Andrew Marshall:

I would definitely keep tabs on the Microsoft Security blog. That's going to be the place where we drop all of the new publications related to anything in this space and connect you with security content more broadly, not just AI and ML specific, but yeah, the Microsoft Secure Blog, that's where you want to be.


Nic Fillingham:

Great. Thanks Andrew Marshall for your time. We'll also put a link up to the guidelines on the doc's page.


Andrew Marshall:

All right. Thank you very much for having me today. It's been great.


Natalia Godyla:

And now let's meet an expert in the Microsoft Security Team to learn more about the diverse backgrounds and experiences of the humans creating AI and tech at Microsoft.


Natalia Godyla:

Hello everyone. We have Sam Schwartz on the podcast today. Welcome Sam.


Sam Schwartz:

Hi, thanks for having me.


Natalia Godyla:

It's great to have you here. So you are a security PM at Microsoft. Is that correct?


Sam Schwartz:

That is correct.


Natalia Godyla:

Awesome. Well, can you tell us what that means? What does that role look like? What is your day-to-day function?


Sam Schwartz:

Yeah, so I support currently a product called the Microsoft Threat Experts and what I am in charge of is ensuring that the incredible security analysts that we have, that are out saving the world every day, have the correct tools and processes and procedures and connections to be the best that they can be.


Natalia Godyla:

So what are some of those processes look like? Can you give a couple examples of how you're helping to shape their day to day?


Sam Schwartz:

Yeah. So what Microsoft Threat Experts does, is it as a managed threat hunting service provided by Microsoft defender ATP product and what they do is our hunters will go through our customer data in a compliant safe way, and they will find bad guys, human adversaries inside of the customer telemetry. And then they notify our customers via a service called the targeted attack notification service.


Sam Schwartz:

So we'll send an alert to our customers and say, "Hey, you have that adversary in your network. Please go do these following things. Also, this is the story about what happened, how they got there and how you can fix it."


Sam Schwartz:

So what I do is I try to make their lives easier by initially providing them with the best amount of data that they can have when they pick up an incident.


Sam Schwartz:

So when they pick up an incident, how do they have an experience where they can see all of the data that they need to see, instead of just seeing one machine that could have potentially been affected, how do they see multiple machines that have been affected inside of a single organization? So they have an easier time putting together the kill chain of this attack.


Sam Schwartz:

So getting the data and then also having a place to visualize the data and easily make a decision as to whether or not they want to tell a customer about it, does it fit the criteria? Does it not? Is this worth our time? Is this not worth our time? And then also providing them with a path to, with that data quickly create an alert to our customers so that they know what they're doing.


Sam Schwartz:

So rather than our hunters, having to sit and write a five paragraph essay about what happened and how it happened, have the ability to take the data that we already have, create words in a way that are intuitive for our customers, and then send it super quickly within an hour to two hours of us finding that behavior.


Sam Schwartz:

So all of those little tools and tracking, and metrics and easier, like creating from data, creating words, sending it to the customers, all of that is what I plan from a higher level to make the hunters be able to do that.


Nic Fillingham:

And to better understand the scale of what's happening here, like with a typical customer, what is the volume of signal or alerts or, I'm not sure what the correct taxonomy is, but what's the volume of stuff that's being monitored from the customer and then is being synthesized down to a bunch of alerts that then go and get investigated by a hunter?


Sam Schwartz:

So I don't have a per customer basis, but we have about, I think it's either 450 customers currently enrolled in our program. And unfortunately, we can't take everyone that would like to join us. Our goal is that we will eventually be able to do that, but we don't have enough people and we're still building our tooling to allow us to scale.


Sam Schwartz:

So with our 450 customers, we have every month, about 200,000 incidents that get created and we then bring that down. So some of those incidents don't get investigated because they don't meet our bar. Some of those incidents get investigated, but aren't interesting enough to actually have an alert created. And some of them even, although the alert is created, it's not actually interesting enough to send, or we've already sent something similar and it's not worth it.


Sam Schwartz:

So from those 200,000, we send about 200 to like 250 alerts a month about, but it also depends on the landscape. Like it depends on what's going on that-


Nic Fillingham:

And if I go even higher up the funnel, so before the 200,000 is it, what's the right taxonomy, is it an alert?


Sam Schwartz:

Incidents. We call them incidents.


Nic Fillingham:

... What's above an incident. What is, because I assume it's just tons and tons and tons of network logs and smaller signals that end up getting coalesced into an incident. Is that correct?


Sam Schwartz:

Yeah. So what we do is we call them traps. So what they are is they're queries that run over data that finds something super interesting. And you can think about these as similar to alerts that customers get, but much, much, much lower fidelity.


Sam Schwartz:

So for us, for our products, a trap, if it fires a hundred times and of that a hundred times, 99 of them are false positives, 99% of them are not super helpful for the customer, we're not going to send that to the customer. That's bothering them 99 times that they don't need to be bothered. But for our service, our whole thing is that we are finding that 1% that our customer doesn't know about.


Sam Schwartz:

So we have extremely low fidelity traps. Some of them are high fidelity that it can run a thousand times and only one time is it important? We want to see every a thousand times because that one time is worth it. So we have traps, I think we have about 500 of them. Some of them return thousands of results a day. Some of them won't return results for months.


Sam Schwartz:

And if that gets a hit, then those are the things that get bubbled up into our incidents. We cluster all of those trap results into the incidents, so that's ensuring that our hunters get all the information that they need when they log on, so the signals are massive. There's a massive amount. I don't even have a number.


Natalia Godyla:

I have literally so many questions.


Sam Schwartz:

Oh my God, happy to help.


Natalia Godyla:

So you said earlier, there's a bar for what the Microsoft Threat Experts will focus on. So what is in scope for them? What meets the criteria?


Sam Schwartz:

We are focusing on human adversaries. So we're not focusing much on commodity malware, as much as we are focusing on a hands-on keyboard attacker. So there are some traps that are, some of them are commodity malware, but paired with other traps so paired with other signals, that could be a hands-on keyboard person. And those are things we look at, but then maybe some of the traps on their own don't meet a bar for us to go look at.


Nic Fillingham:

Is that because commodity malware is basically covered by other products, other services?


Sam Schwartz:

(Affirmative). It's covered by our defender ATP product in general. So our hunters wouldn't be adding. Our whole point is that we have hunters who are adding context and value to the already incredible ATP product. And since ATP is already alerting and covering that, we'd rather find the things that aren't being covered.


Nic Fillingham:

So Sam, let's go back in time a little bit, so tell us about how you found yourself in the security space and maybe it's a separate story maybe it's the same story and how you got to Microsoft. We'd love to learn your journey, please.


Sam Schwartz:

It is the same story. Growing up, I loved chemistry.


Nic Fillingham:

That's too far back.


Sam Schwartz:

I know.


Nic Fillingham:

Oh, sorry. Let's start there.


Sam Schwartz:

I loved Chemistry. I loved like molecules and building things and figuring out how that all works. So when I went to college, I was like, I want to study chemical engineering. So I through my education became a chemical engineer, but I found that I really liked coding. We had to take a fundamentals class at the beginning and I really enjoyed the immediate feedback that you got from coding. Like you did something wrong, it tells you immediately that you messed up.


Sam Schwartz:

And also when you mess up and you're super frustrated and you're like, why didn't this work? Like I did it right. You didn't do it right, it messed up for a reason. And I really liked that. And I thought it was super interesting. And I found myself like gravitating towards jobs that involved coding.


Sam Schwartz:

So I worked for Girls Who Code for a summer. I worked for a Dow Chemical Company, but in their robotics division. So I was still like chemical engineering, but I got to do robots. And then when I graduated, I was like, I think I want to work in computer science. I don't like this chemical engineering. It was quite boring, even though they said it would get more fun, it never did. We ended up watching water boil for a lot of my senior year of college. And I was like, I want to join a tech company.


Sam Schwartz:

And I looked at Microsoft and they're one of the only companies that provide a program management job for college hires. So a lot of PM positions because there's a lot of high level thinking, coordinating and collaboration. A lot of PM positions are one of those, like you need experience, but in order to get experience, you have to do the job and it's like one of those weird circles and Microsoft allows college hires to do it.


Sam Schwartz:

So when I interviewed, I was like, I want to be a PM. It sounds fun to get to hang out with people. And I ended up getting the job, which is awesome.


Nic Fillingham:

Is that all you said in the interview? Just, it sounds fun to get to hang out with people?


Sam Schwartz:

Yes. I was like, this is it, this is my thing. What they did is they, in my interviews, they asked me a bunch of, they asked me a very easy coding question, I was so happy. I was so nervous that I wasn't going to get a pass that one, but that was easy. And then they asked me a design question. They asked me, "Pick your favorite technology." And me, I'm sad to say it. I feel like I'm better now looking back on myself, but I'm really not good with technology in general.


Sam Schwartz:

So they're like pick your favorite technology. And I was like, I'm going to pick a chemical engineering plant because I didn't know anything. So I picked an automation plant as my favorite technology. And they asked me a lot of questions around like, who are the customers? What would you do to change this to affect your customers? Who gets changed? How would you make it better?


Sam Schwartz:

Then I was talking specifically about a bottling plant, just because that's easy to understand. And I left that interview and my interviewer was like, I didn't know, he said, "I didn't know anything that you were talking about, but everything you said made perfect sense because it's about how can you take inputs, do something fun and then have an output that affects someone. And that's everything that we do here. Even though it's a bit obfuscated and you have a bunch of data and bad guys and hunters hunting through things, it's taking an input and creating something great from it."


Sam Schwartz:

And that's what we learned in our chemical engineering world. And I ended up getting this job and I walked on my first day and my team and they're like, "You're on a Threat Intelligence Team." I was like, "What does that mean?" And-


Nic Fillingham:

Oh, hang on. So did you not know what PM role you were actually going to get?


Sam Schwartz:

No. They told me that I was slated for the Windows. I was going to be on a Windows team. So in my head like that entire summer, I was telling people I was going to work on the start button just because like, that's what... I was like, "If I'm going to get stuck anywhere, I'm going to have to do the start button. Like that's where my-"


Nic Fillingham:

That's all there is. Windows is just now a start button.


Sam Schwartz:

I was like that what... I was guaranteed, I'm going to get the star button or like Paint. Actually, I probably would have enjoyed Paint a lot, but the start button and I came and they were like, "You're on Threat Intelligence Team." And I was like, "Oh, fun."


Sam Schwartz:

And it was incredible. It was an incredible start of something that I had no idea what anyone was talking about, when they were first trying to explain it to me in layman's terms, they're like, oh, well, there's malware and we have to decide how it gets made and how we stop it. And I was like, what's malware? I was like, you need to really dumb it down, I have no idea what we're talking about. And initially when I started on this threat intelligence team, there were only five of us. So I was a PM and they had been really wanting a PM, and apparently before they met me were happy to get a PM, but weren't so happy it was a college hire. They're like-


Nic Fillingham:

Who had never heard of malware.


Sam Schwartz:

We need structure.


Nic Fillingham:

And thought Windows was just a giant anthropomorphic start menu button.


Sam Schwartz:

They're like, we need structure, we need a person to help us. And I was like, hi, nice to meet you all. And so we had two engineers who were building tools for our two analysts and it was, we called ourself a little startup inside of security research inside of the security and compliance team, because we were figuring it out. We were like, threat intelligence is a big market, how do we provide this notion of actionable threat intelligence? So rather than having static indicators of compromise, how do we actually provide a full story and tell customers to configure, to harden their machines and tell a story around the acts that you take to initiate all of these. These configurations are going to help you more than just blocking IOCs that are months old. So figuring out how to best give our analyst tools, our TI analysts, and then allow us to better Microsoft products as a whole.


Sam Schwartz:

So based on the information that our analysts have, how do we spread that message across the teams in Microsoft and make our products better? So we were figuring it out and I shadowed a lot of analysts and I read a lot of books and watched a lot of talks. I would watch talks and write just a bunch of questions. Then finally, as you're around all these incredibly intelligent security people, you start to pick it up, and after about a year or so I would send meetings and I would listen to myself speak and I was like, did I say that? Was that me that one, understood the question that was asked of me and then also was able to give an educated answer? It was very shocking and quite fun. And I still feel that way sometimes, but I guess that's my journey into security.


Natalia Godyla:

Do you have any other suggestions for somebody who is in their last years of college or just getting out of college and they're listening to this and saying, heck yes, I want to do what Sam's doing. Any other applicable skills or tricks for getting up to speed on the job?


Sam Schwartz:

I think a lot of the PM job is the ability to work with people and the ability to communicate and understand what people need and be able to communicate that in a way that maybe they can't communicate. See people's problems and be able to fix them. But I think a lot of the PM skills you can get by working collaboratively in groups, and that you can do that in jobs, you can do that in classes. There's ample opportunity to work with different people, volunteering, mentoring, working with people and being able to communicate effectively and connect to people and understand, be empathetic, understand their issues and try to help is something that everyone can do and I think everyone can be an effective PM. On the security side, I think reading and listening. Even the fact that, the hypothetical was someone listening to this podcast that are already light years ahead of I was when I started, but just listening, keeping up to date, reading what's going on in the news, understanding the threats, scouring Twitter for all the goodness going on.


Sam Schwartz:

That's the way to stay on top.


Nic Fillingham:

Tell us about your role and how you interface with data scientists that are building machine learning models and AI systems. Are you a consumer of those models and systems? Are you contributing to them? Are you helping design them? How do you fit into that picture?


Sam Schwartz:

So a little bit of all of the things that you mentioned, being a part of our MTE service, we have so many parts that would love some data science, ML, AI help, and we are both consumers and contributors to that. So we have data scientists who are creating those traps that I was talking about earlier for us, who are creating the indicators of malicious anomalous behavior that our hunters then key off of. Our hunters also grade these traps. And then we can provide that back to the data scientists to make their algorithms better. So we provide that grading feedback back to them to have them then make their traps better. And our hope is that eventually their traps, so these low fidelity signals, become so good and so high fidelity that we actually don't even need them in our service, we can just put them directly in the product. So we work, we start from the incubation, we provide feedback, and then we hopefully see our anomaly detection traps grow and become product detections, which is an awesome life cycle to be a part of.


Nic Fillingham:

I want to change topics then, but this one's going to need a little bit of context setting because you are famous inside of Microsoft for anyone that has completed one of our internal compliance trainings. I don't even know how to describe this to people that haven't experienced it. Natalia, we've both done it. So there's this thing at Microsoft called Standards of Business Conduct, it's like a internal employee compliance. This is how you should behave, this is how you should function as a responsible employee and member of the Microsoft family, but then also how we work with customers and everything. And it's been going on for a few years. Sam, you had a cameo, you were the only non-professional actor in the recent series, that's correct?


Sam Schwartz:

I was, I was, I'm famous, I will be signing headshots when we're all back in the office.


Nic Fillingham:

So tell us about how did this happen?


Sam Schwartz:

So I, as anyone who has seen the Standards of Business Conduct videos, I wouldn't call them a training, I would call them a production.


Nic Fillingham:

An experience. Or production.


Sam Schwartz:

An experience, yeah. An experience.


Nic Fillingham:

They're like a soap opera. It's almost like Days of Our Lives. They really stir the emotion and we get attached to these characters and they go on wild journeys in a very short space of time.


Natalia Godyla:

I was just watching an episode and I literally got stressed.


Sam Schwartz:

Yeah, you're so invested in these characters and their stories and you're rooting for them to do the right thing. And you're like, come on, just be compliant. And in my first week on the job I was telling, I watched this training as everyone who starts Microsoft has to do and I was telling my team that I was obsessed with the main character who has his own trial and tribulations throughout the entire series. And I just thought it was fun and I was like, how do I get on it? That was my thing when I first joined, how do I get on Standards of Business Conduct? And every year, Microsoft is super passionate about giving, giving back, donating money, and every October we have this thing called the Give Campaign where every employee is encouraged to give back to their community.


Sam Schwartz:

And one of the ways that they do is they have an auction. So some of the auction things are, you get lunch or golf with Satya, or you get assigned, I don't know, computer or X-Box from Phil Spencer or whatever it is. I made those up.


Nic Fillingham:

You get to be the Windows start button for a day.


Sam Schwartz:

You get to be the Windows start button for a day. And one of those is a cameo in Standards of Business Conduct. And you can donate a certain amount of money and there's a bid going, where the person who donates the most money is at the leaderboard and then if you donate more money, you got on top. So a silent auction before giving back and donating. And I saw that last year on the gift campaign, but I didn't think much of it. It had a high price tag and I didn't want to deal with it. And then a couple of months later, I had just gotten back from vacation and my skip level was like, hey, I missed you a lot, let's get lunch. And I was like, okay, great, I love that.


Sam Schwartz:

And he was like, I want to go somewhere fun, I want to go to building 35, which is the executive nice cafeteria building at Microsoft, which is not near our office. And I was like, okay, weird, he wants to go to another building for lunch, but we can go do that. So I went with him and it was five to 10 minutes into our lunch and these people come up to our table and they're like, can we sit with you? And I'm looking around and there are tons of tables, I'm like, what are these people encroaching on my lunch for? I just want to have lunch and chat and these people want to come sit at my table, but of course, we're going to let them sit at our table. And I look over at the guy who's sitting next to me and it's the main character from Standards of Business Conduct. It is the actor, it is-


Nic Fillingham:

It's Nelson.


Sam Schwartz:

It's Nelson. And I fan girled over him for a year and a half now, I've seen all his work, I'm a huge fan.


Nic Fillingham:

Please tell me it was a Beatles on their first tour to America moment. Please tell me there was screaming, there was fainting.


Sam Schwartz:

I blacked out.


Nic Fillingham:

That's the picture in my head.


Sam Schwartz:

I don't remember. I don't remember what happened because I actually blacked out. And there's a video of this and you can see my body language, when I realized you can see me grab the arms of the chair and my whole body tenses up, and I'm looking around frantically, like, what's happening. And the woman who was sitting next to my skip-level, she actually created Standards of Business Conduct and she's in a lot of the videos, her name is Rochelle. And she's like, your team has pulled together their money and bought you a cameo in our next Standards of Business Conduct. And I turned around and my entire team is on the balcony of the cafeteria filming me and it was very cute and very emotional. And I got to see Nelson and then I got to be in Standards of Business Conduct, which is awesome. And it was a super fun experience.


Nic Fillingham:

So in the Microsoft cinematic universe, what is your relationship to Nelson? Are you a colleague?


Sam Schwartz:

We're all on the same team.


Nic Fillingham:

So you're a colleague.


Sam Schwartz:

We are on the same team.


Nic Fillingham:

So forever, you're a colleague of Nelson's.


Sam Schwartz:

Yeah, I am. And he knows who I am and that makes me sleep well at night.


Natalia Godyla:

Thank you, Sam, for joining us on the show today, it was great to chat with you.


Sam Schwartz:

Thank you so much for having me. I've had such a fun time.


Natalia Godyla:

Well, we had a great time unlocking insights into security, from research to artificial intelligence. Keep an eye out for our next episode.


Nic Fillingham:

And don't forget to tweet us @MSFTSecurity, or email us at SecurityUnlocked@microsoft.com with topics you'd like to hear on a future episode. Until then, stay safe.


Natalia Godyla:

Stay secure.

More Episodes

2/24/2021

Judging a Bug by Its Title

Ep. 16
Most people know the age-old adage, “Don’t judge a book by its cover.” I can still see my grandmother wagging her finger at me when I was younger as she said it. But what if it's not the book cover we’re judging, but the title? And what if it’s not a book we’re analyzing, but instead a security bug? The times have changed, and age-old adages don’t always translate well in the digital landscape.In this case, we’re using machine learning (ML) to identify and “judge” security bugs based solely on their titles. And, believe it or not, it works! (Sorry, Grandma!)Mayana Pereira, Data Scientist at Microsoft, joins hosts Nic Fillingham and Natalia Godyla to dig into the endeavors that aresaving security experts’ time. Mayana explains how data science and security teams have come together to explore ways that ML can help software developers identify and classify security bugs more efficiently. A task that, without machine learning, has traditionally provided false positives or led developers to overlook misclassified critical security vulnerabilities.In This Episode, You Will Learn:• How data science and ML can improve security protocols and identify and classify bugs for software developers• How to determine the appropriate amount of data needed to create an accurate ML training model• The techniques used to classify bugs based simply on their titleSome Questions We Ask:• What questions need to be asked in order to obtain the right data to train a security model?• How does Microsoft utilize the outputs of these data-driven security models?• What is AI for Good and how is it using AI to foster positive change in protecting children, data and privacy online?Resources:Microsoft Digital Defense Reporthttps://www.microsoft.com/en-us/security/business/security-intelligence-reportArticle: “Identifying Security Bug Reports Based Solely on Report Titles and Noisy Data”https://docs.microsoft.com/en-us/security/engineering/identifying-security-bug-reportsMayana’s LinkedInhttps://www.linkedin.com/in/mayana-pereira-2aa284b0Nic’s LinkedInhttps://www.linkedin.com/in/nicfill/Natalia’s LinkedInhttps://www.linkedin.com/in/nataliagodyla/Microsoft Security Blog:https://www.microsoft.com/security/blog/Transcript(Full transcript can be found at https://aka.ms/SecurityUnlockedEp16)Nic Fillingham:Hello, and welcome to Security Unlocked, a new podcast from Microsoft where we unlock insights from the latest in news and research from across Microsoft Security engineering and operations teams. I'm Nic Fillingham-Natalia Godyla:And I'm Natalia Godyla. In each episode we'll discuss the latest stories from Microsoft Security, deep dive into the newest threat, intel, research and data science-Nic Fillingham:And profile some of the fascinating people working on artificial intelligence in Microsoft Security.Natalia Godyla:And now let's unlock the pod.Natalia Godyla:Hello, Nic. How's it going?Nic Fillingham:Hello, Natalia. Welcome back. Well, I guess welcome back to Boston to you. But welcome to Episode 16. I'm confused because I saw you in person last week for the first time. Well, technically it was the first time for you, 'cause you didn't remember our first time. It was the second time for me. But it was-Natalia Godyla:I feel like I just need to justify myself a little bit there. It was a 10 second exchange, so I feel like it's fair that I, I was new to Microsoft. There was a lot coming at me, so, uh-Nic Fillingham:Uh, I'm not very memorable, too, so that's the other, that's the other part, which is fine. But yeah. You were, you were here in Seattle. We both did COVID tests because we filmed... Can I say? You, you tell us. What did we do? It's a secret. It is announced? What's the deal?Natalia Godyla:All right. Well, it, it's sort of a secret, but everyone who's listening to our podcast gets to be in the know. So in, in March you and I will be launching a new series, and it's a, a video series in which we talk to industry experts. But really we're, we're hanging with the industry experts. So they get to tell us a ton of really cool things about [Sec Ups 00:01:42] and AppSec while we all play games together. So lots of puzzling. Really, we're just, we're just getting paid to do puzzles with people cooler than us.Nic Fillingham:Speaking of hanging out with cool people, on the podcast today we have Mayana Pereira whose name you may have heard from a few episodes ago Scott Christiansen was on talking about the work that he does. And he had partnered Mayana to build and launch a, uh, machine learning model that looked at the titles of bugs across Microsoft's various code repositories, and using machine learning determined whether those bugs were actually security related or not, and if they were, what the correct severity rating should be. Nic Fillingham:So this episode we thought we'd experiment with the format. And instead of having two guests, instead of having a, a deep dive upfront and then a, a profile on someone in the back off, we thought we would just have one guest. We'd give them a little bit extra time, uh, about 30 minutes and allow them to sort of really unpack the particular problem or, or challenge that they're working on. So, yeah. We, we hope you like this experiment.Natalia Godyla:And as always, we are open to feedback on the new format, so tweet us, uh, @msftsecurity or send us an email securityunlocked@microsoft.com. Let us know what you wanna hear more of, whether you like hearing just one guest. We are super open. And with that, on with the pod?Nic Fillingham:On with the pod.Nic Fillingham:Welcome to the Security Unlocked podcast. Mayana Pereira, thanks for joining us.Mayana Pereira:Thank you for having me. I'm so happy to be here today, and I'm very excited to share some of the things that I have done in the intersection of [ML 00:03:27] and security.Nic Fillingham:Wonderful. Well, listeners of the podcast will have heard your name back in Episode 13 when we talked to Scott Christiansen, and he talked about, um, a fascinating project about looking for or, uh, utilizing machine learning to classify bugs based simply on, on their title, and we'll get to that in a minute. But could you please introduce you- yourself to our audience. Tell us about your title, but sort of what does that look like in terms of day-to-day and, and, and the work that you do for Microsoft?Mayana Pereira:I'm a data scientist at Microsoft. I've been, I have been working at Microsoft for two years and a half now. And I've always worked inside Microsoft with machine learning applied to security, trust, safety, and I also do some work in the data privacy world. And this area of ML applications to the security world has always been my passion, so before Microsoft I was also working with ML applied to cyber security more in the malware world, but still security. And since I joined Microsoft, I've been working on data science projects that kinda look like this project that we're gonna, um, talk today about. So those are machine learning applications to interesting problems where we can either increase the trust and the security Microsoft products, or the safety for the customer. You know, you would develop m- machine learning models with that in mind. Mayana Pereira:And my day-to-day work includes trying to understand which are those interesting programs across the company, talk to my amazing colleagues such as Scott. And I have a, I have been so blessed with an amazing great team around me. And thinking about these problems, gathering data, and then getting, you know, heads down and training models, and testing new machine learning techniques that have never been used for a specific applications, and trying to understand how well or if they will work for those applications, or if they're gonna get us to better performance, or better accuracy precision and those, those metrics that we tend to use in data science works. And when we feel like, oh, this is an interesting project and I think it is interesting enough to share with the community, we write a paper, we write a blog, we go to a conference such as RSA and we present it to the community, and we get to share the work and the findings with colleagues internal to Microsoft, but also external. So this is kinda what I do on a day-to-day basis.Mayana Pereira:Right now my team is the data science team inside Microsoft that is called AI For Good, so the AI for Good has this for good in a sense of we want to, to guarantee safety, not only for Microsoft customers, but for the community in general. So one of my line of work is thinking about how can I collaborate with NGOs that are also thinking about the security or, and the safety of kids, for example. And this is another thing that I have been doing as part of this AI for Good effort inside Microsoft.Natalia Godyla:Before we dive into the bug report classification project, can you just share a couple of the projects that your team works for AI for Good? I think it would be really interesting for the audience to hear that.Mayana Pereira:Oh, absolutely. So we have various pillars inside the AI for Good team. There is AI for Health, AI for Humanitarian Action, AI for Earth. We have also been collaborating in an effort for having a platform with a library for data privacy. It is a library where we have, uh, various tools to apply the data and get us an output, data with strong privacy guarantees. So guaranteeing privacy for whoever was, had their information in a specific dataset or contributed with their own information to a specific research and et cetera. So this is another thing that our team is currently doing.Mayana Pereira:And we have various partners inside and outside of Microsoft. Like I mentioned, we do a lot of work in NGOs. So you can think like project like AI for Earth several NGOs that are taking care of endangered species and other satellite images for understanding problems with the first station and et cetera. And then Humanitarian Action, I have worked with NGOs that are developing tools to combat child sexual abuse and exploration. AI for Health has so many interesting projects, and it is a big variety of projects. Mayana Pereira:So this is what the AI for Good team does. We are, I think right now we're over 15 data scientists. All of us are doing this work that it is a- applied research. Somehow it is work that we need to sit down with, with our customers or partners, and really understand where the problem is. It's usually some, some problems that required us to dig a little deeper and come up with some novel or creative solution for that. So this is basically the overall, the AI for Good team.Nic Fillingham:Let's get back in the way back machine to I think it was April of 2020, which feels like 700 years ago.Mayana Pereira:(laughs) Nic Fillingham:But you and Scott (laughs) published a blog. Scott talked about on Episode 13 called securing Nic Fillingham:The s- the software development lifecycle with machine learning, and the thing that I think both Natalia and I picked up on when Scott was talking about this, is it sounded first-, firstly it sounded like a exceptionally complex premise, and I don't mean to diminish, but I think Natalia and I were both "oh wow you built a model that sort of went through repro steps and passed all the logs inside of security bugs in order to better classify them but that's not what this does", this is about literally looking at the words that are the title of the security bug, and then building a model to try and determine whether it was truly security or something else, is that right?Mayana Pereira:That's exactly it. This was such an interesting project. When I started collaborating with Scott, and some other engineers in the team. I was a little skeptical about using only titles, to make prediction about whether a bug has, is security related or not. And, it seems. Now that I have trained several models and passed it and later retrained to- to get more of a variety of data in our model. I have learned that people are really good at describing what is going on in a bug, in the title, it feels like they really summarize it somehow so it's- it's doing a good job because, yes, that's exactly what we're doing, we are using bug titles only from several sources across Microsoft, and then we use that to understand which bugs are security related or not, and how we can have an overall view of everything that is happening, you know in various teams across different products. And, that has given a lot of visibilities to some unknown problems and some visibility to some things that we were not seeing before, because now you can scan, millions of bugs in a few seconds. Just reading titles, you have a model that does it really fast. And, I think it is a game changer in that sense, in the visibility and how do you see everything that is happening in that bug world.Natalia Godyla:So what drove that decision? Why are we relying only on the titles, why can't we use the- the full bug reports? Mayana Pereira:There are so many reasons for that. I think, the first reason was the fact that the full bug report, sometimes, has sensitive information. And we were a little bit scared about pulling all that sensitive information which could include passwords, could include, you know, maybe things that should not be available to anyone, and include that in a- in a VM to train a model, or, in a data science pipeline. And, having to be extremely careful also about not having our model learning passwords, not having that. So that was one of the big, I think incentives off, let's try titles only, and see if it works. If it doesn't work then we can move on and see how we can overcome the problem of the sensitive information. And it did work, when we saw that we had a lot of signal in bug titles only, we decided to really invest in that and get really good models by u- utilizing bug titles only. Nic Fillingham:I'm going to read from the blog just for a second here, because some of the numbers here, uh, are pretty staggering, so, again this was written 2020, uh, in April, so there's obviously, probably updated numbers since then but it said that Microsoft 47,000 developers generate nearly 30,000 bugs a month, which is amazing that's coming across over 100 Azure DevOps and GitHub repositories. And then you had it you, you actually have a count here saying since 2001 Microsoft has collected 13 million work items and bugs which I just thinks amazing. So, do you want to speak to, sort of, the volume of inputs and, sort of, signals here in to building that model and maybe some of the challenges, and then a follow on question is, is this model, still active today, is this- is this work still ongoing, has it been incorporated into a product or another, another process?Nic Fillingham:Do you want to start with, with numbers or. Mayana Pereira:Yes, I think that from my data scientist point of view, having such large numbers is absolutely fantastic because it gives us a historical data set, very rich so we can understand how data has evolved over time. And also, if this- the security terminology has changed the law, or how long will this model last, in a sense. And it was interesting to see that you can have different tools, different products, different things coming up, but the security problems, at least for, I would say for the past six, seven years, when it comes to terminology, because what I was analyzing was the terminology of the security problems. My model was a natural language processing model. It was pretty consistent, so that was really interesting to see from that perspective we have. And by having so much data, you know, this amazing volume. It helped us to build better classifiers for sure. So this is my- my data scientist side saying, amazing. I love it so much data.Nic Fillingham:What's the status of this project on this model now.? Is it- is it still going? Has it been embedded into another- another product, uh, or process?Mayana Pereira:Yes, it's still active. It's still being used. So, right now, this product. This, not the product- the product, but the model is mainly used by the customer security interest team in [Sila 00:16:16], so they use the model in order to understand the security state of Microsoft products in general, and, uh, different products and looking at specific products as well, are using the model to get the- the bugs statistics and security bugs statistics for all these different products across Microsoft. And there are plans on integrating the- this specific model or a variation of the model into other security lifecycle pipelines, but this is a decision that is more on CST customer Security Trust side and I have, um, only followed it, but I don't have specific details for that right now. But, I have seen a lot of good interesting results coming out of that model, good insights and security engineers using the results of the model to identify potential problems, and fix those problems much faster.Natalia Godyla:So, taking a step back and just thinking about the journey that your team has gone on to get the model to the state that it's in today. Uh, in the blog you listed a number of questions to figure out what would be the right data to train the model. So the questions were, is there enough data? How good is the data? Are there data usage restrictions? And, can data be generated in a lab? Natalia Godyla:So can you talk us through how you answered these questions like, as a- as a data scientist you were thrilled that there was a ton of data out there, but what was enough data? How did you define how good the data was? Or, whether it was good enough.Mayana Pereira:Great. So, those were questions that I asked myself before even knowing what the project was about, and the answer to is there enough data? It seemed very clear from the beginning that, yes, we had enough data, but those were questions that I brought up on the blog, not only for myself but for anyone else that was interested in replicating those experiments in their company or maybe university or s- anywhere any- any data scientist that is interested to train your own model for classification, which questions should be asked? Once you start a project like this. So the, is there enough data for me? Was clear from the beginning, we had several products so we had a variety of data sources. I think that when you reach, the number of millions of samples of data. I think that speaks for itself. It is a high volume. So I felt, we did have enough data.Mayana Pereira:And, when it came to data quality. That was a more complex question. We had data in our hands, bugs. We wanted to be able to train a model that could different- differentiate from security bugs and non security bugs, you know. And, for that, Usually what we do with machine learning, is we have data, that data has labels, so you have data that represents security bugs, data that represents non security bugs. And then we use that to train the model. And those labels were not so great. So we needed to understand how the not so great labels was going to impact our model, you know, we're going to train a model with labels that were not so great. So Mayana Pereira:That was gonna happen. So that was one of the questions that we asked ourselves. And I did a study on that, on understanding what is the impact of these noisy labels and the training data set. And how is it gonna impact the classification results that we get once using this, this training data? So this was one of the questions that I asked and we, I did several experiments, adding noise. I did that myself, I, I added noise on purpose to the data set to see what was the limits of this noise resilience. You know, when you have noisy labels in training, we published it in a, in an academic conference in 2019, and we understood that it was okay to have noisy labels. So security bugs that were actually labeled as not security and not security bugs labeled as security. There was a limit to that.Mayana Pereira:We kinda understood the limitations of the model. And then we started investigating our own data to see, is our own data within those limits. If yes, then we can use this data confidentially to train our models. If no, then we'll have to have some processes for correcting labels and understanding these data set a little bit better. What can we use and what can we not use to train the models. So what we found out is that, we didn't have noisy labels in the data set. And we had to make a few corrections in our labels, but it was much less work because we understood exactly what needed to be done, and not correct every single data sample or every single label in a, an enormous data set of millions of entries. So that was something that really helped. Mayana Pereira:And then the other question, um, that we asked is, can we generate data in the lab? So we could sometimes force a specific security issue and generate some, some box that had that security description into titles. And why did we include that in the list of questions? Because a lot of bugs that we have in our database are generated by automated tools. So when you have a new tool being included in your ecosystem, how is your model going to recognize the bugs that are coming from this new tool? So does our, ma- automatically generated box. And we could wait for the tool to be used, and then after a while we gathered the data that the tool provided us and including a retraining set. But we can also do that in the lab ecosystem, generate data and then incorporate in a training set. So this is where this comes from.Nic Fillingham:I wanted to ask possibly a, a very rudimentary question, uh, especially to those that are, you know, very familiar with machine learning. When you have a data set, there's words, there is text in which you're trying to generate labels for that text. Does the text itself help the process of creating labels? So for example, if I've got a bug and the name of that bug is the word security is in the, the actual bug name. Am I jump-starting, am I, am I skipping some steps to be able to generate good labels for that data? Because I already have the word I'm looking for. Like I, I think my question here is, was it helpful to generate your labels because you were looking at text in the actual title of the bug and trying to ascertain whether something was security or not?Mayana Pereira:So the labels were never generated by us or by me, the data scientists. The labels were coming from the engineering systems where we collected the data from. So we were relying on what- whatever happened in the, in the engineering team, engineering group and relying that they did, uh, a good job of manually labeling the bugs as security or not security. But that's not always the case, and that doesn't mean that the, the engineers are not good or are bad, but sometimes they have their own ways of identifying it in their systems. And not necessarily, it is the same database that we had access to. So sometimes the data is completely unlabeled, the data that comes to us, and sometimes there are mistakes. Sometimes you have, um, specific engineer that doesn't have a lot of security background. The person sees a, a problem, describes the problem, but doesn't necessarily attribute the problem as a security problem. Well, that can happen as well.Mayana Pereira:So that is where the labels came from. The interesting thing about the terminology is that, out of the millions and millions of security bugs that I did review, like manually reviewed, because I kinda wanted to understand what was going on in the data. I would say that for sure, less than 1%, even less than that, had the word security in it. So it is a very specific terminology when you see that. So people tend to be very literal in what the problem is, but not what the problem will generate. In a sense of they will, they will use things like Cross-site Scripting or passwords in clear, but not necessarily, there's a security pr- there's a security problem. But just what the issue is, so it is more of getting them all to understand that security lingual and what is that vocabulary that constitutes security problems. So that's wh- that's why it is a little bit hard to generate a list of words and see if it matches. If a specific title matches to this list of words, then it's security.Mayana Pereira:It was a little bit hard to do that way. And sometimes you have in the title, a few different words that in a specific order, it is a security problem. In another order, it is not. And then, I don't have that example here with me, but I, I could see some of those examples in the data. For example, I think the Cross-site Scripting is a good example. Sometimes you have site and cross in another place in the title. It has nothing to do with Cross-site Scripting. Both those two words are there. The model can actually understand the order and how close they are in the bug title, and make the decision if it is security or not security. So that's why the model is quite easier to distinguish than if we had to use rules to do that.Natalia Godyla:I have literally so many questions. Nic Fillingham:[laughs].Natalia Godyla:I'm gonna start with, uh, how did you teach at the lingo? So what did you feed the model so that it started to pick up on different types of attacks like Cross-site Scripting?Mayana Pereira:Perfect. The training algorithm will do that for me. So basically what I need to guarantee is that we're using the correct technique to do that. So the technique will, the machine learning technique will basically identify from this data set. So I have a big data set of titles. And each title will have a label which is security or non-security related to it. Once we feed the training algorithm with all this text and their associated labels, the training algorithm will, will start understanding that, some words are associated with security, some words are associated with non-security. And then the algorithm will, itself will learn those patterns. And then we're gonna train this algorithm. So in the future, we'll just give the algorithm a new title and say, "Hey, you've learned all these different words, because I gave you this data set from the past. Now tell me if this new ti- if this new title that someone just came up with is a security problem or a, a non-security problem." And the algorithm will, based on all of these examples that it has seen before, will make a decision if it is security or non-security.Natalia Godyla:Awesome. That makes sense. So nothing was provided beforehand, it was all a process of leveraging the labels. Mayana Pereira:Yes.Natalia Godyla:Also then thinking about just the dataset that you received, you were working with how many different business groups to get this data? I mean, it, it must've been from several different product teams, right?Mayana Pereira:Right. So I had the huge advantage of having an amazing team that is a data center team that is just focused on doing that. So their business is go around the company, gather data and have everything harmonized in a database. So basically, what I had to do is work with this specific team that had already done this amazing job, going across the company, collecting data and doing this hard work of harvesting data and harmonizing data. And they had it with them. So it is a team that does that inside Microsoft. Collects the data, gets everything together. They have their databases updated several times a day, um, collecting Mayana Pereira:... Data from across the company, so it is a lot of work, yeah.Natalia Godyla:So do different teams treat bug reports differently, meaning is there any standardization that you had to do or anything that you wanted to implement within the bug reports in order to get better data?Mayana Pereira:Yes. Teams across the company will report bugs differently using different systems. Sometimes it's Azure DevOps, sometimes it can be GitHub. And as I mentioned, there is a, there was a lot of work done in the data harmonization side before I touched the data. So there was a lot of things done to get the data in, in shape. This was something that, fortunately, several amazing engineers did before I touched the data. Basically, what I had to do once I touched it, was I just applied the data as is to the model and the data was very well treated before I touched it. Nic Fillingham:Wow. So many questions. I did wanna ask about measuring the success of this technique. Were you able to apply a metric, a score to the ... And I'm, I, I don't even know what it would be. Perhaps it would be the time to address a security bug pre and post this work. So, did this measurably decrease the amount of time for prioritized security bugs to be, to be addressed?Mayana Pereira:Oh, definitely. Yes, it did. So not only it helped in that sense, but it helped in understanding how some teams were not identifying specific classes of bugs as security. Because we would see this inconsistency with the labels that they were including in their own databases. These labels would come to this big database that is harmonized and then we would apply the model on top of these data and see that specific teams were treating their, some data points as non-security and should have been security. Or sometimes they were treating as security, but not with the correct severity. So it would, should have been a critical bug and they were actually treating it as a moderate bug. So, that, I think, not only the, the timing issue was really important, but now you have a visibility of behavior and patterns across the company that the model gives us.Nic Fillingham:That's amazing. And so, so if I'm an engineer at Microsoft right now and I'm in my, my DevOps environment and I'm logging a bug and I use the words cross- cross scripting somewhere in the bug, what's the timing with which I get the feedback from your model that says, "Hey, your prioritization's wrong," or, "Hey, this has been classified incorrectly"? Are we at the point now where this model is actually sort of integrated into the DevOps cycle or is that still coming further down the, the, the path?Mayana Pereira:So you have, the main customer is Customer Security and Trust team inside Microsoft. They are the ones using it. But as soon as they start seeing problems in the data or specific patterns and problems in specific teams' datasets, they will go to that team and then have this, they have a campaign where they go to different teams and, and talk to them. And some teams, they do have access to the datasets after they are classified by our model. Right now, there's, they don't have the instant response, but that's, that's definitely coming.Nic Fillingham:So, Mayana, how is Customer Security and Trust, your organization, utilizing the outputs of this model when a, when a, when a bug gets flagged as being incorrectly classified, you know, is there a threshold, and then sort of what happens when you, when you get those flags?Mayana Pereira:So the engineering team, the security engineering team in Customer Security and Trust, they will use the model to understand the overall state of security of Microsoft products, you know, like the products across the company, our products, basically. And they will have an understanding of how fast those bugs are being mitigated. They'll have an understanding of the volume of bugs, and security bugs in this case, and they can follow this bugs in, in a, in a timely manner. You know, as soon as the bug comes to the CST system, they bug gets flagged as either security or not security. Once it's flagged as security, there, there is a second model that will classify the severity of the bug and the CST will track these bugs and understand how fast the teams are closing those bugs and how well they're dealing with the security bugs.Natalia Godyla:So as someone who works in the AI for Good group within Microsoft, what is your personal passion? What would you like to apply AI to if it, if it's not this project or, uh, maybe not a project within Microsoft, what is, what is something you want to tackle in your life?Mayana Pereira:Oh, love the question. I think my big passion right now is developing machine learning models for eradication of child sexual abuse medias in, across different platforms. So you can think about platform online from search engines to data sharing platforms, social media, anything that you can have the user uploading content. You can have problems in that area. And anything where you have using visualizing content. You want to protect that customer, that user, from that as well. But most importantly, protect the victims from those crimes and I think that has been, um, something that I have been dedicating s- some time now. I was fortunate to work with an NGO, um, recently in that se- in that area, in that specific area. Um, developed a few models for them. She would attacked those kind of medias. And these would be my AI for Good passion for now. The other thing that I am really passionate about is privacy, data privacy. I feel like we have so much data out there and there's so much of our information out there and I feel like the great things that we get from having data and having machine learning we should not, not have those great things because of privacy compromises. Mayana Pereira:So how can we guarantee that no one's gonna have their privacy compromised? And at the same time, we're gonna have all these amazing systems working. You know, how can we learn from data without learning from specific individuals or without learning anything private from a specific person, but still learn from a population, still learn from data. That is another big passion of mine that I have been fortunate enough to work in such kind of initiatives inside Microsoft. I absolutely love it. When, when I think about guaranteeing privacy of our customers or our partners or anyone, I think that is also a big thing for me. And that, that falls under the AI for Good umbrella as well since that there's so much, you know, personal information in some of these AI for Good projects. Natalia Godyla:Thank you, Mayana, for joining us on the show today.Nic Fillingham:We'd love to have you back especially, uh, folks, uh, on your team to talk more about some of those AI for Good projects. Just, finally, where can we go to follow your work? Do you have a blog, do you have Twitter, do you have LinkedIn, do you have GitHub? Where should, where should folks go to find you on the interwebs?Mayana Pereira:LinkedIn is where I usually post my latest works, and links, and interesting things that are happening in the security, safety, privacy world. I love to, you know, share on LinkedIn. So m- I'm Mayana Pereira on LinkedIn and if anyone finds me there, feel free to connect. I love to connect with people on LinkedIn and just chat and meet new people networking.Natalia Godyla:Awesome. Thank you. Mayana Pereira:Thank you. I had so much fun. It was such a huge pleasure to talk to you guys.Natalia Godyla:Well, we had a great time unlocking insights into security from research to artificial intelligence. Keep an eye out for our next episode. Nic Fillingham:And don't forget to Tweet us at MSFTSecurity or email us at securityunlocked@microsoft.com with topics you'd like to hear on a future episode. Until then, stay safe. Natalia Godyla:Stay secure.
2/17/2021

Enterprise Resiliency: Breakfast of Champions

Ep. 15
Prior to the pandemic,workdaysused to look a whole lot different.If you had a break,youcouldtake a walk to stretch your legs, shake the hands of your co-workers,orget some 1-on-1 face timewith the boss. Ahh... those were the days. Thatclose contact we once had is now somethingthat manyof usyearn for aswe’vehad to abruptlylift andshift fromliving in our office to working from our home.But communicating and socializing aren’t the only things that were easier back then. The walls of your office have expanded, and with them, the boundaries of your security protocols. Small in-office tasks like patching a server have now become multi-step processes that require remote management, remote updates, and remote administrative control. With that comes the prioritization of resilience and what it means for enterprises, customers, and security teams alike.That’swhere remote enterprise resiliency comes into play.Today on the pod,we explore the final chapter of the MDDR.Irfan Mirza,Director of Enterprise Continuity and Resilience atMicrosoft, wrapsupthe observationsfrom the report bygivinghostsNic FillinghamandNatalya Godylathe rundown on enterprise resiliencyand discusses how we canensure the highest levels of security while working from home.Irfan explains theZero trustmodel and how Microsoft is working to extend security benefits to your kitchen or home office, or...thatmake-shiftworkspacein your closet.In the second segment,Andrew Paverd,Senior Researcheron the Microsoft Security Response Center Teamandjackof all trades,stops by…andwe’renot convinced he’s fully human.He’shere to tell us about the many hats he wears,from safe systemsprogramming to leveraging AI to helpwith processes within the MSRC,andshares how he has to think like a hacker to prevent attacks. Spoiler alert:he’sa big follower of Murphy’s Law.In This Episode, You Will Learn:•How classical security models are being challenged•What the Zero Trust Model is and how it works•The three critical areas of resilience: extending the enterprise boundary, prioritizing resilient performance, and validating the resilience of our human infrastructure.•How hackers approach our systems and technologiesSome Questions We Ask:•How has security changed as a product of the pandemic?•Do we feel like we have secured the remote workforce?•What frameworks exist to put a metric around where an organization is in terms of its resiliency?•What is Control Flow Guard (CFG) and Control-Flow Integrity?•What’sthe next stage for the Rust programming language?Resources:Microsoft Digital Defense Report:https://www.microsoft.com/en-us/security/business/security-intelligence-reportIrfan’s LinkedInhttps://www.linkedin.com/in/irfanmirzausa/Andrew’s LinkedInhttps://www.linkedin.com/in/andrewpaverd/Nic’s LinkedInhttps://www.linkedin.com/in/nicfill/Natalia’s LinkedInhttps://www.linkedin.com/in/nataliagodyla/Microsoft Security Blog:https://www.microsoft.com/security/blog/Transcript(Full transcript can be found at https://aka.ms/SecurityUnlockedEp15)Nic Fillingham:Hello, and welcome to Security Unlocked, a new podcast from Microsoft, where we unlock insights from the latest in news and research from across Microsoft security, engineering and operations teams. I'm Nic Fillingham.Natalia Godyla:And I'm Natalia Godyla. In each episode, we'll discuss the latest stories from Microsoft Security, deep dive into the newest threat intel, research and data science. Nic Fillingham:And profile some of the fascinating people working on artificial intelligence in Microsoft Security. Natalia Godyla:And now let's unlock the pod. Hi Nic, I have big news.Nic Fillingham:Big news. Tell me a big news.Natalia Godyla:I got a cat. Last night at 8:00 PM, I got a cat. Nic Fillingham:Did it come via Amazon Prime drone? Natalia Godyla:No.Nic Fillingham:Just, that was a very specific time. Like 8:00 PM last night is not usually the time I would associate people getting cats. Tell me how you got your cat. Natalia Godyla:It was a lot more conventional. So I had an appointment at the shelter and found a picture of this cat with really nubby legs and immediately-Nic Fillingham:(laughs).Natalia Godyla:... fell in love obviously. And they actually responded to us and we went and saw the cat, got the cat. The cat is now ours. Nic Fillingham:That's awesome. Is the cat's name nubby. Natalia Godyla:It's not, but it is on the list of potential name changes. So right now the cat's name is tipper. We're definitely nervous about why the cat was named tipper. Nic Fillingham:(laughs).Natalia Godyla:We're hiding all of the glass things for right now. Nic Fillingham:How do we get to see the cat? Is there, will there be Instagram? Will there be Twitter photos? This is the most important question.Natalia Godyla:Wow. I haven't planned that yet.Nic Fillingham:You think about that and I'll, uh, I'll start announcing the first guest on this episode.Natalia Godyla:(laughs).Nic Fillingham:On today's episode, we speak with Irfan Mirza, who is wrapping up our coverage of the Microsoft Digital Defense Report with a conversation about enterprise resiliency. Now, this is really all of the chapters that are in the MDDR, the nation state actors, the increase in cyber crime sophistication, business email compromise that you've heard us talk about on the podcast, all gets sort of wrapped up in a nice little bow in this conversation where we talk about all right, what does it mean, what does it mean for customers? What does it mean for enterprises? What does it mean for security teams? And so we talk about enterprise resiliency. And we actually recorded this interview in late 2020, but here we are, you know, two months later and those findings are just as relevant, just as important. It's a great conversation. And after that, we speak with-Natalia Godyla:Andrew Paverd. So he is a senior researcher on the Microsoft Security Response Center team. And his work is well, well, he does a ton of things. I honestly don't know how he has time to pull all of this off. So he does everything from safe systems programming to leveraging AI, to help with processes within MSRC, the Microsoft Security Response Center. And I just recall one of the quotes that he said from our conversation was hackers don't respect your assumptions, or something to that effect, but it's such a succinct way of describing how hackers approach our systems and technology. So another really great conversation with a, a super intelligent researcher here at Microsoft.Nic Fillingham:On with the pod.Natalia Godyla:On with the pod. Today, we're joined by Irfan Mirza, Director of Enterprise Continuity and Resilience, and we'll be discussing the Microsoft Digital Defense Report and more specifically enterprise resilience. So thank you for being on the show today, Irfan.Irfan Mirza:Thanks so much glad to be here. And hope we have a, a great discussion about this. This is such an important topic now. Natalia Godyla:Yes, absolutely. And we have been incrementally working through the Microsoft Digital Defense Report, both Nic and I have read it and have had some fantastic conversations with experts. So really looking forward to hearing about the summation around resilience and how that theme is pulled together throughout the report. So let's start it off by just hearing a little bit more about yourself. So can you tell us about your day-to-day? What is your role at Microsoft? Irfan Mirza:Well, I lead the enterprise continuity and resilience team and we kind of provide governance overall at the enterprise. We orchestrate sort of all of the, the risk mitigations. We go and uncover what the gaps are, in our enterprise resilience story, we try to measure the effectiveness of what we're doing. We focus on preparedness, meaning that the company's ready and, you know, our critical processes and services are always on the ready. It's a broad space because it spans a very, very large global enterprise. And it's a very deep space because we have to be experts in so many areas. So it's a fun space by saying that.Natalia Godyla:Great. And it's really appropriate today then we're talking about the MDDR and enterprise resilience. So let's start at a high level. So can you talk a little bit about just how security has changed as a product of the pandemic? Why is resilience so important now? Irfan Mirza:Yeah, it's a great question. A lot of customers are asking that, our field is asking that question, people within the company are asking. Look, we've been 11 months under this pandemic. Maybe, you know, in some places like China, they've been going through it for a little bit longer than us, you know, a couple of months more. What we're finding after having sort of tried to stay resilient through this pandemic, uh, one obviously is on the human side, everyone's doing as much as we possibly can there. But the other part of it is on the enterprise side. What is it that we're having to think about as we think of security and as we think of enterprise resilience?Irfan Mirza:There are a couple of big things that I think I would note, one is that, look, when this pandemic hit us, our workforce lifted and shifted. I mean, by that, I mean that we, we, we got up out of our offices and we all left. I mean, we took our laptops and whatever we could home. And we started working remotely. It was a massive, massive lift and shift of personnel, right? We got dispersed. Everybody went to their own homes and most of us have not been back to the office. And it's not just at Microsoft, even, even a lot of our customers and our partners have not gone back to the office at all, right? So that, that's a prolong snow day, if you want to call it that.Irfan Mirza:The other thing that happened is our workload went with us. Wasn't just that, "Hey, you know, I'm taking a few days off, I'm going away or going on vacation and, and I'll be checking email periodically." No, I actually took our work with us and we started doing it remotely. So what that's done is it's created sort of a, a need to go back and look at what we thought was our corporate security boundary or perimeter.Irfan Mirza:You know, in the classical model, we used to think of the corporation and its facilities as the, the area that we had to go and secure. But now in this dispersed workforce model, we have to think about my kitchen as part of that corporate perimeter. And all of a sudden we have to ensure that, that my kitchen is as secure as the corporate network or as the facilities or the office that I was working from. That paradigm is completely different than anything we'd thought about before. Nic Fillingham:And so Irfan, in the MDDR, uh, this section, um, and if you've got the report open, you're playing along at home, I believe it's page 71. This enterprise resiliency is sort of a wrap-up of, of a lot of the observations that are in the MDDR report. It's not a new section. It's as you're getting towards the end of the report, you're looking for, okay, now what does this mean to me? I'm a CSO. I need to make new security policies, security decisions for my organization. This concept of enterprise resiliency is sort of a wrap up of everything that we've seen across cyber crime, across the nation state, et cetera, et cetera. Is that, is that accurate? Is that a good way to sort of read that section in the report? Irfan Mirza:Yeah. It is really the, the way to think of it, right.? It's sort of like a, the conclusion, so what, or why is this relevant to me and what can I do about it? When you think about the report and the way that it's structured, look, we, you know, the report goes into great detail about cyber crime as you called out Nic. And then it talks about nation state threats.Irfan Mirza:These are newer things to us. We've certainly seen them on the rise, actors that are well-trained, they're well-funded they play a long game, not necessarily a short game, they're looking, they're watching and they're waiting, they're waiting for us to make mistakes or to have gaps, they look for changes in tactics, either ours, uh, they themselves are quite agile, right? Irfan Mirza:So when you think about the environment in which we have to think about resilience, and we have to think about security, that environment itself has got new vectors or new threats that are, that are impacting it, right? In addition to that, our workforce has now dispersed, right? We're all over the, all over the globe. We see emerging threats that are, that are, non-classical like ransomware. We see attacks on supply chain. We continue to see malware and malware growing, right? Irfan Mirza:And, and so when you think about that, you have to think if I need to secure now my, my dispersed corporate assets and resources, my people, the workload, the data, the services and the processes that are all there, what are the, the sort of three big things I would need to think about? And so this report sort of encapsulates all, all of that. It gives the details of what, what's happening. And, and then page 71 is you say that resilience piece sort of comes back and says, "Look, your security boundaries extended. Like it or not, it is extended at this point. You've got to think beyond that on-site perimeter that we were thinking about before."Irfan Mirza:So we have to start thinking differently. And th- there's three critical areas that are sort of called out, acknowledging the security boundary has increased, thinking about resilience and performance, and then validating the resilience of our human infrastructure. This is like new ideas, but these are all becoming imperatives for us. We're having to do this now, whether we like it or not. Irfan Mirza:And so this report sort of gives our customers, and, and it's a reflection of what we're doing in the company. It's an open and honest conversation about how we propose to tackle these challenges that we're facing.Nic Fillingham:And so Irfan if we can move on to that critical area, number two, that prioritizing resilient performance. When I say the word performance and resilient performance, is that scoped down just to sort of IT infrastructure, or does that go all the way through to the humans, the actual people in the organization and, um, how they are performing their own tasks, their own jobs and the tasks that are part of their, their job and et cetera, et cetera? What's the, I guess what's the scope of that area too?Irfan Mirza:As we were thinking about resilience, as you know, shortly after we dispersed the workforce, we started thinking about, about what should be included in our classical understanding of resilience. But when you think about, about typical IT services and online services, and so on, a lot of that work is already being done with the life site reviews that we do and people are paying very close attention to service performance. We have SLAs, we have obligations, we have commitments that we've made that our services will be performing to a certain degree, but there are also business processes that are associated with these services very closely. Irfan Mirza:When you think about all of the processes that are involved and services that are involved from the time a customer thinks of buying Office, uh, 365, as an example, to the time that they provision their first mailbox, or they receive their first email, there are dozens of process, business processes. Irfan Mirza:Every single service in that chain could be working to 100% efficiency. And yet if the business processes, aren't there, for instance, to process the deal, to process the contract, to process, uh, the customer's payment or, uh, acknowledge receipt of the payment in order to be able to provision the service, all of these processes, all of a sudden have to, we have to make sure that they're also performing.Irfan Mirza:So when we start thinking about resilience, up to now, business continuity has focused on, are you ready? Are you prepared? Are your dependencies mapped? Have you, have you done a business impact analysis? Are you validating and testing your preparedness? You know, are you calling down your call tree for instance? But I think where we're going now with true enterprise resilience, especially in this sort of modern Irfan Mirza:... day, we're, we're looking at performance, right? What, what is your preparedness resulting in? So if you stop and you think about a child at school, they get homework. Well, the homework really, they bring it home. They do it. They take it back to the teacher. They get graded on it. That's wonderful. This means that the child is ready. But at some point in time, the class or the teacher is going to give them a test, and that test is going to be the measure of performance, right? Irfan Mirza:So we need to start thinking of resilience and continuity in the same way. We're prepared. We've done all our homework. Now let's go and see how many outages did you have? How critical were the outages? How long did they last? How many of them were repeat outages? How many of the repeat outages were for services that are supposed to have zero downtown, like services that are always supposed to on like your DNS service or your identity auth- authentication service, right? So, when you start thinking about, uh, resilience from that perspective, now you've got a new set of data that you have to go and capture, or data that you're capturing, you have to now have to have insights from it. You've got to be able to correlate your preparedness, meaning the homework that you've done with your actual performance, your outage and your, and your gap information. All right?Irfan Mirza:So that, that's what prioritizing resilient performance is all about. It's about taking realtime enterprise preparedness and mapping it to real time enterprise performance. That tells you if your preparedness is good enough or not, or what it is that you need to do. There's a loop here, a feedback loop that has to be closed. You can't just say that, well, you know, we've done all the exercises theoretically. We're good and we're ready to take on any sort of a crisis or, or, or disaster. Yeah, that's fine. Can we compare it to realtime what you're doing? Can we break glass and see what that looks like? Can we shut you down and or shut down parts of your operation as in the event of an earthquake for instance, or a hurricane wiping out, uh, access to a data center, right? Can we do those things and still be resilient when that happens? So this is what performance and resilience come together in that space.Natalia Godyla:So am I right in understanding that beyond, like you said, the theoretical where you think about the policies that you should have in place, and the frameworks that you should have in place, you have the analytics on, you know, the state of, the state of how performant your systems are to date. And then in addition, is there now the need for some sort of stress testing? Like actually figuring out whether an additional load on a system would cause it to break, to not be resilient? Is that now part of the new approach to resilience?Irfan Mirza:Yeah. There are, there are several, several things to do here, right? You absolutely said it. There's a stress test. Actually, this pandemic has, is already a stress test in and of itself, right? It's stressing us in a many ways. It's stressing, obviously the psyche and, and, you know, our whole psychology, and our ability to sustain in quarantine, in isolated, in insulated environments and so on. But it's also testing our ability to do the things that we just so, uh, so much took for granted, like the ability to patch a server that's sitting under my desk in the office whenever I needed to, right? That server now has to become a managed item that somebody can manage remotely, patch remotely, update remotely when needed, control administrative access and privileges remotely. But yes, for resilience, I think we need to now collect all of the data that we have been collecting or looking at and saying, can we start to create those correlations between our preparedness and between our real performance? Irfan Mirza:But there's another area that this dovetails into which is that of human resilience, right? We talked a little bit earlier about, you know, sort of the whole world enduring this hardship. We need to first and foremost look at our suppliers, subcontractors, people that we're critically dependent on. What is their resilience look like? That's another aspect that we have to go back. In the areas where we have large human resources or, or workforces that are working on our behalf, we need to make sure that they're staying resilient, right? Irfan Mirza:We talked on a lot about work/life balance before. Now I think the new buzzword in HR conference rooms is going to be work/life integration. It's completely integrated, and so we need to start thinking about the impact that would have. Are we tracking attrition of our employees, of certain demographics within the employees? Are we looking at disengagement? People just sort of, "Yeah, I'm working from home, but I'm not really being fully engaged." Right? The hallway conversations we used to have are no longer there. And we need to start thinking, are people divesting? Our resources, are they divesting in the workplace? Are they divesting in their, in their work or work/life commitment? These measures are all now having to be sort of like... Irfan Mirza:We used to rely on intuition, a look, a hallway gaze, look at the, the snap in somebody's walk as they walked away from you or out of your office. We don't have that anymore. Everybody's relatively stagnant. We're, we're, we're seated. We don't get to see body language that much. We don't get to read that. There's a whole new set of dynamics that are coming into play, and I think smart corporations and smart companies will start looking at this as a very important area to pay attention to.Nic Fillingham:How are we measuring that? What tools or sort of techniques, or, or sort of frameworks exist to actually put a metric around this stuff, and determine sort of where, where an organization is in terms of their level of resiliency?Irfan Mirza:This question is actually the whole reason why we brought this enterprise resilience sort of a conclusion to this fourth chapter, and, and, you know, the summation of this, of this report. Irfan Mirza:What we're doing now is we're saying, look. Things that used to be fundamentally within the domain of IT departments, or used to be fundamentally with, within the domain of live site, or used to be fundamentally in the domain of human resource departments are now all floating up to be corporate imperatives, to be enterprise imperatives. I think the thinking here is that we need to make sure that the data that we've been collecting about, as an example to answer your question, attrition, right? A certain demographic. Millennials, uh, changing jobs, leaving the company, just to pick an example more than anything else. This is no longer just data that the HR Department is interested in, or that recruiting would be interested in, or, or retention would be interested. This is data that's about to significantly impact the enterprise, and it needs to be brought into the enterprise purview.Irfan Mirza:Our classical and traditional models of looking at things in silos don't allow us to do that. What we're recommending is that we need to have a broader perspective and try to drive insights from this that do tell a more comprehensive story about our ent- enterprise resilience. That story needs to include the resilience of our services, our business processes, our suppliers, our human capital, our infrastructure, our extended security boundary, our data protection, uh, prevention of data loss, our intrusion detection. I mean, there's such a broad area that we have to cover. That's we're saying. And, and as we implement this new sort of zero trust model, I think the, the effectiveness of that model, how much progress we're making is becoming an enterprise priority, not just something that the IT department is going to go around on it's own.Nic Fillingham:Irfan, I wonder if I could put you on the spot, and were there any interesting bits of data that you saw in those first couple months of the shift to remote work where like, yeah, the number of unique devices on the Microsoft corporate network quadrupled in 48 hours. Like any, anything like that? I'd just wondering what, what little stats you may have in hand.Irfan Mirza:Yeah. The number of devices and sort of the flavors of devices, we've always anticipated that that's going to be varied. We're cognizant of that. Look, we have, you know, people have PCs. They have MACs. They have Linux machines, and, and they have service o- operating software. There's a lot of different flavors. And, and it's not just the device and the OS that matters, it's also what applications you're running. Some applications we can certify or trust, and others perhaps we can't, or that we still haven't gotten around to, to verifying, right? And all of these sit, and they all perform various functions including intruding and potentially exfiltrating data and Spyware and Malware and all of that. So when you think about that, we've always anticipated it. Irfan Mirza:But the one thing that, that we were extremely worried about, and I think a lot of our Enterprise customers were worried about, is the performance of the workforce. What we found very early on in, in the, in the lift and shift phase was that we needed to have a way of measuring is our, our built processes working? Are we checking in the same amount of code as we were before? And we noted a couple of interesting things. We looked at our, our VPN usage and said, what are those numbers look like? Are they going up and down?Irfan Mirza:And I think what we found is that initially, the effect was quite comparable to what we had, uh, when we experienced snow days. Schools are shut down. People don't go to work. They're slipping and sliding over here. We're just not prepared for snow weather in, in this state like some of the others. So what happened is, we saw that we were, we were sort of seeing the same level of productivity as snow days. We say that we had the same level of VPN usage as snow days, and we were worried because that, you know, when, when it snows, people usually take the day off, and then they go skiing. Irfan Mirza:So what happened? Well, after about a week things started picking back up. People got tired of sort of playing snow day and decided that, you know what? It's time to, to dig in, and human nature, I think, kicked in, the integrity of the workforce kicked in. And sure enough, productivity went up, VPN usage went up, our number of sessions, the duration of sessions. Meetings became shorter.Nic Fillingham:Can I tell you hallelujah? (laughs) Irfan Mirza:(laughs) Nic Fillingham:That's one of the, that's one of the great-Irfan Mirza:Absolutely.Nic Fillingham:... upsides, isn't it? To this, this new culture of remote work is that we're all meeting for, for less amount of time, which I think, I think is fantastic.Irfan Mirza:Look, you know, in times of crisis, whether it's a natural disaster, or a pandemic, or, or a manmade situation such as a war or a civil war, or whatever, I, I think what happens is the amount of resources that you are customarily used to having access to gets limited. The way in which you work shifts. It changes. And so the, the true test of resilience, I think, is when you are able to adapt to those changes gracefully without requiring significant new investment and you're able to still meet and fulfill your customer obligations, your operational expectations. That really is.Irfan Mirza:So what you learn in times of hardship are to sort of live, you know, more spartan-like. And that spartan-ism, if there's such a word as that, that's what allows you to stay resilient, to say what are the core things that I need in order to stay up and running? And those fundamental areas become the areas of great investment, the areas that you watch over more carefully, the areas that you measure the performance of, the areas that you look for patterns and, and trends in to try to predict what's happening, right?Irfan Mirza:So that is something that carries over from experiences of being in the front lines of a, uh, a war or, or from being, uh, you know, in the midst of a hurricane trying to recover a data center, or an earthquake, or any other, uh, type of power outage, right? These are all the sort of key scenarios that we would be going to look at. And that's one of the things they all have in common. It's really that you don't have the resources or access to the resources that you thought you did, and now you've got to be able to do some things slightly differently.Natalia Godyla:Thank you for joining us on the podcast today. It's been great to get your perspective on enterprise resilience. Really fascinating stuff. So, thank you.Irfan Mirza:Thank you, Natalia. And, and thank you, Nick. It's been a great conversation. As I look back at this discussion that we had, I feel even, even stronger now that the recommendations that we're making, and the guidance that we're giving our customers and sharing our experiences, becomes really, really important. I think this is something that we're learning as we're going along. We're learning on the journey. We're uncovering things that we didn't know. We're looking at data in a different way. We're, we're trying to figure out how do we sustain ourselves, Nic Fillingham:... not just through this pandemic, but also beyond that. And I think the, whatever it is that we're learning, it becomes really important to share. And for our customers and people who are listening to this podcast to share back with us what they've learned, I think that becomes incredibly important because as much as we like to tell people what we're doing, we also want to know what, what people are doing. And so learning that I think will be a great, great experience for us to have as well. So thank you so much for enabling this conversation. Natalia Godyla:And now let's meet an expert from the Microsoft security team to learn more about the diverse backgrounds and experiences of the humans creating AI and tech at Microsoft. Welcome back to another episode of Security Unlocked. We are sitting with Andrew Paverd today, senior researcher at Microsoft. Welcome to the show, Andrew. Andrew Paverd:Thanks very much. And thanks for having me. Natalia Godyla:Oh, we're really excited to chat with you today. So I'm just doing a little research on your background and looks like you've had a really varied experience in terms of security domains consulting for mobile device security. I saw some research on system security. And it looks like now you're focused on confidential computing at Microsoft. So let's start there. Can you talk a little bit about what a day in the life of Andrew looks like at Microsoft? Andrew Paverd:Absolutely. I think I have one of the most fascinating roles at Microsoft. On a day-to-day basis, I'm a researcher in the confidential computing group at the Microsoft Research Lab in Cambridge, but I also work very closely with the Microsoft Security Response Center, the MSRC. And so these are the folks who, who are dealing with the frontline incidents and responding to reported vulnerabilities at Microsoft. But I work more on the research side of things. So how do we bridge the gap between research and what's really happening on the, on the front lines? And so I, I think my position is quite unique. It's, it's hard to describe in any other way than that, other than to say, I work on research problems that are relevant to Microsoft security. Natalia Godyla:And what are some of those research problems that you're focused on? Andrew Paverd:Oh, so it's actually been a really interesting journey since I joined Microsoft two years ago now. My background, as you mentioned, was actually more in systems security. So I had, I previously worked with technologies like trusted execution environments, but since joining Microsoft, I've worked on two really, really interesting projects. The, the first has been around what we call safe systems programming languages. Andrew Paverd:So to give a bit more detail about it in the security response center, we've looked at the different vulnerabilities that Microsoft has, has patched and addressed over the years and seen some really interesting statistics that something like 70% of those vulnerabilities for the pa- past decade have been caused by a class of vulnerability called memory corruption. And so the, the question around this is how do we try and solve the root cause of problem? How do we address, uh, memory corruption bugs in a durable way? Andrew Paverd:And so people have been looking at both within Microsoft and more broadly at how we could do this by transitioning to a, a different programming paradigm, a more secure programming language, perhaps. So if you think of a lot of software being written in C and C++ this is potentially a, a cause of, of memory corruption bugs. So we were looking at what can we do about changing to safer programming languages for, for systems software. So you might've heard about new languages that have emerged like the Rust programming language. Part of this project was investigating how far we can go with languages like Rust and, and what do we need to do to enable the use of Rust at Microsoft.Natalia Godyla:And what was your role with Rust? Is this just the language that you had determined was a safe buyable option, or were you part of potentially producing that language or evolving it to a place that could be safer? Andrew Paverd:That's an excellent question. So in, in fact it, it was a bit of both first determining is this a suitable language? Trying to define the evaluation criteria of how we would determine that. But then also once we'd found Rust to be a language that we decided we could potentially run with, there was an element of what do we need to do to bring this up to, let's say to be usable within Microsoft. And actually I, I did quite a bit of work on, on this. We realized that, uh, some Microsoft security technologies that are available in our Microsoft compilers weren't yet available in the Rust compiler. One in particular is, is called control flow guard. It's a Windows security technology and this wasn't available in Rust. Andrew Paverd:And so the team I, I work with looked at this and said, okay, we'd like to have this implemented, but nobody was available to implement it at the time. So I said, all right, let me do a prototype implementation and, uh, contributed this to the open source project. And in the end, I ended up following through with that. And so I've, I've been essentially maintaining the, the Microsoft control flow guide implementation for the, the Rust compiler. So really an example of Microsoft contributing to this open source language that, that we hope to be using further.Nic Fillingham:Andrew, could you speak a little bit more to control flow guard and control flow integrity? What is that? I know a little bit about it, but I'd love to, for our audience to sort of like expand upon that idea. Andrew Paverd:Absolutely. So this is actually an, an example of a technology that goes back to a collaboration between the MSRC, the, the security response center and, and Microsoft Research. This technology control flow guard is really intended to enforce a property that we call control flow integrity. And that simply means that if you think of a program, the control flow of a program jumps through two different functions. And ideally what you want in a well-behaved program is that the control always follows a well-defined paths. Andrew Paverd:So for example, you start executing a function at the beginning of the function, rather than halfway through. If for example, you could start executing a function halfway through this leads to all kinds of possible attacks. And so what control flow guard does is it checks whenever your, your program's going to do a bronch, whenever it's going to jump to a different place in the code, it checks that that jump is a valid call target, that you're actually jumping to the correct place. And this is not the attacker trying to compromise your program and launch one of many different types of attacks.Nic Fillingham:And so how do you do that? What's the process by which you do en- ensure that control flow?Andrew Paverd:Oh, this is really interesting. So this is a technology that's supported by Windows, at the moment it's only available on, on Microsoft Windows. And it works in conjunction between both the compiler and the operating system. So the compiler, when you compile your program gives you a list of the valid code targets. It says, "All right, here are the places in the program where you should be allowed to jump to." And then as the program gets loaded, the, the operating system loads, this list into a highly optimized form so that when the program is running it can do this check really, really quickly to say, is this jump that I'm about to do actually allowed? And so it's this combination of the Windows operating system, plus the compiler instrumentation that, that really make this possible. Andrew Paverd:Now this is quite widely used in Windows. Um, we want in fact as much Microsoft software as possible to use this. And so it's really critical that we enable it in any sort of programming language that we want to use. Nic Fillingham:How do you protect that list though? So now you, isn't that now a target for potential attackers?Andrew Paverd:Absolutely. Yeah. And, and it becomes a bit of a race to, to-Nic Fillingham:Cat and mouse.Andrew Paverd:... protect different-Natalia Godyla:(laughs).Andrew Paverd:A bit of, a bit of a cat, cat and mouse game. But at least the nice thing is because list is in one place, we can protect that area of memory to a much greater degree than, than the rest of the program. Natalia Godyla:So just taking a step back, can you talk a little bit about your path to security? What roles have you had? What brought you to security? What's informing your role today? Andrew Paverd:It's an interesting story of how I ended up working in security. It was when I was applying for PhD programs, I had written a PhD research proposal about a topic I thought was very interesting at the time on mobile cloud computing. And I still think that's a hugely interesting topic. And what happened was I sent this research proposal to an academic at the University of Oxford, where I, I was looking to study, and I didn't hear anything for, for a while. Andrew Paverd:And then, a fe- a few days later I got an email back from a completely different academic saying, "This is a very interesting topic. I have a project that's quite similar, but looking at this from a security perspective, would you be interested in doing a PhD in security on, on this topic?" And, so this was my very mind-blowing experience for me. I hadn't considered security in that way before, but I, I took a course on security and found that this was something I was, I was really interested in and ended up accepting the, the PhD offer and did a PhD in system security. And that's really how I got into security. And as they say, the rest is history.Natalia Godyla:Is there particular part of security, particular domain within security that is most near and dear to your heart?Andrew Paverd:Oh, that's a good question.Natalia Godyla:(laughs).Andrew Paverd:I think, I, I think for me, security it- itself is such a broad field that we need to ensure that we have security at, at all levels of the stack, at all, places within the chain, in that it's really going to be the weakest link that an attacker will, will go for. And so I've actually changed field perhaps three times so far. This is what keeps it interesting. My PhD work was around trusted computing. And then as I said, I, since joining Microsoft, I've been largely working in both safe systems programming languages and more recently AI and security. And so I think that's what makes security interesting. The, the fact that it's never the same thing two days in a row.Natalia Godyla:I think you hit on the secret phrase for this show. So AI and security. Can you talk a little bit about what you've been doing in AI and security within Microsoft? Andrew Paverd:Certainly. So about a year ago, as many people in the industry realized that AI is being very widely used and is having great results in so many different products and services, but that there is a risk that AI algorithms and systems themselves may be attacked. For example, I, I know you had some, some guests on your podcast previously, including Ram Shankar Siva Kumar who discussed the Adversarial ML Threat Matrix. And this is primarily the area that I've been working in for the past year. Looking at how AI systems can be, can be attacked from a security or a privacy perspective in collaboration with researchers, from MSR, Cambridge. Natalia Godyla:What are you most passionate about? What's next for a couple of these projects? Like with Rust, is there a desire to make that ubiquitously beyond Microsoft? What's the next stage? Andrew Paverd:Ab- absolutely. Natalia Godyla:Lots of questions. (laughs).Andrew Paverd:Yeah. There's a lot of interest in this. So, um, personally, I'm, I'm not working on the SSPL project myself, or I'm, I'm not working on the safe systems programming languages project myself any further, but I know that there's a lot of interest within Microsoft. And so hopefully we'll see some exciting things e- emerging in that space. But I think my focus is really going to be more on the, both the security of AI, and now we're also exploring different areas where we can use AI for security. This is in collaboration, more with the security response center. So looking into different ways that we can automate different processes and use AI for different types of, of analysis. So certainly a lot more to, to come in that space.Nic Fillingham:I wanted to come back to Rust for, for a second there, Andrew. So you talked about how the Rust programming language was specifically designed for, correct me on taxonomy, memory integrity. Is that correct?Andrew Paverd:For, for memory safety, yeah. Nic Fillingham:Memory safety. Got it. What's happening on sort of Nic Fillingham:... and sort of the, the flip side of that coin in terms of instead of having to choose a programming language that has memory safety as sort of a core tenet. What's happening with the operating system to ensure that languages that maybe don't have memory safety sort of front and center can be safer to use, and aren't threats or risks to memory integrity are, are sort of mitigated. So what's happening on the operating system side, is that what Control Flow Guard is designed to do? Or are there other things happening to ensure that memory safety is, is not just the responsibility of the programming language?Andrew Paverd:Oh, it's, that's an excellent question. So Control Flow Guard certainly helps. It helps to mitigate exploits once there's been an, an initial memory safety violation. But I think that there's a lot of interesting work going on both in the product space, and also in the research space about how do we minimize the amount of software that, that we have to trust. If you accept that software is going to have to bugs, it's going to have vulnerabilities. What we'd like to do, is we'd like to trust as little software as possible.Andrew Paverd:And so there's a really interesting effort which is now available in, in Azure under the, the heading of Confidential Computing. Which is this idea that you want to run your security sensitive workloads in a hardware enforced trusted execution environment. So you actually want to take the operating system completely out of what we call the trusted computing base. So that even if there are vulnerabilities in, in the OS, they don't affect your security sensitive workloads. So I think that there's this, this great trend towards confidential computing around compartmentalizing and segmenting the software systems that we're going to be running.Andrew Paverd:So removing the operating system from the trusted computing. And, and indeed taking this further, there's already something available in Azure, you can look up Azure Confidential Computing. But there's a lot of research coming in from the, the academic side of things about new technologies and new ways of, of enforcing separation and compartmentalization. And so I think it's part of this full story of, of security that we'll need memory safe programming languages. We'll need compartmentalization techniques, some of which, uh, rely on new hardware features. And we need to put all of this together to really build a, a secure ecosystem.Nic Fillingham:I only heard of Confidential Computing recently. I'm sure it's not a new concept. But for me as a sort of a productized thing, I only sort of recently stumbled upon it. I did not realize that there was this gap, there was this delta in terms of data being encrypted at rest, data being encrypted in transit. But then while the data itself was being processed or transformed, that that was a, was a gap. Is that the core idea around Confidential Computing to ensure that at no stage the data is not encrypted? Is, is that sort of what it is?Andrew Paverd:Absolutely. And it's one of the key pieces. So we call that isolated execution in the sense that the data is running in a, a trusted environment where only the code within that environment can access that data. So if you think about the hypervisor and the operation system, all of those can be outside of the trusted environment. We don't need to trust those for the correct computation of, of that data. And as soon as that data leaves this trusted environment, for example if it's written out of the CPU into the DRAM, then it gets automatically encrypted.Andrew Paverd:And so we have that really, really strong guarantee that only our code is gonna be touching our data. And the second part of this, and this is the really important part, is a, a protocol called remote attestation where this trusted environment can prove to a remote party, for example the, the customer, exactly what code is going to be running over that data. So you have a, a very high degree of assurance of, "This is exactly the code that's gonna be running over my data. And no other code will, will have access to it."Andrew Paverd:And the incredibly interesting thing is then, what can we build with these trusted execution environment? What can we build with Confidential Computing? And to bring this back to the, the keyword of your podcast, we're very much looking at confidential machine learning. How do we run machine learning and AI workloads within these trusted execution environments? And, and that unlocks a whole lot of new potential.Nic Fillingham:Andrew, do you have any advice for people that are m- maybe still studying or thinking about studying? Uh, I see so you, your initial degree was in, not in computer engineering, was it?Andrew Paverd:No. I, I actually did electrical engineering. And then electrical and computer engineering. And by the time I did a PhD, they put me in a computer science department, even though-Nic Fillingham:(laughs).Andrew Paverd:... I was doing software engineering.Nic Fillingham:Yeah. I, so I wonder if folks out there that, that don't have a software or a computer engineering degree, maybe they have a, a different engineering focus or a mathematics focus. Any advice on when and how to consider computer engineering, or sort of the computing field?Andrew Paverd:Yeah. Uh, absolutely. Uh, I think, eh, in particular if we're talking about security, I'd say have a look at security. It's often said that people who come with the best security mindsets haven't necessarily gone through the traditional programs. Uh, of course it's fantastic if you can do a, a computer science degree. But if you're coming at this from another area, another, another aspect, you bring a unique perspective to the world of cyber security. And so I would say, have a look at security. See if it's something that, that interests you. You, you might find like I did that it's a completely fascinating topic.Andrew Paverd:And the from there, it would just be a question of seeing where your skills and expertise could best fit in to the broad picture of security. We desperately need people working in this field from all different disciplines, bringing a diversity of thought to the field. And so I, I'd highly encourage people to have a look at this.Natalia Godyla:And you made a, quite a hard turn into security through the PhD suggestion. It, like you said, it was one course and then you were off. So, uh, what do you think from your background prepared you to make that kind of transition? And maybe there's something there that could inform others along the way.Andrew Paverd:I think, yes, it, it's a question of looking at, uh, of understanding the system in as much detail as you possibly can. And then trying to think like, like an attacker. Trying to think about what could go wrong in this system? And as we know, attackers won't respect our assumptions. They will use a system in a different way in which it was designed. And that ability to, to think out of the box, which, which comes from understanding how the system works. And then really just a, a curiosity about security. They call it the security mindset, of perhaps being a little bit cautious and cynical. To say-Natalia Godyla:(laughs).Andrew Paverd:... "Well, this can go wrong, so it probably will go wrong." But I think that's, that's the best way into it.Natalia Godyla:Must be a strong follower of Murphy's Law.Andrew Paverd:Oh, yes.Natalia Godyla:(laughs).Nic Fillingham:What are you watching? What are you binging? What are you reading? Either of those questions, or anything along in that flavor.Andrew Paverd:I'll, I'll have to admit, I'm a, I'm a big fan of Star Trek. So I've been watching the new Star Trek Discovery series on, on Netflix. That's, that's great fun. And I've recently been reading a, a really in- interesting book called Atomic Habits. About how we can make some small changes, and, uh, how these can, can help us to build larger habits and, and propagate through.Nic Fillingham:That's fascinating. So that's as in looking at trying to learn from how atoms and atomic models work, and seeing if we can apply that to like human behavior?Andrew Paverd:Uh, no. It's just the-Nic Fillingham:Oh, (laughs).Andrew Paverd:... title of the book.Natalia Godyla:(laughs).Nic Fillingham:You, you had me there. Natalia Godyla:Gotcha, Nick.Nic Fillingham:I was like, "Wow-"Natalia Godyla:(laughs).Nic Fillingham:" ... that sounds fascinating." Like, "Nope, nope. Just marketing." Marketing for the win. Have you always been Star Trek? Are you, if, if you had to choose team Star Trek or team Star Wars, or, or another? You, it would be Star Trek?Andrew Paverd:I think so. Yeah.Nic Fillingham:Yeah, me too. I'm, I'm team Star Trek. Which m- may lose us a lot of subscribers, including Natalia.Andrew Paverd:(laughs).Nic Fillingham:Natalia has her hands over her mouth here. And she's, "Oh my gosh." Favorite Star Trek show or-Andrew Paverd:I, I have to say, it, it would've been the first one I watched, Deep Space Nine.Nic Fillingham:I love Deep Space Nine. I whispered that. Maybe that-Natalia Godyla:(laughs).Nic Fillingham:... it's Deep Space Nine's great. Yep. All right, cool. All right, Andrew, you're allowed back on the podcast. That's good.Andrew Paverd:Thanks.Natalia Godyla:You're allowed back, but I-Nic Fillingham:(laughs).Natalia Godyla:... (laughs).Andrew Paverd:(laughs).Nic Fillingham:Sort of before we close, Andrew, is there anything you'd like to plug? I know you have a, you have a blog. I know you work on a lot of other sorta projects and groups. Anything you'd like to, uh, plug to the listeners?Andrew Paverd:Absolutely, yeah. Um, we are actually hiring. Eh, well, the team I work with in Cambridge is, is hiring. So if you're interested in privacy preserving machine learning, please do have a look at the website, careers.microsoft.com. And submit an application to, to join our team.Natalia Godyla:That sounds fascinating. Thank you.Nic Fillingham:And can we follow along on your journey and all the great things you're working at, at your website?Andrew Paverd:Eh, absolutely, yeah. And if you follow along the, the Twitter feeds of both Microsoft Research Cambridge, and the Microsoft Security Response Center, we'll, we'll make sure to tweet about any of the, the new work that's coming out.Nic Fillingham:That's great. Well, Andrew Paverd, thank you so much for joining us on the Security Unlocked Podcast. We'd love to have you come back and talk about some of the projects you're working on in a deep-dive section on a future episode.Andrew Paverd:Thanks very much for having me.Natalia Godyla:Well, we had a great time unlocking insights into security, from research to artificial intelligence. Keep an eye out for our next episode.Nic Fillingham:And don't forget to tweet @MSFTSecurity. Or email us at securityunlocked@microsoft.com with topics you'd like to hear on a future episode. Until then, stay safe.Natalia Godyla:Stay secure.
2/10/2021

Pluton: The New Bedrock for Device Security

Ep. 14
Close your eyes, and imagine a world where booting up your computer wasn’t a susceptibility point for attacks. Imagine a Root of Trust that’s integrated into the CPU. Imagine all of your devices being protected against advanced attacks. Now, what if I told you there’s a cutting-edge processor that’s battle-tested for hardware penetrations, easy to update, and protects credentials, encryption keys, and personal data all at once? What if I told you it was already here, and your systems might already be using it?! Open your eyes, and get ready to be amazed! It’s Pluton, baby! Peter Waxman, Group Program Manager at Microsoft, joins hosts Nic Fillingham and Natalia Godyla in a tell-all about Pluton. Trust us, Pluton is sure to knock your SOCs off (that’s System on a Chip)!Now that your eyes have been opened to a more secure system, we’d like to ask you to keep the volume down, because you’ve just entered the Library of Threats. While it may sound like inspiration for the next installment of National Treasure, you won’t find Nicolas Cage in this library (at least you shouldn’t). However, you will find Madeline Carmichael, MSTIC’s Threat Intel Librarian, whose movie-worthy title is just as impressive as it sounds. To be honest though, you might not find anyone in the library, as it bears more resemblance to Professor X’s Cerebro than it does your local hardcover sanctuary.In This Episode, You Will Learn:  •What the Pluton Security Processor is and how it was created•The architecture of the Pluton Security Processor•What challenges were faced while bringing the Pluton Security Processor to life•The Root of Trust today vs. The Future with Pluton•The naming systems for threat actors, from periodic elements to volcanoesSome Questions We Ask:•What differentiates the Pluton Security Processor from previous methodologies?•Why is the Pluton Processor better than what we have used in the past? •What challenges lie ahead with the next steps around Pluton?•What has changed since Pluton was in Xbox to where it is now?•What tools and platforms does a Threat Intel Librarian utilize?Resources:Microsoft Pluton Announcement:https://www.microsoft.com/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs/Peter’s LinkedInhttps://www.linkedin.com/in/peter-waxman-ba5555/Madeline’s LinkedInhttps://www.linkedin.com/in/madeline-carmichael-081540b2/Nic’s LinkedInhttps://www.linkedin.com/in/nicfill/Natalia’s LinkedInhttps://www.linkedin.com/in/nataliagodyla/Microsoft Security Blog:https://www.microsoft.com/security/blog/Transcript(Fulltranscriptcan be found athttps://aka.ms/SecurityUnlockedEp14)Nic Fillingham:Hello, and welcome to Security Unlocked, a new podcast from Microsoft where we unlock insights from the latest in news and research from across Microsoft's Security Engineering and Operations teams. I'm Nic Fillingham.Natalia Godyla:And I'm Natalia Godyla. In each episode, we'll discuss the latest stories from Microsoft Security, deep dive into the newest threat intel, research, and data science.Nic Fillingham:And profile some of the fascinating people working on artificial intelligence in Microsoft Security. Natalia Godyla:And now, let's unlock the pod. Hey, Nic, how's it going?Nic Fillingham:Hey, Natalia. I am good, I am excited. I've been excited for every episode, but I think this is the episode where we may be able to spin off into a major, major motion picture. I'm quite convinced that one of our guests, their story is compelling enough that a Nicolas Cage-style act, maybe even Nicolas Cage would be willing to turn this into a film.Natalia Godyla:Let's line up the two guests, and l- let our audience figure out which one is the next National Treasure.Nic Fillingham:First up, we have Peter Waxman, who's gonna talk to us about the Microsoft Pluton announcement from back in November of last year. This is a continuation from a conversation we had with Nazmus Sakib a few episodes ago where we talked about ensuring integrity at the firmware layer up and secured-core PCs, and now we're sorta continuing that conversation, deep-diving into what is the Pluton. Our Microsoft Pluton technology was announced in November. Fascinating conversation. And then we speak with?Natalia Godyla:Madeline Carmichael, who has a background in library science and worked in physical libraries, and now she is a threat intel librarian. So her title is MSTIC Librarian, she helps to catalog the different threat actor groups that we monitor. So it's a callback to a conversation that we had with Jeremy Dallman about tacking nation-state actors. Nic Fillingham:Yeah. So Madeline's job, apart from, uh, you know, one of the things that she does is she helps name these nation-state actors. And so we, Jeremy walked us through the, uh, periodic table of elements that is used to actually name who these nation-state groups are. So I just think that's fa- that's fascinating to go from a physical library and sort of library sciences into the deepest, darkest recesses of nation-state threats and nation-state actors. I- I think that is a Nicolas Cage vehicle waiting to happen, and I can't wait to go back into the cinema and we can sit down with our popcorn and we can watch National Treasure 7: MSTIC Librarian. This time, it's elementary? (laughs)Natalia Godyla:(laughs).Nic Fillingham:National Treasure 7: Threat Catalog- Catalog. Don't judge a threat actor by its name. No. Natalia Godyla:I see it. I know why you picked Madeline's. I feel like we probably need a little bit more help on that tag line, so if anyone wants to give us some feedback, securityunlocked@microsoft.com, let us know. We are actively working on this script. Nic Fillingham:On with the pod?Natalia Godyla:On with the pod.Nic Fillingham:Welcome to Security Unlocked. Peter Waxman, thanks for joining us.Peter Waxman:Thank you, great to be here.Nic Fillingham:So this is gonna be the second of three deep dives we do on the sort of very broad topic of ensuring the integrity and the security of physical devices through things like protecting firmware, and obviously we'll expand upon that in this conversation here. Peter, you're joining us today to talk about the recently-announced Microsoft Pluton processor, so that, this is gonna be great. We're excited to chat with you. Nic Fillingham:Um, before we get into that, we'd love to ask. Tell us a little bit ab- about yourself. What's your job? What team are you in? What's the mission of the team? What's your day-to-day look like?Peter Waxman:Awesome, awesome. At Microsoft, I work in, uh, the Enterprise Security team, part of the so-called Azure application platform. Basically what we do broadly is build all the operating system platform and everything underneath. You can think about it as Windows, the operating system, you know, Windows that powers Azure. Even what powers Xbox and some of our other devices. Peter Waxman:And in particular, what I do is I focus on the operating system security and the low-level platform security that that operating system depends upon. Think about the hardware and firmware that our partners produce, to go make sure that that experience is completely secure. It protects our customers' data, it protects their identities, it makes sure that their application run with integrity and that they don't get hacked. And if they do get hacked, that we have an easy way to update and renew the system to get them in a good state again.Natalia Godyla:And so, we recently announced on November 17th the Pluton processor. Can you tell us about that? What- what is Pluton?Peter Waxman:Yes. Yeah. This is a big, exciting thing. It's something that we've been working on for quite some time. What Pluton essentially is is it's basically a security chip that lives inside of a larger chip. We call it basically the Pluton security processor, and this is like the heart of the security system in a PC or in a device. Peter Waxman:If you think about the security of a device, when you push power on that, when you push power on your laptop or computer, the, and the CPU comes up, one of the most important things is that the way that that system boots up and starts happens in a secure fashion. Because if it doesn't happen in a secure fashion, then it's very easy for bad actors to basically get in underneath and to root the system and cause all sorts of problems. Peter Waxman:So what Pluton is is basically this root of trust, the security processor that we, Microsoft, are integrating, and which is what we announced along with our major silicon partners in AMD, Intel, and Qualcomm, into the fabric of their products, in to the fabric of their chips. And so, by having that tight integration, it ensures that basically those chips and those products come up and boot in a secure fashion, and that we can then run Windows on this trusted foundation where we know the system is secure and basically we have, uh, much stronger footing with Pluton in the system going forward.Natalia Godyla:So what differentiates the Pluton security processor from previous methodologies? What were you using in the past? Why is this better?Peter Waxman:So traditionally in, uh, most PCs, the root of trust today is actually a separate chip. You know, very typically a discrete TPM. And that is something that lives on the motherboard as a separate unit, but it basically communicates over an insecure bus to the CPU. And the problem with that is that it just, it lends itself to all sorts of attacks. There's been a variety of ones that have been published. One of the common things that it's been known and in a published attack, basically there's one called TPM Genie. That bus, because it's insecure, even though the TPM chip itself may be highly secure, the system overall is not. Peter Waxman:And so, attackers can go in with very inexpensive hardware, a logic analyzer, $50 worth of equipment, and go and basically intercept and alter the communications between the CPU and the TPM. And end up basically, you end up with an insecure system as a result. You could actually be booting malware in the firmware. You could basically be booting with exploits all through the boot chain, and Windows wouldn't know about it. The customer's data and experience would be compromised as a result. And so, by moving the root of trust into the CPU die, we're basically taking a whole class of attacks out of the scope, resulting in a system that is more secure overall in terms of how it comes up and the foundation. Peter Waxman:It's also something, though, that one of the challenges that exists with the existing roots of trust is that they're very hard to update. Like other components in the system, right? They have their own firmware, the firmware can have vulnerabilities, and in fact, there have been notable vulnerabilities that have existed in TPM firmware. And when we look and see across the inventory of Windows 10 systems out there, there's actually a very large number of TPMs that are running out-of-date, unpatched firmware.Peter Waxman:Uh, as a result of having Pluton integrated into the CPU and having tighter control of it from Windows, we can leverage the decades of experience and billion-plus endpoint reliability that we have in Windows Update to offer customers the ability to much more easily and automatically update firmware on the root of trust of the system. If there's ever any security issue that we find, we can very quickly get an update out. We can also, importantly, update with new capability, so as new scenarios come online, where customers want to take advantage or applications want to take advantage of this root of trust, we have the ability to add that capability to Pluton in a easy, quick ability through Windows Update. Natalia Godyla:So what challenges did you have with bringing this security processor to life, with bringing it to PCs, in particular with the partners and OEMs that we were bringing it into the market with? And- and what challenges still lay ahead with the next steps that you have around Pluton?Peter Waxman:Yeah, so there's plenty. I mean, there's a- there's a tremendous, uh, satisfaction that we have and, you know, came to the point where we have been able to announce with our major silicon partners that we're bringing this to market. But I'm humbled by it, but at the same point we still have a ways to go before this comes to market. And to continue really in seeing to the vision, which is really to enable Pluton everywhere and to be ubiquitous even beyond PCs and- and gaming consoles and- and IoT devices.Peter Waxman:So- so a lot more work to do. Working with the ecosystem is something that takes a lot of time. It's been a tremendous effort, it's been several years in the making just to get to this point where, you know, we're far enough along with our partners that we can announce it, that we feel confident around landing these products. Both with the silicon partners that we announced, as well as with a range of PC OEMs that have been with us on this journey over the last year.Peter Waxman:We're at a point, though, because, you know, we're basically taking Microsoft technology and integrating it with our- our silicon partners, it's our silicon partners' products that are the ones that will bring this to market on OEM devices. They are not yet ready to announce sort of their particular timeframe intercepts, so unfortunately I won't speak to exactly when products land. But, you know, they are coming, folks should stay tuned. Peter Waxman:And when you think about Intel or AMD or Qualcomm chip, kind of the rule of thumb is it takes three years to go from the time that you start the design to the time that you have the chip in hand. So that's a long process. We're well away, well along that path in terms of where we're at, but it's lot of, obviously, detailed architectural work. Peter Waxman:We're excited about, uh, the product finalization and also thinking about sort of the next set of steps and next silicon products for integration. But it's- it's a huge effort across a range of companies to- to land something like this.Nic Fillingham:Is the goal to be integrated across the entire silicon spectrum in terms of consumer, low-end, affordable consumer devices, all the way through to secure e-work stations, uh, and sort of everything in between? Or it specifically a solution for more security-conscious, sort of enterprise customers?Peter Waxman:Great question. Yeah. No, so this is important. We see this capability as something that just is a fundamental security property that needs to be there on a modern device. We have seen, we've all seen how over the last 10, 15 years there's just been an increasing amount of sophistication, not just in software attacks but in attacks that basically deal with low-level aspects of vulnerabilities in firmware, hardware attacks that exist. You can get up to nation-state stuff, and we see things, whether it's in the Snowden leaks or particular instances of nation-state attacks, that are taking advantage of, say, firmware vulnerabilities.Peter Waxman:But it's more common that than. I mean, there are criminal networks that have exploited UEFI components in PCs to basically connect PCs to botnet networks to cause a variety of- of issues there. There continue to be, on a week-in, week-out basis, month-in, month-out basis, vulnerabilities that are reported that exist in a variety of firmware components or new hardware disclosures that exist. Peter Waxman:So it is something that is cross-cutting, it's something that is not just an enterprise issue. It's something where, you know, this raises the security of all devices, and is basically something that the average consumer has a right to expect of their device. That expectation Peter Waxman:Absolutely needs to be there from the lowest end consumer device to the highest end enterprise device. We... And, and Microsoft just committed to that. Natalia Godyla:So with Pluton becoming a new industry gold standard, I'm sure that also means that it'll become a target or a goal for hackers to try to break into. So, what are the challenges for hackers? What would they need to overcome in order to actually hack to Pluton processor in a, in a hypothetical situation? Peter Waxman:Yeah, it's a good question. I mean, there's certainly, especially in the research community, there's a lot of established, uh, research and techniques that folks do to, uh, break into hardware products. I mean, we've seen that certainly, like, going back to the Xbox days, right? There's, uh... One of the things that's interesting about sorta the consumer gaming security space is that in order for the adversaries to thrive, they're not necessarily a criminal network, they're not a nation-state, and they need to share information so you can kind of observe them more easily. But there are techniques and capabilities that folks have addressed and, obviously, with Pluton we're trying to ensure that we are targeting a bar that makes it very challenging for them to attack the system. Peter Waxman:It is one, though, we're never gonna say that there's any perfect security system, and so you have to design your system to be renewable. You have to allow for the fact that they're going to be, gonna be issues that are gonna be found and make sure that you can update, you can patch, and also that you have defense in depth. So, if a hardware measure is defeated, you have something backing that up. We feel confident about, uh, Pluton just in terms of its, it, it is battle-tested. Peter Waxman:This is something that we started on this journey 10 years ago. We've continued to invest in the capability and we're not done investing in the capability. We will continue to harden and strengthen it over time. But it's, you know, we're, we're talking about super cool equipment that a variety of folks'll go over to try to glitch and figure out what timing abilities does an attacker have to figure out if they issue a, a 20 nanosecond pulse on exactly this pin and exactly ti- this time at boot can they glitch the system to cause a, a, or, say, a crypto operation or what have you to basically fail. Peter Waxman:These are the rates of attacks that come into a scope when you get into hardware security and, so, we've got a bunch of super bright folks that are experienced in this space, but, uh, we'll be interested to see how the threat actors respond and... It's also important to note that Pluton, we don't trust in the system, there's a critical security component, but it's not the only security component, right? The whole stack of, uh, security that, you know, st- stands on top whether it's an OEM device and their firmware or in Windows itself or in applications. These all matter, too. Peter Waxman:An application can still have a vulnerability in it that is remotely exploited regardless of Pluton being in the system. And, so, you've got to look at the whole system from a security perspective to make sure that, uh, we're continuing to drive security across, up, and down the stack. Nic Fillingham:And, Peter, I assume, uh, Microsoft, as well as the actual silicon manufacturers, you know, they're actively gonna be pen testing, uh, the Pluton processor over time, right? So, as Pluton is defined and as it goes into production and as it actually gets into the hands of, of customers, there'll be a continual effort on behalf of Microsoft and, I assume, also the silicon partners, too. Keep it secure and, and see if we can hack it ourselves to, to deter and find any potential vulnerabilities and address them. Is that part of the process?Peter Waxman:Absolutely. Absolutely. Nic, so, Microsoft, the history that we've got with Pluton, we have both ourselves and involved third parties in doing hardware penetration tests, hard- hardware hacking on it to assess its strength. We have a, a long history of working with our hardware partners on hardware security and working with them on basically issues in firmware and hardware in their silicon. And, obviously, for the particular partnerships, both parties, you know, in this case Intel, AMD, and Qualcomm, are fully aligned with us in ensuring that their security teams, our security teams, red team and pen test teams, and external evaluation that, basically, we get as much eyes on this to find any issues before anyone else does and, hopefully, to not find anything, which has been the case to date. When we do, to basically respond and, and react to, uh, accordingly with our partners. Natalia Godyla:And, what learnings did you have so far from the days in which you put Pluton into an Xbox and now? Like, what have you changed in the processor for the PCs for this new announcement? If, if anything?Peter Waxman:We've evolved in a number of areas. I think that one is that just the application of it is different somewhat in the PC than it is in an Xbox than it is in an IoT device. So, for example, TPM functionality, which we talked about earlier is something that we don't need a standardized TPM in the Xbox. It's all sort of vertically integrated. Stack, we do things that are similar to a TPM, but we don't need that capability. But in a PC, that's a standardized functionality that exists in pretty much every PC today. And, so, there are capabilities that we've added to be able to, say, support that from a firmware perspective and where needed to add additional hardware blocks.Peter Waxman:We have advanced. There's places where it's just a matter of hardening the design that we have in Pluton. So, some amount of resistance to physical attacks that we've increased over time. And, it's also, you know, supporting newer capabilities that may exist in, in the industry. If I think back to Xbox days, the expectations around crypto key lengths, for example, right? We didn't have as many crypto algorithms or quite as long key lengths. We supported, say, in the, you know, early implementations of HSP versus today. Now that we have quantum crypto creeping up on us over the next 10 to 15 years, right? There's a much higher focus, for example, on longer crypto key lengths to make sure that we can maintain resistance until we get to sorta implementation, more common implementations of post-quantum crypto algorithms. Peter Waxman:So, some examples of places where we have just evolved and, um, you know the way Microsoft views it the Pluton-based, the, the architecture and design is something that we evolved for all end points and, so, you'll see, for example, that the Pluton is in the latest Xbox series X and S that we announced, came to market with, and launched in November is a more advanced version, right, based upon that newer capability set then what was there in the Xbox One. So, as I mentioned, continue to sort of update this technology and continue to make it available through these range of markets.Nic Fillingham:I want to ask about the architecture of the Pluton security processor. When it goes onto the actual CPU die, is it going to be a tax on the CPU? Is it, or is it sort of occupying such a trivial amount of sort of transistors and, you know, storage elements that you're not gonna know that your computer is Pluton powered? It's just gonna be happening silently and completely invisibly in the background.Peter Waxman:Yeah. That's r-, that's right. It is, from a power perspective or sort of any other aspect from an end-user, you're... Basically it's a small component when you think about it in relation to a modern SOC or modern CPU. It's not taking any relevant amount of power that's at all gonna be noticeable from the device perspective. It's basically this hidden component inside the SOC, system on a chip, complex that, uh, is basically working on your behalf ensuring you have a much higher security experience as a result, but you will not notice it being there. That's right. It's basically invisible. Nic Fillingham:And, and just circling back to that Xbox comment, so, so I've got an Xbox One, uh, here at home. It's the Xbox One S.Peter Waxman:Yep.Nic Fillingham:So, there is a version or a precursor to the Pluton on my Xbox. Is it Pluton v. 1 or is it pre-Pluton? How should I sort of think about that? Peter Waxman:You've got Pluton. You've got Pluton.Nic Fillingham:I've got Pluton? Peter Waxman:You got Pluton.Nic Fillingham:Yeah. Peter Waxman:Yes.Natalia Godyla:(laughs)Peter Waxman:(laughs)Nic Fillingham:Can I get a sticker? Can I get a sticker to put on my Xbox that says you got Pluton, baby?Peter Waxman:I will get to work on that, Nic. I love the idea. I love the idea. I think... I... Your t-shirts and stickers. I think that's, you know, that may be the, uh, the holiday project coming up. Nic Fillingham:And, then, so, moving forward, at some point, when I'm buying a new piece of computing, whether it's a laptop, whether it's an IoT device, or I get something else with a CPU inside it, I'm gonna want to look for probably a Pluton sticker or a Pluton badge or something that lets me know that the CPU or the SOC contains the Pluton architecture. Is that, again, part of the vision for Pluton?Peter Waxman:It's a great question. I don't think we've come to a conclusion on it. I'm not sure that we're gonna get to the dancing Intel guys in their, uh, clean suits, uh, commercials on T.V.Nic Fillingham:That's a, that's a callback to, like, is it the 90s? When they do that? That was a long time ago.Peter Waxman:(laughs) Yeah. That's, that's showing my age there, perhaps. Nic Fillingham:Natalia wasn't born then. She doesn't know what that is. Peter Waxman:(laughs). Natalia Godyla:Right over my head. Peter Waxman:(laughs)Nic Fillingham:(laughs) But, I mean, in terms of as a consumer, or a potential consumer, or even just a, you know, an employee at a company, do you envisage that it'll get to a point where I'll have, you know, an opportunity to buy a Pluton secured device and a non-Pluton secured device and so, therefore, I'm gonna wanna think about my needs, my security needs, and make sure I'm getting that Pluton secured device or, again, maybe to what you said earlier, it's just gonna be completely invisible, completely integrated into the silicon? You're not gonna worry about it, but you're just gonna know that there's, there's a higher grade of sort of fidelity and security on that device because of the architecture in the CPU. Peter Waxman:Yeah, I mean, our goal is really to get to that point where it's ubiquitous and it's just there. I mean, it's, again, if we're gonna provide, uh, customers with the level of security that is required in today's day and age, we've got to get to a point where this is like oxygen. It's everywhere. It's just a common ingredient that exists. We have to work with our ecosystem. We have to basically work to a path where, you know, we get there. It's not on the market yet. It's gonna take some time. There will be points in time where it's a journey to get there and not every system is, is certainly gonna have it, but our vision is this just needs to be everywhere. Peter Waxman:It's something where, you know, we're doing this not to make money off of this thing. Not to basically drive specific scenarios. Not to charge and up-prem as we talked about earlier for enterprises. This is about how do we make sure that everyone from consumers to enterprises to you name it has something where we're taking the last 15 years of hardware and systems security, hard learnings, and bringing it and modernizing the PC space based upon those learnings. Nic Fillingham:How did you come up with Pluton? I had not heard Pluton before I plugged it into Wikipedia, which is the font of all knowledge and it tells me that it is an igneous intrusion... No. No. It is a body of intrusive-Peter Waxman:(laughs).Nic Fillingham:... igneous rock. So, how'd you get Pluton, but, maybe more importantly, tell me some of the names that you considered, but didn't go with? Can you-Peter Waxman:(laughs)Peter Waxman:... can you let a few cats out of the bag? Proverbial cats out of the proverbial bags? Natalia Godyla:Most important question. (laughs)Peter Waxman:So, this one, Nic, I think we're gonna have to put the pause button on the recording-Nic Fillingham:Ahhh.Peter Waxman:... and I actually have no good answer nor do I have a great joke to go, uh-Natalia Godyla:(laughs)Peter Waxman:... to go, to go make fun. You know, so, it's, like, code name/buzzword that we use publicly. It's one word. It sounds cool. Nic Fillingham:It does. Sounds very cool.Peter Waxman:It's not named by anything else. And, uh, it's... If you think about hey, this thing is going to set the direction and do something leading, it's, like, a north star that's out there. Sounds cool. I don't know what it means. Nic Fillingham:(laughs)Natalia Godyla:(laughs)Peter Waxman:I didn't even know it was an igneous rock until you mentioned it, honestly. But, uh, yeah. Exactly. I...Nic Fillingham:It is an igneous intrusion.Peter Waxman:Igneous intrusion. I stand corrected. Natalia Godyla:(laughs) Peter Waxman:God. I'm gonna have to go look up that 'cause that, that's kind of freaky and scary. Natalia Godyla:I feel like that's the best answer.Peter Waxman:(laughs).Natalia Godyla:It sounds cool. Nic Fillingham:It sounds cool. That's totally-Peter Waxman:It's authentic. Natalia Godyla:(laughs)Nic Fillingham:Yeah. That's totally fine for it to sound cool. I did wonder if there might have been something a little bit more sort of esoteric and, and deep to it, but I'm totally happy with it sounding cool. We'll have to, we'll have to go and talk to some of your colleagues to see if, uh, maybe Dave Weston can let us in on a few, uh, names that didn't make it that we could, we could make fun of on another podcast episode. Peter Waxman:Yeah. Microsoft Bob was one option, but it was taken. So, uh...Nic Fillingham:(laughs) Peter Waxman:Yeah. No. Dave will be good to, uh, get history there.Nic Fillingham:Peter Waxman, thank you so much for your time and for joining us. And, uh, I would love to have you back on the podcast on another episode to discuss the history of Xbox security and maybe mod chips and Xbox hacking and all that cool stuff that we all did in the early 90s. Oh, the early 2000s-Peter Waxman:(laughs)Nic Fillingham:... I should say. Peter Waxman:Awesome. Awesome. I really appreciate it, Nic. Natalia, it's been an awesome discussion so thank you very much.Natalia Godyla:Yeah, thanks for being on the show. Natalia Godyla:And, now, let's meet an expert from the Microsoft security team to learn more about the diverse backgrounds and experiences of the humans creating AI and tech at Microsoft. Natalia Godyla:Hello, Madeline Carmichael. Welcome to the show. Madeline:Hi, thanks for having me. Natalia Godyla:It's great to have you on the show. I have never talked to a threat intel librarian before so let's start with that. Can you, can you tell us about that role? What does your day-to-day look like? How did get into Natalia Godyla:... becoming a Threat Intel Librarian.Interviewee:Yeah. I mean, I can pretty safely say you're among good company in not having met someone with that job title (laughing). I get a lot of really interesting reactions to the title. And, to be honest, it's kind of self-styled (laughs), so it's not like an official Microsoft HR title. But that's the one I go with for my day to day function and what I actually do. So, basically, I work as part of the Threat Intel team in the Microsoft Threat Intelligence Center and as a Threat Intel Librarian for them. And that means I'm sort of responsible for organizing a nation-state threat actors that we track and supporting the end-to-end business process that enables the team to do that as efficiently as possible.Interviewee:So, recently, I've added being a MITRE attack evangelist to my description and my role. So I look at how we can integrate that framework into our workflows and how that can help us do more with our data to support internal workflows. But also how we can share better Intel with our partners. And the MSTIC team sort of tracks nation-state actors, primarily. There's a little bit of wiggle room around human-operated ransomware. It's becoming a, a more concerning threat and we're, we're onboarding some of that. We currently have more than 270 groups on our radar and that's between named groups that we, we name after the periodic table of elements.Interviewee:So, so when we speak publicly, you'll hear things, uh, named after that. And then we have what we call dev groups, which are sort of the pre-stage, it's for our internal tracking and to keep, keep things in order. But we don't tend to discuss those publicly. Yeah, we do like security detection, analytics, um, response capabilities for Microsoft end customers. And that kind of entails providing threat intel to Microsoft and defender teams across the company, and then out to customers through security products. So I originally started as a, well, thought I was going to be a librarian and probably a public librarian at that. I was doing that degree and there was an option to do, uh, an internship or a co-op for credit, not a requirement, but I found an interesting job posting.Interviewee:So took a chance and applied for it and got it. And that was with a research library for the government of Canada. And that was great. I really, really enjoyed working there, and actually, ended up finishing my last (laughs) two degree credits distance while I was still working. That kind of led to moving on to a team that my role was doing aggregate reporting and sort of trend analysis a little bit for the executive leadership at the org. And from there, just got interested in the actual cybersecurity analyst part of the team, and eventually, moved over to that, which was where I got the skills that kind of transitioned into my role at Microsoft.Natalia Godyla:I'm just going to un- unpack some of the roles there and some of the skills that you're, you're bringing to role as a Threat Intel Librarian. So in the research library, when you're saying that you got into data reporting, what, what were you reporting on?Interviewee:So that was mostly incidents that have been tracked by that team during the month or the quarter. And so it was just kind of aggregating that data in sort of human-readable format that could be sent up to executive leadership. So they were aware of kind of the high level trends that were happening.Nic Fillingham:But, you, so when you were studying, you said you, you found a job posting, you said it was an internship, is that correct?Interviewee:Yeah, co-op internship. However you want to call.Nic Fillingham:Got it, a co-, a co-op, and that was with the government of Canada/Interviewee:Yep.Nic Fillingham:And is it accurate to say that was sort of more of a traditional librarian style role? You, you are physically in a building that had a lot of sort of printed stuff or am I like way too old school and antiquated in my thinking (laughing)?Interviewee:No, it was kind of in the middle of that. There was a physical library, and yeah, definitely more towards the traditional end. Slightly untraditional, I guess, in the sense that it was like a focused collection. So it was specific to the type of research that, that group was doing. But, otherwise, yeah, books and cataloging and, uh, organizing that.Natalia Godyla:Why cybersecurity or how were you exposed to cybersecurity? Was it part of the research that the library had or was it just that subsequent roles brought you closer and closer to the field?Interviewee:Mostly the sort of subsequent role is getting closer and closer. It feels pretty serendipitous when I look back at it now. Like I didn't intentionally set out for a career in cybersecurity or Microsoft or where, where I am. I, uh, did a presentation a couple of years ago for a conference, uh, in the UK that's run by a woman at Microsoft and it's called TechHer, more, more like TechHer. So I did this presentation at TechHer, which is a, a conference run by Microsoft UK. And it aims to kind of give women more networking opportunities and sort of more visibility into technical roles. And during that presentation, I, I called myself an Accidental Threat Intel Analyst.Interviewee:At the time I was still in that analyst role, more the, the Threat Intel Librarian role. And it's kind of true, like I never intended for that. Accidental is maybe giving myself too little credit for taking some, some opportunities that presented themselves (laughs). But, yeah, it was just kind of each pivot kind of brought me one, one step closer and I thought it was really interesting. And I've been lucky to work with people who are really engaging and their passion for it is contagious. So, yeah, I guess that's why I stuck around.Nic Fillingham:So what do you do as the Threat Intel Librarian to expand the collection of knowledge and data and, and papers and content in a particular direction? Who, who are your customers and, and how do you go about expanding that collection?Interviewee:My customers, I guess, or my, my user base would be the threat analysts on the team. And the collection of data is their analytic output, essentially. So it's less curating new collection and less providing resources as it is organizing the output that they're producing. So we have a, a knowledge base that holds all of the threat intelligence that the team produces. And the aim there is to organize that in a way that makes it more friendly for capturing data, but also, um, produces more usable output for downstream users, whether they be in Microsoft as other security teams or Microsoft customers through security products.Nic Fillingham:And what tools or sort of platforms do you use, you know, this knowledge base? Are you, is it SharePoint or is it some other sort of more secure encrypted storage system? I mean, uh, maybe you can't talk about it, but, but what sort of in, in a general sense do you, are your tools that you're using day in, day out?Interviewee:So that's changed over the years since I've been here. I've had a number of iterations where we store things, we, we're using, uh, DevOps at one point and kind of mashing that into our scenarios. But we're now using a proprietary knowledge base that's being developed by a dev team out of ILDC.Natalia Godyla:So what big goals do you have around the library that you are maintaining, building? What's, what's next for you to optimize? What are some challenges that you're trying to tackle?Interviewee:Well, yeah, so the, the nature of tracking nation state threats and like threat actors is that capturing the relevant threat intel means you often end up with a lot of data that's constantly evolving based on what the actors are doing. It's hard to keep tidy. So the ultimate goal, I guess, is to make our knowledge base as organized as possible to enable as much automation as possible. The threat analysts do a lot of repeatable pivots or queries. And those are really important for, for maintaining an ongoing awareness of what the, the threat actors are doing. But a lot of that can be codified and then made into a repeatable process where they just have to like check in and make sure it's functioning accurately.Interviewee:And then that allows time for them to do the really clever stuff that takes nuance and a human sort of intuition and experience with tracking for actors to do well. Not all of it can be reproduced by a computer. So as much of the sort of day-to-day stuff that we can automate as possible, that's, that's great. And we do that by having well-labeled classified data that's organized, and yeah, we can feed it to an automation pipeline and then let the analysts do the fun stuff.Natalia Godyla:So speaking of classification, we, we chatted with Jeremy about how we came to the names of some of the threat actors. I know you mentioned we use the periodic table. What was the impetus for that? Why are we using the periodic table and wha- what's going to happen after the periodic tables run-up?Interviewee:(laughs) Uh, well, that was in place before I started. So I, unfortunately, can't take credit for (laughing) why it was chosen. I think it was probably chosen because it's a, a, a ready set of names that are easily identifiable to the general public. You can kind of say we named things after periodic elements and most people will know or have some familiarity with that. So there's some, not really branding, but that kind of familiarization so that if you hear a name like that, you think MSTIC and Microsoft. It's also not rooted in a specific culture, really, so there's not any cultural connections or connotations that you need to worry about for applying a name. It's going to be used publicly and associated with Microsoft (laughs), so.Nic Fillingham:One of the questions we asked Jeremy was, is there a logic behind why one particular group would be given a particular element? Like, you know, are all the inert gases, are they, are they a particular continent or something? Or were they all discovered in the 2000s? Is, is there, is there any logic or is it, is it... because I think the, the joke we made with, with Jeremy was whether or not there was a, a big periodic table of elements against a wall? And then there was a bucket of dots (laughing). And as a new group comes out, you grab a, you grab a dart and you throw it at the wall. Uh, where are you in that continuum?Natalia Godyla:It's funny the second time around too.Interviewee:Yeah, I mean, honestly, I wish that was the case. It would be pretty cathartic, I think. But, no, there- there's no logic to the, the name choices we decided or my predecessors decided not to add that layer to the naming. So they're meant to just be just a name. We're, I think, careful as Microsoft about what kind of associations or what we mean when we say, like, we, we choose what we say carefully. And I think it was intentional not to associate that sort of, um, this type of name means this origin for an actor. We, we wanted to have that level of abstraction still.Natalia Godyla:There are more groups, though, don't you track more groups than there are elements in the table? Is that, am I right there?Interviewee:Yeah, so we have two types of groups. The ones that have element names are what we would call sort of permanent groups, or it's a permanent name. And that kind of is just the level of, uh, awareness we have for the group. So it's a more mature understanding of the threat actor that has that name. Um, we have a second type of name and we, we call them dev groups, um, dev for development. And it just means they're, they're in development and they're not as fully f- fleshed out as the element names. So it gives us a little more flexibility to kind of label clusters of activity without having to do as much rigor b- behind that sort of is that cluster and what its scope and breadth is.Interviewee:So there's definitely cases where multiple dev numbers or dev groups will merge into one named element group as we develop more of an understanding about who the threat actor is. Um, yeah, so I think we have over 185 dev groups on the go at the moment, and then 89 element groups. And that will probably change very quickly. So the numbers are not actually that useful (laughs), uh, uh, long-term, but yeah. It, we, we have more dev groups because they're easier to spin up and faster and they're, they're meant to be precursors for the named groups. But as, as you say, there are not that many elements. So we, uh, we'll be running out rather soon (laughs). I'm not sure what's going to come out.Nic Fillingham:You'll be into the theoretical element-Interviewee:Yes.Nic Fillingham:... category, genre. What's the one from, uh, Avatar? Unobtainium or something?Interviewee:Yeah, yeah, I think that might be it (laughing).Nic Fillingham:Was that right? And then there's, what's the one that's bonded to Wolverine skeleton? That's, that's a made-up one too, isn't it?Natalia Godyla:Oh, you have an, uh-Nic Fillingham:Adamantium, Adamantium (laughing).Natalia Godyla:... wealth of knowledge about this (laughing).Nic Fillingham:Yeah.Interviewee:We recently actually added another name schema and they're named after volcanoes. I don't know if that came up in your conversation with Jeremy, but as we put more focus on tracking human-operated ransomware groups, we thought they're distinct enough from the nation-state groups that we would have a separate schema for those. So there's some, some volcano names that are out Interviewee:... they're now, and it's the same kind of idea where dev numbers still support both names. And as we develop maturity, it, of awareness on a group, if it's a nation-state, it'll get an element and if it's human-operated ransomware, it gets a volcano.Nic Fillingham:You know what? I probably should've asked this at the tippy-top of the conversation, but why do we name these groups? What is the value in assigning a name and then actually sort of publicizing the name of that group? Where, where is the value to threat hunters to analysts to customers? What- what's the rationale behind this?Interviewee:Yeah. So, I guess it's mostly for consistency. It's, it's kind of a language of its own. And you use language to communicate, so having a name and being able to explain what that name means is important. So, one of the other things that our team does is write activity group profiles. They go along with alerts in security products. Interviewee:So, a customer might get an alert and they'll get this, this document that contains context of what that means for them, and that will include things like the TTPs that that group uses, some of their infrastructure, or like malware that goes along with it, and context that kind of explains their typical motivations or their typical targeting. Interviewee:So if you're in an industry that is a, a usual target for that group, it might make sense for you to say, "Oh, yeah. Like, it makes sense that we were targeted, it makes sense that this alert is hitting our network, or our endpoints." Interviewee:But it is also useful to know if you're an outlier in that circumstance. That might mean you pay more attention to it because you're not a typical target for that group. But yeah, so having a name is just a, a way to kind of say, "We mean this group," and here is the context that goes with it, and it's a consistent message.Natalia Godyla:What other ways are customers benefiting from this library? So, you noted that the alerts will have some of this context that you've been gathering. What other features or capabilities are based on the library?Interviewee:So, yeah, it's our awareness of the group long term. So, it allows us to kind of see what we would expect of them. We, because we have this body of knowledge built up, we can then see quickly if a tactic or a technique that they're now undertaking is brand now. That's kind of a departure from their normal M.O., that's more interesting. It's useful context. Interviewee:Yeah, for Microsoft as well as customers, we use our own TI to help defend ourselves. And, yeah, I guess it's just a, a way to kind of contextualize what is happening with IOCs or indicators of attack. They're kind of distinct bits of information that help you detect or protect or respond to a threat.Interviewee:They contextualize indicators of attack or IOCs, and those, those can be really s- like, small bits of information that help you detect a threat actor. And just having an IP address doesn't really tell you a lot, so that's useful to kind of have that explanation that goes with it that says, "This IP address is used by this group in this way," and that informs how you respond to it as well, depending on the, the attack slide, is useful for how you mitigate that. Interviewee:And that's a, a big part of why we're starting to add the, the MITRE ATT&CK classification to our data as well. It's a clearer language or repeatable way of describing something to your customers. And the customers as well have started to use attack labeling in their own data sets, so it's a good way to kind of match things up.Interviewee:And you can layer customer protections that have been mapped to the attack framework with detections on our side that have those attack techniques labeled. And when you layer those on top of each other, you can find gaps really easily and find how they might need to improve their security posture in a certain area.Interviewee:If, say, its reactor uses a certain technique and that, that customer has a, a gap in detections in that area, they can go, "Oh, well, we are a typical target for this group. We're not super well secured in that area. Maybe we should focus our investment there."Nic Fillingham:So, is it accurate to say that naming these groups and sort of building and maintaining a profile on them allows both hunters and analysts and then customers to better understand where they may or not be a target, and then therefore, how their security strategy should evolve?Interviewee:Yeah, definitely. Yeah. Natalia Godyla:(laughs) Nic Fillingham:Cool. I got my head around it. I must admit, the very first time I read a, a blog post from Mystic and I, I saw, you know, the name, like, "Here's the name of the threat actor and here's what other industry groups sort of name them," I was like, "I don't get it. Why, why are we naming them?"Interviewee:(laughs) Nic Fillingham:But, I, I got it now. So, thank you so much.Interviewee:(laughs) Cool, glad that came through. (laughs) Nic Fillingham:I'm glad that this podcast exists, exclusively for me to, to get my, (laughs) get my questions answered. Natalia Godyla:(laughs) Interviewee:(laughs)Nic Fillingham:Hopefully someone had a similar question and we, we helped answered them. Thank you.Natalia Godyla:So now that you've been in the cybersecurity space for several years now, come to a role that feels like it marries a lot of what you've studied and done throughout your career, the cybersecurity and library are coming together in the name. What comes next that is... Does this feel like it's a merging of the worlds or is there something you want to do after this, either in the cybersecurity space or not?Interviewee:That's a great question. Yeah, I wish five-year planning came easier to me. (laughs) Natalia Godyla:(laughs) Interviewee:Although in, in the world of COVID, I don't know that anyone can plan that far ahead. But yeah, I, I don't know. And I think because I got sort of sidetracked from my original public library path, I haven't really thought about how I would go back to that. Interviewee:I mean, libraries are becoming much more digital now anyways. It's a great way to serve more content to your patrons and your, your, your users in the world of e-readers and eBooks and podcasts and things like that.Interviewee:Libraries procure that kind of content for their users all the time, but yeah, I don't know. I don't, I don't know what's next. I mean, I'm happy where I am. So, yeah, stick here for a little while. Nic Fillingham:Madeline, one of the questions we'd like to ask in, in this part of the podcast is what from your personal life, your hobbies, your interests outside of work, so first of all, what are they? And second of all, do any of them, do you bring any of them into your day job?Interviewee:Yeah. I mean, I feel like this is where your assertion earlier that I broke all of the librarian stereotypes will fall down, because I do love to read and I have two cats. Um... (laughs) Natalia Godyla:(laughs) Nic Fillingham:(laughs) And you just travel round to libraries with your-Natalia Godyla:(laughs) Nic Fillingham:... with your cats and your, and your book bag? That's all you do? Interviewee:Uh, yeah, yeah. I mean, if the cats were allowed in the library, that would definitely be something.Natalia Godyla:(laughs)Interviewee:But I think library tourism is a very underrated area. Expedia should look into that. Nic Fillingham:And apart from reading, cats, and visiting other libraries, is there anything else you're willing to divulge?Interviewee:(laughs) I don't know that a lot of it actually makes its way into my day job. Baking is another hobby, but we're not in the office, (laughs) so I can't really share that with anybody. Nic Fillingham:What's your favorite baking show to binge? Are you a Great British Bake Off fan?Interviewee:I am. Since moving here, I've definitely started watching that.Natalia Godyla:(laughs) Nic Fillingham:Have you thought about entering? Do you wanna be a contestant?Interviewee:I did actually consider it at the end of this year's series, but I haven't got up the nerve to actually apply yet, and I don't know that I could take the pressure of having to figure out all of those (laughs) different baking techniques without a recipe. (laughs) Natalia Godyla:What is one of your favorite books of all time? I was gonna say, what's your favorite booK? But I feel like that's just an impossible question to answer, unless you have one.Interviewee:I, so I generally read fiction. That's my primary genre, but that kind of covers a lot of different (laughs) sub- sub-genres of fiction.Natalia Godyla:(laughs) Interviewee:I think my go-to answer for my favorite book is usually Anna Karenina by Tolstoy. (laughs)Nic Fillingham:In the original Russian? Interviewee:Of course, yeah. No. (laughs) Nic Fillingham:(laughs) Natalia Godyla:(laughs) Interviewee:No. Yet, I should say. Um-Nic Fillingham:There, there's different translations, right? Is-Interviewee:There are, yeah.Nic Fillingham:Which one do you like? Interviewee:It's by Richard Pevear and Larissa Vol- Volokhonsky, I think. I'm probably not pronouncing her last name very well. But yeah, it's, it's a great book. And it's long and you have to flip back to the, the list of character names every five pages or so and every character seems to have five names.Nic Fillingham:(laughs)Natalia Godyla:All the diminutives. Yep. (laughs) Interviewee:Yes, yeah, (laughs) precisely. Nic Fillingham:(laughs) Interviewee:Uh, but it's good. I, I just, it has always stuck with me as a book I really enjoyed. Natalia Godyla:Well, thank you, Madeline, for being on the show. Interviewee:Yeah, it was great to speak with you guys. Thanks for having me. Natalia Godyla:(singing) Well, we had a great time unlocking insights into security. From research to artificial intelligence, keep an eye out for our next episode.Nic Fillingham:And don't forget to tweet us @msftsecurity or email us at securityunlocked@microsoft.com with topics you'd like to hear on a future episode. Until then, stay safe.Natalia Godyla:Stay secure.