How Microsoft defends against 7000 password attackers per second

VentureBeat recently sat down (virtually) with Vasu Jakkal, corporate vice president of security, compliance, identity, management and privacy at Microsoft, to gain her insights into how AI, machine learning (ML), generative AI and emerging technologies are redefining cybersecurity.

Jakkal leads Microsoft Security, one of Microsoft’s fastest-growing divisions which reached $20 billion in revenue early last year. She previously served as executive vice president and chief marketing officer at FireEye and as vice president of Corporate Marketing at Brocade.

A key takeaway from her interview with VentureBeat is that AI is core to the DNA of Microsoft security and she and the senior management team see gen AI as an indispensible technology for reducing the barriers to a more inclusive, productive and diverse industry. For their latest fiscal year, Microsoft delivered record annual revenue of over $245 billion, up 16 percent year over year, and over $109 billion in operating income, up 24 percent.

CEO Nadella: Security is Microsoft’s highest priority

During Microsoft’s FY25 first quarter earnings call, chairman and CEO Satya Nadella stated that “we continue to prioritize security above all else. Nadella continued, “Security Copilot, for example, is being used by companies in every industry, including Clifford Chance, Intesa Sanpaolo and Shell, to perform SecOps tasks faster and more accurately. And we are helping customers protect their AI deployments too. Customers have used Defender to discover and secure more than 750,000 gen AI app instances; and used Purview to audit over a billion Copilot interactions to meet their compliance obligations.”

Writing his letter in this year’s annual report, Nadella emphasized just how critical security is to the future of Microsoft, stating that, “security underpins every layer of our tech stack.” Nadella emphatically writes, “We are doubling down on our Secure Future Initiative as we implement our principles of secure by design, secure by default, and secure operations. And we are focused on making continuous progress across the six pillars of the initiative: protect tenants and isolate production systems; protect identities and secrets; protect networks; protect engineering systems; monitor and detect threats; and accelerate response and remediation.

Nadella says, “as part of this commitment, all Microsoft employees now have security as a “core priority,” holding each one of us accountable for building secure products and services.”

The following is an excerpt from VentureBeat’s interview with Jakkal.

VentureBeat: Can you start by sharing how Microsoft’s Secure Future Initiative (SFI) has reshaped the company’s approach to cybersecurity and culture?

Jakkal: The Secure Future Initiative is about more than just technology—it’s about transformation. With over 34,000 equivalent engineers dedicated to this effort, it’s one of the largest engineering pushes in cybersecurity. We focus on being Secure by Design, Secure by Default and Secure in Operations. But it’s also about changing how we think—security is now everyone’s responsibility at Microsoft, not just a specialized team. That’s how we make progress.

I think it is our job and our duty to provide these platforms. I came to Microsoft because of our mission and empowering everyone, and I love security because I think this is a great place for everyone to make an impact. When we launched our Secure Future Initiative last November, yes, it was about protecting Microsoft and making a resilient Microsoft, but it’s so much more than that. It’s about securing the world in this age of AI, creating equity and equality and opportunity so everyone can participate. Because when I go around and meet not just women, men, women, all people, all facets and they say, look, you can have a great meaningful career which is tied to purpose. You can have a great career.

VB: How does generative AI empower defenders, and what role does Security Copilot play?

Jakkal: I feel like gen AI is going to be a game changer in this industry. I’ll share some stats with you. Three years back in 2021, we saw 567 identity-related attacks, which were password-related attacks; that’s a lot of attacks per second. Today, that number is 7,000 password attacks per second and over 1,500 tracked threat actors. Security Copilot helps level the playing field. It uses Microsoft’s security data and OpenAI’s GPT models to simplify tasks, whether it’s analyzing incidents or automating reports. For early-career defenders, it improved speed by 26% and accuracy by 35%. For seasoned professionals, it’s 22% faster and 7% more accurate. But the most meaningful stat to me? Over 90% of users said they wanted to use it again. That’s what we call the ‘joy stat.’ So that’s why I love gen AI because I think this tool is going to make it easy for everyone to become a defender. And that to me is a game changer.

VB: Could you elaborate on how exposure management and how the combination of AI, human collaboration and threat management orchestrated in your new exposure management direction will streamline security operations center (SOC) performance?

Jakkal: We have been marching in the direction of what we call unified SOC or unified SecOps for now for a couple of years that has been one of our visions is it’s hard for defenders when there’s too many alerts. I mean the noise-to-signal ratio is pretty high. And so the idea behind our SOC was to take extended detection and response, our XDR capabilities, which is really Defender, that’s our tool and to take our SIEM capabilities, which is Sentinel and bring them together. So we have a unified pane of glass and exposure management actually fits in right there because along with our extended detection response, so not just looking at endpoints but looking at endpoints and identities and data security and cloud security, all of these things, exposure management just is integrated into that. So you can go into Defender and your SOC teams have our exposure management capabilities and it helps your teams just as your threat protection tools are helping you detect and respond. Our exposure management tools are helping you map out all those potential paths that attackers take because I think defense is great, but prevention, I would like to think, is the best defense.

VB: Why has Microsoft made Exposure Management a cornerstone of its proactive defense strategy?

Jakkal: Attackers think in graphs, defenders think in lists or silos. Defenders have to think in graphs. For gen AI, this is super critical and that’s what exposure management is. We are actively building graph capabilities into our security products. Exposure management is our first product along with of course gen AI, which uses these graph capabilities. And it’s allowing you for the first time now to bring attack surface management, attack path analysis, like seeing your digital estate the way an attacker would see your digital estate and start looking at all the potential paths and how an attacker could get in. We also have this cool thing where you can find choke points. Are there many attack paths going through one point and what does that look like? And that uses these graph capabilities. We have 70,000 tenants already that exposure management is enabled in. And we are working with the third-party ecosystem because security is a team sport.

VB: How does Exposure Management enhance defenders’ capabilities within a unified SOC?

Jakkal: Exposure Management fits perfectly into our vision for a unified Security Operations Center (SOC). It brings together tools like Defender for detection and Sentinel for response into one cohesive system. By integrating exposure insights, defenders get a clear map of attack pathways and risks. It’s about making prevention as seamless as detection and response, giving defenders a single, actionable view.

VB: What role does diversity play in Microsoft’s cybersecurity vision?

Jakkal: We talk about graphs which are critical and gen AI, but ultimately cybersecurity is about people and empowering people to use these technologies so that we can shift cultures. The Secure Future Initiative, graph-based capabilities, gen AI, and all other initiatives are driving a massive cultural transformation that includes everyone. I think you’ve heard me say, security should be for all and it should be by all. And that’s the purpose that we live up to. Cybersecurity thrives on diverse perspectives because attackers are diverse, and our defenders should be too. It’s about creating opportunity and empowering everyone to be part of the solution.

VB: How does Microsoft ensure AI tools are accessible and equitable for defenders?

Jakkal: Accessibility is key. We design tools like Security Copilot to be intuitive so defenders of all skill levels can use them effectively. By democratizing advanced capabilities, we’re ensuring that even smaller organizations can access the same powerful tools as large enterprises.
Because imagine how many people will have accessibility to all these tools no matter who you are, no matter where you are, you can get started. And our attackers are pretty diverse. Our world is pretty diverse. So if our defenders don’t reflect the diversity in our world, how can we expect to stay ahead? So I think these tools, whether it’s generative AI or the graph that we are building or the platform are all going to help us do as that as well.

VB: What is your ultimate vision for Microsoft’s cybersecurity initiatives?

Jakkal: Our goal is to empower defenders and build a safer digital world. With tools like Security Copilot and Exposure Management, we’re transforming how organizations approach cybersecurity, ensuring they stay ahead of evolving threats. It’s about making cybersecurity accessible for everyone and creating a resilient, inclusive future.