As we all know, AI is one of the biggest buzzwords being bandied about today in the world of Cybersecurity.  Essentially, this is the area where the thought and reasoning processes of the human mind are being “mimicked” in the real world for our benefits, especially to help speed up routine tasks, and try to predict what the future holds, especially when it comes to seeing what future threat variants could possibly look like down the road.

Microsoft is utilizing AI, especially that of Deep Learning, in order to help businesses of all types to help fortify their lines of defenses.

What Is Available From Microsoft?

Most of the Deep Learning efforts that Microsoft has embarked in so far have fallen into the realm of its Threat Protection model, focusing mostly upon the Defender Advanced Threat Protection (ATP).  Here is currently what is being done:

1. The ability to ingest huge amounts of data:

In order to make a Deep Learning system learn, it must be fed large amounts of data for its training period.  Once this has been accomplished, the system can then take in newer datasets to predict whatever the desired output is.  In this regard, Process Trees are being created and included.  Essentially this is the nuts and bolts of your plan as to how the new datasets will be analyzed by the AI system, in a chronological fashion.  The basic premise is to reduce data error as much as possible.  But apart from this, the Process Tree can also be used to help decide as to how these datasets will be optimized in a logical fashion.  The goal here is to reduce any skew in them, which could affect the output.  An example of a Process Tree is illustrated below:

(SOURCE:  1).

2. Data Modeling:

Deep Learning from within the Microsoft ATP can also be used to model the data that you are feeding into the system, in a very quick and efficient way.  Through this, you will be able to detect any hidden trends that could prove of importance.  For example, the Cyberattacker of today is known to use very covert techniques in order to avoid detection by the conventional security mechanisms, such as firewalls, routers, etc.  But they always leave very subtle clues behind, and this is where the Data Modeling aspect can come into play.  They can be used to sniff out for any signs of malicious behavior, as well as discover any correlations between them.  If any of these do exist, you should start getting suspicious of any threat actor lurking in the system.  With Deep Learning, you can then even predict with reasonable accuracy as to what their next move will be, and thus you will have a greater probability of catching them in their tracks.

3. Securing your endpoints:

Many companies still fail to protect these vital points of origination and destination.  Microsoft has taken this up to the next level by introducing a Deep Learning technique which is technically known as the “Deep CNN-BiLSTM Model”.  This is actually a very complex model, and going into the detail is out of the scope of this article.  But for illustrative purposes a representation of this model can be seen below:

(SOURCE:  1).

The bottom line of this model is that it will alert your IT Security of any sort of infiltration which may be occurring at your endpoints in a just a moments’ notice.  As a result, they should be able to mitigate this threat within a matter of just minutes before it spreads.  A real-world example of this is the Bondat worm which originated a couple of years ago.  It propagated itself through the use of USB devices, which is illustrated below, using the MITRE ATTACK Framework.  More information about this can be seen here.

(SOURCE:  1).


In the end, AI and Deep Learning are not as complex as they might first appear.  Really, looking at it from a simplistic perspective, it is nothing but “Garbage In and Garbage Out”.  But it is the latter, which is the desired output, which can make this a very powerful tool for securing your business, as can be seen from the examples reviewed in this article.

If you would like to learn more about this, contact us today!