Active Directory czar rallies industry for better security, identity

Microsoft has been ramping up its identity and security efforts and wants to collaborate with the industry to build a safer Internet, up to and including donation of intellectual property to help the cause, Alex Simons, director of program management for Active Directory at Microsoft, said Monday at the Cloud Identity Summit in La Jolla, Calif.

"I encourage everybody to think broadly about the success of the entire industry rather than the success of our individual kingdoms," said Simons, who is responsible for release planning,

specification and project management for all Active Directory products and services, as well as, over sight of 90 product managers. Microsoft now has 1,000 engineers in the security and identity business, and "we are here to be your partner," he told a crowd of identity and security professionals.

"We have started to bring more resources to our identity and security services division. We want to join the party," said Simons. He trumpeted what Ping Identity CEO Andre Durand said during his earlier keynote about merging security and identity to create a safer Internet.

Simons offered six points where the industry can work together to improve identity and security.

• Federation standards
• Eliminating passwords
• Standards for Internet of Things
• Creating common concepts for user education
• Sharing intelligence for defending customers
• Sharing intellectual property.

He added that advanced detection is the area that most excites him currently.

"I think big data here gives us this unbelievable ability," he said. "We are using big data and essentially doing what we think of as anomalous pattern detection, where you go to a series of objects that represent the user and their device and all the things they use, and you can do some really interesting things; not looking for problems but things that are unusual."

He said one such effort by Microsoft cut its fraud rate by 20% in one week.

Simons said 90% of companies are running Active Directory totaling some 500 million active account users that collectively authenticate 10 billion times a day. "95 million of those accounts are under attack every single day," Simons said.

And those attacks are not like those from years past that "were cute" with letters from a Nigerian prince, and kids hacking for fun, he said. The rise of consumer and commercial clouds, however, brought changes that turned "cute" to criminal.

Simons laid out what he called some sobering stats, such as the mean number of days (200+) that an attacker resides within a victim's network before detection, that 75% of attacks are done via compromised credentials, that the average breach cost to a company is $3.5 million and that $500 billion is the total potential cost of cybercrime on the global economy.

He said hacking is becoming organized, with a supply chain of free tools and online services, such as rental bot nets

He laid out the story of a hack that started with social engineering to gain control of a user's phone, continued with a three-month effort to set up the hack and concluded with a one-day blitz that stole $37,000 from the unsuspecting target.

As an industry we have developed great responses to such attacks, Simons said. We have hardened credentials, companies have started attack teams, we share intelligence and we have bounties.

He said those efforts will be important as we consider the emerging connectivity between so many things including a user's data and identities. And he left the crowd one rallying cry.

"Without great security, all this great work we do around digital identity aint worth the electrons it is written on," Simons said.