Microsoft: 'We're detecting 5 billion cybersecurity threats on devices a month'

Microsoft offers a new snapshot of the data that feeds into its Intelligence Security Graph.
Written by Liam Tung, Contributing Writer

Microsoft says it is executing on its "vision" of Microsoft Threat Protection, its all-encompassing security service, which is built on the Microsoft Intelligent Security Graph. 

While Windows or now Microsoft Defender Advanced Threat Protection (ATP) is a better-known brand, it's just part of the Threat Protection stable that covers the recently launched Azure Sentinel managed SIEM service, Microsoft Defender ATP, Office 365 ATP, Azure ATP, Microsoft Cloud App Security, Azure Security Center, and Azure Active Directory (AD). 

SEE: 10 tips for new cybersecurity pros (free PDF)

Various Threat Protection services are offered in subscription bundles to top-tier enterprise customers of its graph database powered Microsoft 365 package, such as the recently announced Microsoft 365 Identity & Threat Protection bundle that combines Microsoft Threat Protection (Azure ATP, Windows Defender ATP and Office 365 ATP) as well as Microsoft Cloud App Security and Azure AD. 

Microsoft announced Threat Protection last June and gave a snapshot of the volume of data sources that feed into its security graph, including from Outlook, OneDrive, Azure, Xbox Live, Windows, Bing, and Microsoft Accounts. 

The company has been sharing monthly updates on Threat Protection's "evolution" since then, but now Rob Lefferts, corporate vice president of Microsoft Security, says the company is "executing" on its vision and has shared some new figures. 

On some data sources, the underlying security graph has grown significantly over the past year, while other sources, for various reasons, have seen little change. 

Microsoft now says it's analyzed 470 billion emails from Outlook, up from 400 billion a year ago. Impressively, it's also now scanning over one billion Azure user accounts, up from 750 million Azure user accounts this time last year.   

Authentications on Microsoft accounts scanned each month are also up, from 450 billion last year to 630 billion today. 

Some things remain unchanged. The company is still scanning 1.2 billion devices and detects about five billion threats on devices each month. It's also still picking up and analyzing 6.5 trillion threats signals daily, and still scans over 18 billion Bing pages. 

The point of the graph-based intelligence is to connect the dots between various signals to develop threat alerts and provide organizations with a clearer picture of attacks that are underway, such as a phishing attack that could be targeting devices, email accounts or which could come via the web.  

Over the course of 2018, the company analyzed 300,000 phishing campaigns and eight million business email compromise (BEC) attempts, according to data from Office 365 security analysts.  

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

BEC scams have become the largest source of losses for organizations today, according to figures from the FBI. The bureau estimates that US companies alone lost $1.3bn to the scam in 2018, almost double the figure swindled from US firms in 2017, and 10 times the amount they collectively lost in 2016.  

Also in 2018 Microsoft says Threat Protection blocked five billion phishing emails, while every month it detects two million incidents where attackers are attempting lateral movement in an already compromised organization. 

Each month it detected 72 million vulnerabilities, 123 million weak security configurations. It also blocks about 14 million malicious sign-in attempts each year.  

Microsoft has today also launched a new Microsoft Threat Protection website, where it's showcasing its Automated Incident response capabilities for SecOps teams, Azure Sentinel, and its human-powered Microsoft Threat Experts service.


Microsoft says its Intelligent Security Graph enables it to see billions of threats and assess 6.5 trillion signals daily.

Image: Microsoft

More on Microsoft and Windows security

Editorial standards