Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News
      More bad news for memory prices - SK Hynix CEO Kwak Noh-jung

      More bad news for memory prices

      13 July 2026
      China nets a falling rocket in reusability race with SpaceX

      China nets a falling rocket in reusability race with SpaceX

      10 July 2026
      Battlefield tech could save lives on South Africa's roads - Dithoto Modungwa

      Battlefield tech could save lives on South Africa’s roads

      10 July 2026
      Customers prefer ChatGPT to your company's AI chatbot

      Customers prefer ChatGPT to your company’s AI chatbot

      10 July 2026
      South Africans warm to AI doing their shopping: DHL

      South Africans warm to AI doing their shopping: DHL

      10 July 2026
    • World
      Swingeing jobs cuts at Microsoft's Xbox unit

      Swingeing jobs cuts at Microsoft’s Xbox unit

      6 July 2026

      SK Hynix ends Samsung’s 26-year reign at the top

      22 June 2026
      Google on the hook for what its AI tells users, court rules

      Google on the hook for what its AI tells users, court rules

      15 June 2026
      How Russians juggle VPNs to outwit the Kremlin

      How Russians juggle VPNs to outwit the Kremlin

      15 June 2026
      Amazon CEO flagged Anthropic AI risks to Washington - Andy Jassy

      Amazon CEO flagged Anthropic AI risks to Washington

      14 June 2026
    • In-depth
      AI boom sparks rally, frenzy and fear

      AI boom sparks rally, frenzy and fear

      11 June 2026
      Every plug-in hybrid on sale in South Africa, ranked by price - Lamborghini Temerario

      Every plug-in hybrid on sale in South Africa, ranked by price

      7 June 2026
      What Wi-Fi 8 will mean for wireless networks

      What Wi-Fi 8 will mean for wireless networks

      1 June 2026
      Alfa's electric rebel - Alfa Romeo Junior Elettrica Veloce

      Alfa’s electric rebel

      29 April 2026
      Africa switches on as Europe dims the lights

      Africa switches on as Europe dims the lights

      9 April 2026
    • TCS
      Watts & Wheels S1E7: 'Ferrari's EV breaks the internet'

      Watts & Wheels S1E7: ‘Ferrari’s EV breaks the internet’

      8 July 2026
      TCS+ | How Tracker is turning vehicle data into business strategy - Silvia Schollenberger

      TCS+ | How Tracker is turning vehicle data into business strategy

      1 July 2026
      TCS+ | IBM Bob: an AI-powered 'development partner' for the enterprise - David Spurway

      TCS+ | IBM Bob: an AI-powered development partner for the enterprise

      30 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E6: ‘A flawless Alfa and a bakkie that divides’

      17 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E5: ‘A Bentley of the bush and a car that swims’

      8 June 2026
    • Opinion
      The author, Fanie van Rooyen

      South Africa can still catch the AI wave – here’s how

      7 July 2026
      The author, Fanie van Rooyen

      The AI utopia South Africa can’t afford

      1 July 2026
      The author, Jannie van Zyl

      South Africa’s broadband future is being decided in orbit, not in Pretoria

      30 June 2026
      The author, Pambos Soteriades

      The pivot South Africa’s MVNOs cannot afford to miss

      23 June 2026
      Brazil's online gambling crackdown is a lesson for South Africa

      Brazil’s online gambling crackdown is a lesson for South Africa

      22 June 2026
    • Company Hubs
      • 1Stream
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • Ascent Technology
      • AvertITD
      • BBD
      • Braintree
      • CallMiner
      • CambriLearn
      • CM Telecom
      • Contactable
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • HOSTAFRICA
      • Incredible Business
      • iONLINE
      • IQbusiness
      • Iris Network Systems
      • Kaspersky
      • LSD Open
      • Mitel
      • NEC XON
      • Netstar
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Telviva
      • Tenable
      • Vertiv
      • Videri Digital
      • Vodacom Business
      • Wipro
      • Workday
      • XLink
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Financial services
      • HealthTech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Policy and regulation
      • Public sector
      • Retail and e-commerce
      • Satellite communications
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
      • Watts & Wheels
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Sections » Information security » How Microsoft, Google use AI to fight hackers

    How Microsoft, Google use AI to fight hackers

    By Agency Staff4 January 2019
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    Last year, Microsoft’s Azure security team detected suspicious activity in the cloud computing usage of a large retailer: one of the company’s administrators, who usually logs on from New York, was trying to gain entry from Romania. And no, the admin wasn’t on holiday. A hacker had broken in.

    Microsoft quickly alerted its customer, and the attack was foiled before the intruder got too far.

    Chalk one up to a new generation of artificially intelligent software that adapts to hackers’ constantly evolving tactics. Microsoft, Google, Amazon.com and various start-ups are moving away from solely using older “rules-based” technology designed to respond to specific kinds of intrusion and deploying machine-learning algorithms that crunch massive amounts of data on logins, behaviour and previous attacks to ferret out and stop hackers.

    Security is an arms race, and the security of machine-learning and pattern-recognition systems is not an exception

    “Machine learning is a very powerful technique for security — it’s dynamic, while rules-based systems are very rigid,” says Dawn Song, a professor at the University of California at Berkeley’s Artificial Intelligence Research Lab. “It’s a very manual intensive process to change them, whereas machine learning is automated, dynamic and you can retrain it easily.”

    Hackers are themselves famously adaptable, of course, so they, too, could harness machine learning to create fresh mischief and overwhelm the new defences. For example, they could figure out how companies train their systems and use the data to evade or corrupt the algorithms. The big cloud services companies are painfully aware that the foe is a moving target but argue that the new technology will help tilt the balance in favour of the good guys.

    “We will see an improved ability to identify threats earlier in the attack cycle and thereby reduce the total amount of damage and more quickly restore systems to a desirable state,” says Amazon chief information security officer Stephen Schmidt. He acknowledges that it’s impossible to stop all intrusions but says his industry will “get incrementally better at protecting systems and make it incrementally harder for attackers”.

    Blunter instruments

    Before machine learning, security teams used blunter instruments. For example, if someone based at headquarters tried to log in from an unfamiliar locale, they were barred entry. Or spam e-mails featuring various misspellings of the word “Viagra” were blocked. Such systems often work.

    But they also flag lots of legitimate users — as anyone prevented from using their credit card while abroad knows. A Microsoft system designed to protect customers from fake logins had a 2.8% rate of false positives, according to Azure chief technology officer Mark Russinovich. That might not sound like much but was deemed unacceptable since Microsoft’s larger customers can generate billions of logins.

    To do a better job of figuring out who is legit and who isn’t, Microsoft technology learns from the data of each company using it, customising security to that client’s typical online behaviour and history. Since rolling out the service, the company has managed to bring down the false positive rate to .001%. This is the system that outed the intruder in Romania.

    Training these security algorithms falls to people like Ram Shankar Siva Kumar, a Microsoft manager who goes by the title of Data Cowboy. Siva Kumar joined Microsoft six years ago from Carnegie Mellon after accepting a second-round interview because his sister was a fan of Grey’s Anatomy, the medical drama set in Seattle. He manages a team of about 18 engineers who develop the machine-learning algorithms and then make sure they’re smart and fast enough to thwart hackers and work seamlessly with the software systems of companies paying big bucks for Microsoft cloud services.

    Siva Kumar is one of the people who gets the call when the algorithms detect an attack. He has been woken in the middle of the night, only to discover that Microsoft’s in-house “red team” of hackers were responsible. (They bought him cake to compensate for lost sleep.)

    Google now checks for security breaches even after a user has logged in, which comes in handy to nab hackers who initially look like real users

    The challenge is daunting. Millions of people log into Google’s Gmail each day alone. “The amount of data we need to look at to make sure whether this is you or an impostor keeps growing at a rate that is too large for humans to write rules one by one,” says Mark Risher, a product MD who helps prevent attacks on Google’s customers.

    Google now checks for security breaches even after a user has logged in, which comes in handy to nab hackers who initially look like real users. With machine learning able to analyse many different pieces of data, catching unauthorised logins is no longer a matter of a single yes or no. Rather, Google monitors various aspects of behaviour throughout a user’s session. Someone who looks legit initially may later exhibit signs they are not who they say they are, letting Google’s software boot them out with enough time to prevent further damage.

    Besides using machine learning to secure their own networks and cloud services, Amazon and Microsoft are providing the technology to customers. Amazon’s Macie service uses machine learning to find sensitive data amid corporate info from customers like Netflix and then watches who is accessing it and when, alerting the company to suspicious activity. Amazon’s GuardDuty monitors customers’ systems for malicious or unauthorised activity. Many times the service discovers employees doing things they shouldn’t — such as mining bitcoin at work.

    CxO spamming

    Dutch insurance company NN Group uses Microsoft’s Advanced Threat Protection to manage access to its 27 000 workers and close partners, while keeping everyone else out. Earlier this year, Wilco Jansen, the company’s manager of workplace services, showed employees a new feature in Microsoft’s Office cloud software that blocks so-called CxO spamming, whereby spammers pose as a senior executive and instruct the receiver to transfer funds or share personal information.

    Ninety minutes after the demonstration, the security operations centre called to report that someone had tried that exact attack on NN Group’s CEO. “We were like ‘oh, this feature could already have prevented this from happening’,” Jansen says. “We need to be on constant alert, and these tools help us see things that we cannot manually follow.”

    Machine-learning security systems don’t work in all instances, particularly when there is insufficient data to train them. And researchers and companies worry constantly that they can be exploited by hackers.

    For example, they could mimic users’ activity to foil algorithms that screen for typical behaviour. Or hackers could tamper with the data used to train the algorithms and warp it for their own ends — so-called poisoning. That’s why it’s so important for companies to keep their algorithmic criteria secret and change the formulas regularly, says Battista Biggio, a professor at the University of Cagliari’s Pattern Recognition and Applications Lab in Sardinia, Italy.

    So far, these threats feature more in research papers than real life. But that’s likely to change As Biggio wrote in a paper last year: “Security is an arms race, and the security of machine-learning and pattern-recognition systems is not an exception.”  — Reported by Dina Bass, (c) 2018 Bloomberg LP

    Follow TechCentral on Google News Add TechCentral as your preferred source on Google


    Amazon Google Microsoft top
    WhatsApp YouTube
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleApple has priced itself out of the market
    Next Article Intel AI to fight poaching in Africa

    Related Posts

    Quantum computers are coming for bitcoin

    Quantum computers are coming for bitcoin

    9 July 2026
    The author, Fanie van Rooyen

    South Africa can still catch the AI wave – here’s how

    7 July 2026
    World's first teen social media ban is failing

    World’s first teen social media ban is failing

    7 July 2026
    Company News
    Rain supercharges 5G with Huawei

    Rain supercharges 5G with Huawei

    10 July 2026
    Africa's data centres: AI, edge computing and new energy demands - Vertiv OADC Open Access Data Centres

    Africa’s data centres: AI, edge computing and new energy demands

    9 July 2026
    The best way to automate customer engagement using AI and WhatsApp - CM.com

    The best way to automate customer engagement using AI and WhatsApp

    9 July 2026
    Opinion
    The author, Fanie van Rooyen

    South Africa can still catch the AI wave – here’s how

    7 July 2026
    The author, Fanie van Rooyen

    The AI utopia South Africa can’t afford

    1 July 2026
    The author, Jannie van Zyl

    South Africa’s broadband future is being decided in orbit, not in Pretoria

    30 June 2026

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Latest Posts
    More bad news for memory prices - SK Hynix CEO Kwak Noh-jung

    More bad news for memory prices

    13 July 2026
    China nets a falling rocket in reusability race with SpaceX

    China nets a falling rocket in reusability race with SpaceX

    10 July 2026
    Battlefield tech could save lives on South Africa's roads - Dithoto Modungwa

    Battlefield tech could save lives on South Africa’s roads

    10 July 2026
    Customers prefer ChatGPT to your company's AI chatbot

    Customers prefer ChatGPT to your company’s AI chatbot

    10 July 2026
    © 2009 - 2026 NewsCentral Media
    Built and maintained by Chronon
    • Cookie policy (ZA)
    • TechCentral – privacy and Popia

    Type above and press Enter to search. Press Esc to cancel.

    Manage consent

    TechCentral uses cookies to enhance its offerings. Consenting to these technologies allows us to serve you better. Not consenting or withdrawing consent may adversely affect certain features and functions of the website.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}