How large scale datasets makes it easier to reveal threats in the cloud
I was thinking about my post last week on how cool the threat intelligence dashboard in the Azure Security Center (ASC) was so cool, rendered from the tons of data feeds Microsoft has access to that can be cross referenced with individual customer security events and signals. It reminded me of an article I read last year on how Microsoft was able to do large-scale analysis of DNS query logs to reveal botnets in the cloud.
Basically ASC applies a novel supervised Machine Learning model for high-precision Botnet detection based on analysis of DNS query logs. This model achieves 95% precision and 43% recall and can detect Botnets before they are reported by antimalware companies. That's really cool... and steps us towards Satya's vision of a truly intelligent cloud. By leveraging Azure Machine Learning models with the plethora of audit log data that you can collect in your Azure services, any of us can take advantage of these signals to gain better threat intelligence.
Of course, learning about artificial intelligence and machine learning is not easy. I stumbled upon an awesome resource to help with that from Microsoft called the AI School. You should really check it out if you are interested in AI and the cloud.