In this podcast we explore how new advances in artificial intelligence and machine learning take on the challenge of hunting for insider risks within your organization. Insider risks aren’t easy to find, however, with its ability to leverage the power of machine learning, artificial intelligence can uncover hidden risks that would otherwise be impossible to find. Episode Transcript: Introduction: Welcome to Uncovering Hidden Risks. Raman Kalyan: Hi, I'm Raman Kalyan, I'm with Microsoft 365 Product Marketing Team. Talhah Mir: And I'm Talhah Mir, Principal Program Manager on the Security Compliance Team. Raman: All right, welcome to episode one, where we're talking about using artificial intelligence to hunt for insider risks within your organization. Talhah, we're gonna be talking to Robert McCann today. Talhah: Yeah, looking forward to this. Robert's been here for 15 years, crazy-smart guy. He's an applied researcher, a Principal Applied Researcher at Microsoft, and he'd been like a core partner of ours, leading a lot of the work in the data science and the research space. So in this podcast, we'll go deeper into what are some of the challenges we're coming across, how we're planning to tackle some of those challenges, and what they mean in terms of driving impact with the product itself. Raman: I'm excited. Let's do it. Talhah: Let's get it. Raman: Robert has been focused on the insider risk space for us for, Robert, how long you've been in this space now? Robert: I've been doing science for about 15 years at Microsoft. The insider risk, about a year I think? Talhah? Something like that. Raman: Nice. What's your background? Robert: I am an applied researcher at Microsoft. I've been working on various forms of security for many years. You can see all the gray in here, it's from that. So I've done some communication security, like email filtering or attachment, email attachment filtering. I've done some protecting Microsoft accounts or user's accounts, a lot of reputation work. And then the last few years I've been on ATP products. So basically, babysitting corporate networks, looking to see if anybody had got through the security protections, post breach stuff. So, that's a lot of machine learning models across that whole stack. The post breach thing is a lot about looking for suspicious behaviors on networks or suspicious processes. And then the last year or so, I wanted to try to contribute to the insider threat space. Raman: What does it mean to be an inside ... or to be an applied researcher? Robert: An applied researcher, that's a propeller head. So we all know what propeller heads are. Basically, I get to go around and talk to product teams, figure out their problems, and then go try to do science on it and try to come up with technical solutions. AI is a big word. There's a lot of different things that we do under that umbrella. A lot of supervised learning, a lot of unsupervised learning to get insights and to ship detectors. I basically get to do experiments, see how things would work, and then try to tech transfer it to a product. Raman: So, you said you spend most of your time in the external security space, [crosstalk]- Robert: That's right. Raman: ... things like phishing, ransomware, people trying to attack us from the outside. How is insider threat different? What do [crosstalk] like to be, "Wow, this isn't what I expected," or, "Here are some challenges," or, "Here's some cool stuff that I think I could apply." Robert: Yeah. It's a very cool space. Number one, because it's very hard from a scientist's perspective, which I enjoy. So the first thing that you hit on, that's really the sort of fundamental first thing that makes it hard is that they're already inside. They're already touching assets. People are doing their normal work and they inside threaten might not even be malicious. It might be inadvertent. So it's a very challenging thing. It's different than trying to protect a perimeter. It's trying to sort of watch all this normal behavior inside and look for any place that anybody might be doing anything that's concerning from a internal assets perspective. Raman: So when you think about somebody doing something challenging, is it just like, hey, I've downloaded a bunch of files. Because today I might download a bunch of files. Tomorrow, I might just go back to my normal file thing. But if I look across an organization, besides a Microsoft, that's 200,000 people. That could probably produce a lot of noise, right? So how do you kind of filter through that? Robert: So actually, the solutions that are right now in the product and what we're trying to leverage to improve the product are built on a lot of AI things. There's very sophisticated algorithms that try to take documents and classify what's in those documents, or customers might go and label documents, and then you try to use those labels to classify more documents. There's a lot of very sophisticated, sort of deep learning...
