What lies ahead in cybersecurity is a brave new world – sophisticated threats, everything connected, and real human life at stake. Securing our future will require transformative thinking in technology, human expertise, and growing our defender community. Join Vasu Jakkal, Microsoft CVP of Security, Compliance, Identity, and Privacy, for a look at where security is heading and what we’ll need to get there.
>> SPEAKER: Please welcome Corporate Vice President, Security, Compliance, Identity, Management, and Privacy, Microsoft, Vasu Jakkal.
>> VASU JAKKAL: All right. Well, good afternoon, everyone. I hope you all are doing well. And it is so wonderful to see you all in real life, as my kids call it. Hugs all around, truly.
Well, RSA holds a special significance for our defender community. And a lot has happened in the last two years, hasn't it? And as we meet here today, we are reminded once again that there's still a lot of hurt in the world around us, that life is still very fragile, and that the work we do as a defender community really, really matters. This work is critical. It's critical to the future of trust, to
the future of technology, and to the very future of humanity.
So, I look forward to exploring a little bit of that future with you here today, and I thought I'd start with a quote which I really like. It's from American author William Gibson. The future is already here ‑‑ it's just not evenly distributed. And it alludes to the fact that what will be the norm and the everyday of our future tomorrow exists in some form shape today. It's just going to be more pervasive tomorrow. And that certainly holds true in cybersecurity. If you look around us, the emerging landscape that we see will be the norm in the future. And we don't have to look that far to see what that is.
Cyber has become a key component of war between nations, as we're seeing in Ukraine. Devastating attacks on supply chain, including critical infrastructure like colonial pipeline in the last two years, have had profound human consequences and continue to do so. And then there's the whole ransomware gig economy, alive and thriving. Human‑operated ransomware, ransomware as a service. They're reducing the barriers to entry for attacks and attackers. You take that and you add disinformation, misinformation, deep fakes, fraud, I could go on. And collectively, it's incredibly challenging. It's eroding the trust that we have in the very technology we need to work, to play, to live.
And it's not just the reach and the scale of cyberattacks that is daunting. It's also the rate and pace. Microsoft protects 785,000 customers across the world, including our own digital estate. And as such, we have a unique front‑row seat on the front lines of security. And what we are seeing is this rapid acceleration in attacks. There's 921 attacks per second. That's 2X what we saw last year. That's billions and billions of attacks. It takes less than two hours from when a user clicks on a phishing link for an attacker to get access to their email. And in just over an hour, an attacker can start moving laterally within your network and system.
So, what does all this data mean? It means that, for us, as defenders and as organizations defending, we have, at an average, of two hours, two hours, to contain the threat from getting escalated. And if an attacker decides to target you for extortion or ransomware or pick your favorite evil, they can move pretty fast. In fact, we've seen a steady decline in dwell times over the last few years, and that means defenders are getting really efficient, but so are attackers.
So, for our future, our approach to cybersecurity, our collective approach to cybersecurity, together has to evolve. We have to push relentlessly on the borders and the boundaries of technology innovation because guess what? Our adversaries are definitely pushing on those boundaries. We need to redefine and rethink of that precious human element, that cybersecurity expertise. Human expertise will always be a precious and irreplaceable part of cyber defense, but we have to ask and answer questions. How do we scale humans? How do we leverage human talent for the most strategic and the most creative tasks that are there? How do we really tap into the collective, diverse workforce that we have in corners we haven't been into yet to fight against the diverse attacks we are seeing? And as we do this, we are facing an acute talent shortage. So, we need to rethink about how do we attract more talent and then retain that, and that means we need to be more inclusive. We need to create platforms where every person, no matter who you are, can do your best work and thrive.
So, let's start by taking a look at technology evolution. Now, there will be many technologies in our future -- I'm sure you all have your favorites -- which will redefine and reshape our landscape, and it's super exciting. But when it comes to accelerating the speed of response, AI will be one of the most impactful. I just shared with you a few moments back how it's getting faster and faster for an attacker to penetrate in the system. Not a lot of time to contain that threat, and so we, as a defender community, need to move our industry from defense at human speed to defending at machine speed. It's imperative we do that. And for that reason, I am excited and hopeful and inspired by both the promise and the potential that we've seen in AI, together with cloud and machine learning, to really effectively start addressing analytical and predictive capabilities and use that, whether it's on machine‑trained models or general reasoning, to augment human capability.
Now, I also know, as I say this, that there's been a lot of hype about AI, and it's jaded some of us. And it's true. For all that hype, to date, there are relatively few use cases that we can point to that are clear and accurate and apparent and attributable to AI. But ‑‑ and that's a big but ‑‑ without AI, we simply cannot scale our defenses at the rate of attack. To fight this asymmetric war, and it's pretty asymmetric out there, we have to use AI, all its superpowers. So, let's take a look at what's working in AI today and what can we reasonably expect in the next few years, putting all that hype aside.
One of the most effective use cases of AI today is detection. AI is incredibly, incredibly effective and great at processing large amounts of data and classifying this data to determine what is good and what's bad. At Microsoft, we process 24 trillion signals every single day. That's across identities and end points and devices and collaboration tools and much more. And without AI, we simply could not tackle this. In fact, as you'll see some of the stats here, almost 80% of our end point‑based detections are powered by AI machine learning. And there are more than 2.5 billion cloud‑based detections per day that we use AI for. That's pretty powerful.
But yet, today, we are seeing AI being used in point use cases. What I mean by that is AI is very effective in providing an email security program, that split‑second decision‑making whether to block an email or to let it go to an inbox. Same thing for end point security. AI is extraordinary when it comes to making that split‑second decision on whether a file is malicious. Where the real power of AI is is end to end when we can connect across these domains. You probably have heard the word XDR a lot at RSA this time. But truly, when you can connect across those domains and you can figure out that entire kill chain, and that's what I believe we'll see in the next one to two years. Imagine if AI can leverage its capabilities and tell you whether that malicious file or that blocked email belonged to the same attack lifecycle, and then use that capability in real-time while that attack is happening to block and disrupt the attacker to respond to that. That is the true capability of AI. And you're going to see an acceleration rapidly on this maturity curve.
The other thing about AI that really excites me is the contextual and situational advantage that it provides. It's pretty good at that. Now, we all know that organizations are in different journeys. We are in different industries. We have different digital transformation imperatives. We need different responses. We have different productivity requirements. And AI can be used for that tailored response based on your context on what you need. And that's going to be really exciting as well.
So, when you think about AI, what excites me and what I think we'll see in the next one to two years is the power of AI to understand the full scope of the attack while the attack is happening, not in retrospect, and using that information, that complete incident graph, to disrupt the attack, to respond to it in real-time at the rate of attack, and hopefully faster than that. Now, there's true power in that. That's the promise of AI and a real one.
And if we go a little bit more into the future -- I love the future. I’m a big sci-fi fan, so I live in the future. So, if we push ourselves a little bit more in the future, I think AI has the potential to be a great ally and partner for all humans, to be a co‑pilot. And we are seeing these co‑pilot use cases in some technology domains already to help coders with code. Imagine the possibilities of being a co‑pilot in security. We can then scale our humans better, faster. We can use AI to do some of the repetitive tasks that consume human energy today. We can use AI to collect disparate and fragmented pieces of information fast to form that incident graph real-time. We can use AI to start thinking like humans using general reasoning models, build cognitive capabilities. And when we do all that, we are augmenting that human talent, saving that precious human resource to do what we need best and what humans do best, is push those boundaries of creativity and strategy. That has enormous potential to accelerate our mission to build a safer world.
And there's a lot of work that we need to do to get there. We're going to have to do it together. We're going to have to build on the foundations that we have. We're going to have to learn together. And there are three things I want to touch on today, which I hope you'll help me with as we march into the future. The first one is more data sharing. And the reason I say this is for AI to realize its full potential, we need more data. When we have more data, we can understand end to end. Remember, attacks come across boundaries, whether it's domain boundaries, end point email identity, it is organizational boundaries, it is international boundaries. Attackers don't have boundaries. For that, our data cannot have boundaries. We need more data to be effective. And, yes, absolutely, we need to be responsible. We need to be ethical. We need to have privacy at its heart and core. But when we have more data and then we share more data, when we come together for that, AI can be really effective.
The second thing we're going to need is AI‑trained and machine learning‑trained models which are specific to cyber. Attacker TTPs and indicators of compromise and even understanding entire enterprise system, we're going to have to build that. We're going to have to create that and train that. And lastly, we're going to need more explainability in AI. And you're probably wondering what is this word? Well, it is hard to trust something when you don't understand it. How many times have you all heard, just trust me? I get that a lot. And it's hard, right? Because if you don't understand why someone is making a decision they are, how are they coming to those decisions, and what are they doing? How do you trust that? So, it's hard for AI to be effective if we don't have explainable AI. And I think we have a lot of opportunity to do work here.
And it's not just AI explainability. We also need human explainability. I mean, cyber is complex. We need skillsets to take these very complex tasks and deconstruct them and simplify them so that we can bring the collective, we can bring along people. We need different skillsets. And so, while technology is awesome for defending at machine speed, we need awesome humans, and we need a variety of great skillsets. And I'm not going to talk to you today about the traditional cyber skillsets. You all know that. You all have that. Engineers and computer scientists and intelligent analysts. But we need more than that to understand wars and to understand cyberattacks. We need language specialists. We need to build responsible AI, and so we need people who are specialized in ethics. We need people who are from political science. We need people who can design great products and UX and design specialists. We need to make sure we have great teachers who want to teach about AI, and great storytellers. We need social scientists. And I can go on and on and on. But the message here is we need all kinds of skillsets. Cyber is for everyone. It belongs to all of us. And we need this variety of skillsets. And the reason for that is for us to scale at this machine speed, we have to be that community behind that one security operator. I love this slide. I love this visual because I think that's the heart of it. We have to bring the best minds, all that collective wisdom, that collective skillset, and we have to empower that SOC analyst so she can do her work effectively, at scale, without hiring an entire village. And that's why technology will play a key role here.
And it's not just enough to have technology. We also need to attract and retain great talent. I'm sure you all are feeling the pain of cybersecurity talent. We certainly are feeling that pain at Microsoft. One out of every three jobs in the United States is awakened today in cybersecurity. And then you think about diversity. Our attackers are diverse, and they exploit the seams. They exploit the biases in our systems when we have homogeneous teams. And look at the stats. Just 20% ‑‑ 24% of the global workforce is women, 20% of the workforce is people of color. We have a lot of work to do here. Because when we represent the world and we reflect who the world is, we do better cybersecurity.
To do that, we also have to break down the barriers of cybersecurity. Think about it. If you want diverse people and if you want different people and different skillsets, you need to go to different watering holes for these people. You need to rethink how to skill and train. We operate in a very different world today. The pandemic has changed a lot. We need to rethink about things like cybersecurity degrees and experience. Anyone should be able to be a defender, whether you're 30 years in the industry and want to reinvent something or you're just starting out from school. Isn't that going to be wonderful? We need to mobilize our community. Gosh, we have this incredible resource of community colleges. And I'm so, so proud that Microsoft is partnering with community colleges, and we have made a commitment to train 250,000 people in cybersecurity by 2025 in the U.S., and we are extending that to internationally as well. And we need to change the language of cyber. And what I mean by that is today, in many cases, cyber tends to be dark and field‑based and sometimes as fud, but that might not be appealing to a lot of people. Shouldn't cyber be about optimism and hope and inspiration? Because ultimately, cybersecurity is about the empowerment of humanity. So, we need to change that dialogue one heart at a time.
So, as I come to a close here, I talked about the three I's: innovation at its best, human ingenuity and the essence of who we are, and being inclusive in creating those platforms. And these don't operate in silos. They work together. They are an interdependent whole. We know that human ingenuity has led to innovation for hundreds of thousands of years. We know that when we create inclusive environments where everyone feels like they belong, we do our best work. That's what being brave and bold and vulnerable in cyber looks like. So, I hope that you will join me on this incredibly inspiring journey to do just that, because we're going to need our entire village, and it's an amazing village.
So, as I leave you today, I'm reminding myself and hopefully all of us that the future of security truly belongs to all of us. We have to aspire to build a safer world for all. And it is us and our empowerment to create the future that we aspire to. So, stay fearless, be fearless, and I hope to see you all around. Thank you so much.
Identity Security Strategy & Architecture
cloud security data security identity management & governance compliance management
Share With Your Community