Okay, I think we're live. Awesome. Welcome back, everybody. Once again, I'm Brad Zelnick with the software research team here at Deutsche Bank. For this session, we are very pleased to have none other than Microsoft, specifically Vasu Jakkal. Do I have that right?
Right.
I always take a little bit of risk in pronouncing a last name, but who is Corporate Vice President of Microsoft Security, which for those that don't realize is the most significant security business of all security businesses worldwide, by a significant factor. The format of this presentation is going to be a fireside chat. I've got a bunch of prepared questions that I'm hoping we can get through, and we're going to get a lot smarter on the topic of cybersecurity and why it's so important to Microsoft. With that, thank you so much for joining us today.
It's such a pleasure, Brad, and it's nice to be in Data Point with you.
Isn't it lovely?
It's beautiful. I might even take up golf now.
Oh, okay. This would be a perfect time and a perfect place. Again, thanks so much for being here. Maybe, for those that don't know you and are less familiar with Microsoft's security business, can you just take a minute to explain your role at Microsoft and what your mandate is?
Yeah, absolutely. Thank you everyone for joining. It's great to be here with you all. I've been at Microsoft now for five years, and I'm responsible for our security business. I joined really to build a business, and I oversee our security portfolio end-to-end globally. That involves defining the strategy, working with Charlie, our engineering leader, on products, and of course, all the go-to-market, including business models. This portfolio is pretty broad. We have six product families as part of that, and we really protect end-to-end. We're starting with threat protection and security operations, defending against all the attacks coming at organizations. That's our Defender and Sentinel product lines. We have identity. We started with identity management, but we have protection and governance. That's Entra, and that picture, I think, we'll have a picture for you that shows the portfolio. We also have device management, and that's Intune.
Finally, given, of course, AI, data security has reached a critical point, and we have Purview, which is our data security protection and governance family. Those are all of the families within the Microsoft security portfolio. We also have our generative AI security solution. It's called Security Copilot, which integrates with each of our products and also can be used standalone, and that constitutes the Microsoft security platform.
Thank you for that. I think we do, oh, there it is.
That's it.
Excellent. A picture is worth a thousand words, I think they say. Thank you for that overview. Super helpful. Maybe just, you know, at a very high level, with nearly 1.5 million security customers, that's a massive number. Microsoft clearly has a unique perspective into broader trends and what's going on in the world. What are you seeing in the current environment?
Yeah, it's a great question, Brad. We're seeing three challenges which every organization is facing right now. The first one is the threat landscape. It's at unprecedented levels right now: the speed, the scale, and the sophistication. Just to give you an idea, last year we were seeing 4,000 password attacks per second because identity continues to be a battleground of security. This year we are seeing 7,000 password attacks per second. That's 600 million attacks every single day. The scale is a lot. The speed has also increased. On average, it takes attackers 72 minutes or less to infiltrate an organization. From when a user clicks a phishing link to when the actor gets access to your data, sometimes your full inbox, that's not a whole lot of minutes for a defender to protect an organization. We're seeing the number of attackers also increase.
Cybercrime is a $9.2 trillion anti-economy every year. That's increasing. Just from the number of attackers that we are tracking at Microsoft, last year we were tracking 300 unique nation-state and financial crime actors. This year we are tracking 1,500. That's a 5x increase. Challenge number one is unprecedented levels of the threat landscape. Challenge number two is data. Data risks and insider risks are increasing. 20% of data breaches are caused by insiders, whether it's intentional or unintentional. It doesn't matter, but that's kind of the stat. 80%+ leaders are concerned about data, especially as AI is becoming mainstream. The third challenge is complexity. Fragmentation continues in the security industry. This industry was built by a lot of bolt-on tools.
On average, organizations have 40+ tools, and they have to stitch it together, especially when the security talent doesn't exist. There are more than 4 million jobs, I think 4.7 million was the latest stat, which are unfulfilled in security right now. They don't have the talent to stitch that, and then you have a very complex regulatory environment. This year, I think there are 100+ AI-related regulations. Every day there are 250+ regulatory updates. That's a lot for organizations to deal with. Challenge number one, threat landscape; two, data risks; three, complexity. What we are seeing in terms of trends and solutions now is Gen AI. Both using AI for security, like how do you turbocharge defense? That is a superpower that we have to leverage. We are also seeing security for AI. You have to secure all of this AI.
The last one is consolidation, simplification, and end-to-end protection. That's what we're seeing aligned to these challenges.
It's a lot to keep up with. I don't know when you sleep. By the way, does everybody in the room hear Vasu okay? I just want to make sure. Okay, cool. Great. That was me doing my own AV check. Like I said, a lot to keep up with. You know, the interesting part about cyber, it seems it's the only adversarial aspect of IT. It's been a perennial game, cat and mouse. The industry feels more competitive than ever with multiple platforms all attempting to consolidate across various segments. Can you just help us understand how Microsoft differentiates itself amidst what is such a noisy landscape out there?
Yeah, it's extremely noisy. I love what you said. It's a cat and mouse game. I feel like, you know, for those who like hiking, I feel they're like hiking up Kilimanjaro and someone's actively throwing boulders at us. That's what it feels like in security any single day. In terms of, and this is, you know, one of the main reasons Microsoft is in security because we are a software and a platform player and we are a security player. We have strengths across both. Our biggest strength is that of a platform. The three things that make us unique, the first one is signals. You cannot defend what you cannot see. Every single day, Microsoft processes 84 trillion signals. Just to give you an idea of that magnitude and the growth, when I joined Microsoft five years back, we were tracking 8 trillion signals.
That's a 10x investment and increase just in five years. These signals help us understand who the attackers are, what are they up to, how are they attacking organizations. You take that and you marry that with our human threat intelligence of 1,500 threat actors. We do have the largest and deepest threat intelligence in the industry. That's number one, which is our differentiator. Number two, we talked about the complexity, the fragmentation. You know, attacks come from everywhere. They're not going to just dive into your endpoints or your identities. We have to monitor it all. Microsoft has the most comprehensive portfolio. We've been believers in this end-to-end. You can't just protect your endpoints or identities. You have to look all around. We integrate 50+ categories today, and we bring them to life in that portfolio so you can have a consolidated solution from Microsoft.
The third thing is we make sure that we have best-of-breed solutions in the areas that we are participating. Whether it is identity, which is where our roots are, it's device management, it's data security, it's cloud security, it's endpoint, it's SIEM, SecOps, we are best-of-breed in 19 categories across the industry. The only leader which is best-of-breed in the largest number of categories. To top all of this is Gen AI. You know, we were at the leading edge of Gen AI in 2023 when ChatGPT and Copilot became mainstream. We have this deep understanding of what is needed for AI and the AI stack and leveraging that really to understand, how do you secure this AI, both using AI for defense. That's Copilot. We were the first to market with a generative AI solution. In fact, our Security Copilot is used by more than 1,000 customers.
There are some statistics which are showing how they're making a difference, like 30% reduction in mean time to response. We are securing the generative AI solutions across. I think those four things, signals, making sure that we have end-to-end protection with best-of-breed, that we have generative AI, and that we are continuously building a platform integrating the ecosystem, is what sets us apart.
Yeah, no doubt puts Microsoft in a very differentiated position. I want to double-click on AI.
Yeah.
I feel like we've almost made it 10 minutes, and we didn't really spend too much time focused.
It's a thing called AI, right?
You've heard of this, right? It's a multi-dimensional topic. Three related questions. You've touched on this a bit already, but how have you seen the threat landscape change with AI specifically? I don't know if you can further quantify or give us a sense of what the impact has been. How should we think about Microsoft's response to better leverage AI, Security Copilot, etc. , learn a little bit more about that and how we're going to protect AI itself?
Yeah. I know it feels like it's like water now. It's all around us and we're swimming in it. From an AI standpoint, the threat actors are really smart. They're going to use every tool which is available to them. The types of attacks that we can expect to see and we're seeing is every single dimension that you think of, whether it's identity attacks or phishing attacks. Think of them just getting faster and the scale increasing. In phishing, we're seeing social engineering. I'm sure you've seen a lot of deepfakes and how AI can be used, very convincing. They have more context now. They can do recon very easily. We published a report almost a year back with OpenAI on some of the nation-state related actors and what they're using, what they're using AI for. We saw that they're doing a lot of recon with it.
Using that context, getting smarter, really mimicking humans more with phishing and providing that, you're going to see that identity. We talked about identity being the battleground of security. With AI now, you can do faster password cracking. I mean, how many of us still have passwords, right? We still live in a password world. That's going to be challenging. Everything from command and control to make lateral movements and how they're using AI to just get better intelligence on your organizations are what we're going to see from threat actors. More than that, I think one of the other aspects of AI is it introduces new surface areas. In addition to what we consider existing surface areas, your devices and identities and networks, think about prompts. That's a new attack area. Think about LLM models. Think about AI-related data.
We're going to start seeing them also leverage those attack surfaces and try to get into organizations through that. It's using our existing attack surfaces and they're really trying to leverage AI to get smarter and faster and inside their orgs and leverage the new surface areas to use that as a leverage for them. Now, in terms of, Brad, you asked, how are we going to protect against that? You have to think about protecting the entire AI stack. Foundational security, whether it's models, it's the AI stack itself, it's what we call built-in content safety, all of those measures, we have to have that. You have to have security measures all around. You're monitoring and you're governing AI while it is being used in organizations. That's how we are using AI.
Of course, we have to use AI for security because you can't keep up with these attacks by just what we were doing earlier. We have to start using Gen AI.
We need AI to fight AI.
We need AI to fight AI, beautifully said.
Makes a lot of sense. Microsoft is obviously, you know, continually innovating. One stat that stood out to us is that 5 of 11 recently released Security Copilot agents were developed by partners such as OneTrust and Tanium, were two names that I remember. Can you tell us why Microsoft's collaborative approach to the ecosystem is so important?
Yeah, you know, we've always said that security is a team sport. If you truly look at what we're all up against, it's these very smart threat actors who have unlimited resources in many ways. I mean, cybercrime is a gig economy itself. We have to collaborate as an industry. Microsoft is a big believer that we all have to work together and figure out how to stitch together our solutions so that we can defend end-to-end. We built a platform that's Sentinel, and we have 350 connectors in it. As agents get developed and they're going to use these platforms, they're going to use the data, we need to make sure that we are enabling everyone to build agents because really the next frontier is agentic AI. We didn't talk a lot about that, but you know, today we have assistive agents.
Tomorrow these agents are going to, and you're starting to see them, they're getting very autonomous, and you're going to enter what we call frontier organizations. As we think about security, we have to help organizations build these agents. We launched our first 11 agents earlier this year, six from Microsoft, tackling some of the biggest challenges like phishing and identity and data security that we talked about. We have five agents, Brad, to your point from the ecosystem. We are really excited. I think the best part of this is that we are working with the ecosystem. We have Tanium doing alert triaging agents. We have OneTrust doing privacy agents. We have Aviatrix doing network agents for us. This just completes the portfolio. Now a customer can get all of it from one platform through Copilot and protect themselves.
That's going to be a big focus of ours, getting more partners to develop agents.
Makes sense. It's a team sport. As I think about Microsoft from the very top down, trust and security are completely paramount. You know, Microsoft's done work around the Secure Future Initiative. That's very, very impressive. We saw a stat released a few months ago. Microsoft has dedicated the equivalent of 34,000 engineers working full-time for 11 months to this project. I mean, that's bigger than, you know, other massive scale companies, let alone, you know, a single project. Can you tell us a bit more about this and why it's so important?
Yeah, so Microsoft started the journey of Secure Future Initiative years back in 2024. Actually, in 2023 fall is when we introduced and we doubled down. The reason Secure Future Initiative is important is for all the reasons we just talked about. We are in the age of AI. We are in the age of agentic AI. The way we've defended organizations even five years back is different than how we need to defend organizations going forward. The Secure Future Initiative was born out of the need for defending first Microsoft, learning through that, and then protecting our customers and our ecosystems for this age of AI. There were some very challenging attacks related to nation-state actors that we were facing. We had to rethink about how do we make sure that security is a priority, not just for the security team, but for every single person at Microsoft.
As much as it is an engineering transformation, it is a cultural transformation. We're hoping that we can use this blueprint to help our customers and to help our ecosystem in general. Secure Future Initiative is based on zero trust principles. That is, I think, a lasting framework for the security industry, which starts with verifying explicitly, having least privilege access, and assuming breach. The three principles are secure by design, so every line of code that you write has to be secure from the get-go; secure by default, security should be out of box, you should not be bolting it on; and then secure operations all around if you want to secure that.
We have six engineering pillars, everything from protecting your networks to your identities, your engineering systems, your tenants and production systems, making sure we're accelerating response and remediation to making sure we are continuously monitoring and detecting threats. As you said, we have 34,000 engineers. One of the most important things about Secure Future Initiative is our CEO declared this as the number one priority. Security is the number one priority for Microsoft above all else, because without security, you cannot have trust. Every single employee at Microsoft now has a security priority. Our compensation is tied to that. We review our progress with Satya, our CEO, every two weeks. We send a report every week, and of course, with the board from a governance standpoint. It's a pretty big initiative. We're using Secure Future Initiative to really turbocharge our flywheel of defense, this portfolio that you see.
As we learn, we're using all of those things and those investments to make sure that we are building products with those innovations so that we can then protect our customers.
Awesome. That is great. I wanted to turn for a moment to what's happening in security operations. What's really caught our eye of late is just the innovation that Microsoft is driving within the SOC with Sentinel, especially in the midst of a number of other cyber platforms that are vying to displace legacy SIEM solutions out there. We'd love to hear how you view the SOC evolving and where the most interesting opportunities are.
Yeah, and thank you for saying the kind words about us, our innovation. It's been a journey for us. If you look at even the security operations market, it's getting disrupted. Categories are getting disrupted. By the way, generative AI is going to be a major category disruptor. What we saw early on is SIEM, XDR, you know, you like SOAR, UEBA. You have all these acronyms in the security industry. You're going to love our acronyms. They're all really trying to do the same thing, which is secure organizations, give them visibility, and provide that, find that needle in the haystack. What we did was we combined what was extended detection and response, so protecting your email, protecting your endpoint, protecting your cloud apps, protecting your identities, all into one. We took SIEM, which is your Security Information and Event Management, and we brought them together.
We were the first ones in the industry to bring XDR and SIEM together. We are using now that with, of course, generative AI and AI and machine learning to turbocharge that. We're also integrating Security Copilot into that. We are seeing advances in that. We have just announced a recent data lake. Not only do you have analytics on the hot tier, but you also have cold tier because one of the things we hear from our customers is it's really expensive to have SIEM to all of this data. That's the convergence we have been driving. We are leaders in both SIEM and XDR, so we are best-of-breed in those. Now with generative AI, I think we're going to see a tremendous amount of just innovation and leapfrogging across that. It's been great to see that.
These are very big businesses for us as well, as you know, Brad. We have shared publicly that just our Sentinel business is a $1 billion. Two years back, we shared across our security businesses more than $20 billion in revenue, which is a big number.
It's a big number. As we talk about the SOC, Sentinel in our conversation with CISOs is a foundational element of their strategy. It's not surprising. I wanted to turn to a different topic. You know, Palo Alto Networks recently announced the acquisition of CyberRock, which I think really shines a light on the importance of identity security. Not that it always wasn't important, but I mean, they're making a call that now is an inflection point. Microsoft already has a very strong presence with Entra, but as competitors expand from their core competencies, how do you think about the architectural center of gravity or capabilities around which identity strategies will coalesce?
Yeah, and you know, I have always believed that an investment by any company in security is a good investment for the security industry because, you know, it's challenging for all of us. I feel like we are all on the same side. It reinforces our strategy in so many ways because we started with identity. We believe identity is the boundary and is a boundaryless world, right? I mean, even going back to the pandemic and remote work and all of that, it was identity. The first thing we do is you log in. You log into a system. Our old CISO used to say, "Attackers don't break in. They log in." It just kind of reemphasizes how important identity continues to be. We've been on this identity journey, Brad, like you've been following us for many, many years. We started with identity management.
With Entra, we extended it to protection and conditional access, which is really our policy engine at the heart of it. Then, of course, identity governance more recently, and then SAFE. We have the entirety of the identity portfolio. It is very critical for our security portfolio. You'll see Entra there. It is very critical for Zero Trust, because Zero Trust really starts with identity. This is a big place where we're going to make investments. The other thing I'll say is in the age of agentic AI, identity again becomes that tip of the spear because these agents, these autonomous agents, are all going to need their own identity. We announced just a couple of months back that we have agent ID.
Entra now can provide agent IDs so that we can now have them, when they're doing autonomous work, track them just like we would on humans. I think, expect to see a lot more innovation from us in the identity front.
We look forward to it. Vasu, we've talked about AI security. We've talked about the SOC. Where else does Microsoft see opportunity within the broader security landscape?
Yeah, we covered a lot of ground. I think where we're seeing is that consolidation is going to be continuously a major theme for us. Ultimately, security is going to be about simplification. It is going to be about generative AI, and it's going to be about making sure these key areas like identity, cloud security, endpoint security, network security, apps are secured end-to-end. More than that, if I were just to step back and look at the security market, it is changing pretty rapidly. It is going to be the foundation of trust for all organizations. Especially as we embark on AI, we can't really do AI without security. We just can't. I think where we are seeing this going is security, governance, privacy, observability are all coming together in security as a whole. That end-to-end protection matters.
You've got to secure your AI, you've got to secure end-to-end, and you have to secure it using generative AI. Those are the big trends, and we're monitoring the market and hopefully shaping it actively as well.
Makes sense. Perhaps I'd be dramatic or oversimplifying to say that without trust and security, there is no Microsoft.
There is no Microsoft. I mean, Microsoft runs on trust, and trust cannot happen without security. It's the first thing you need to do because if you live in a house and if you're worried about thieves coming into your house every single day, I don't think we could cook the meal or watch television or do our work. That's what security is. Security is these threat actors knocking on your door. Not only that, being in your homes and your kitchens. We don't even know that. How can we live our lives? How can we use technology without security? That's a dystopian world, and that's how critical security is. It has to come above all else.
With that said, since we are here at an investor conference, how does this all drive shareholder value, perhaps directly and indirectly?
Yeah, I mean, it's absolutely deeply tied to that because if you think about it, security is one of the top priorities for all organizations. Full stop. It's consistently been in the top two, top three. It's the most defensible spend. There's no organization which is going to say, "I'm going to cut your security spend and put it on anything else," because what happens if you get attacked? What happens if you get breached and the trust that you lose? You know, how much time? I talked about that $9 trillion number. Just think about the economic impact. We know businesses which could not come back online due to a breach. That's how critical security is, and that's directly tied to shareholder value. We talked a lot about innovation. That's customer value. When we provide value to our customers, they can do what they're supposed to do.
That's that whole flywheel of innovation and shareholder value, I think, is spinning. I think security is going to be probably even more critical going forward for Gen AI than it was because you cannot do AI without security.
Vasu, this was a really great session to better understand Microsoft security and how important it is for the overall company and frankly for the work that you do that benefits, you know, the entire industry and all of us here. Any final thoughts that you want to leave us with?
The one thing I would say is please, please check out what Microsoft is doing on generative AI security. We have, of course, published some information, but this entire portfolio that you're seeing right now is being used to secure AI. We're already securing 2 million apps with Microsoft Defender. If you just look at, you know, going back to your shareholder values question as well, our Microsoft Purview, which is data security, it becomes critical for the AI world. We have 75% of our security attached to Copilot. There's a lot of work that Microsoft is doing in generative AI, and it would be great to get your thoughts on it as well.
Excellent. Thank you again for being here.
Thank you.
This was great.
Thank you. It's been a pleasure.