Ignite 2024: Microsoft Targets Multidomain Threats

Multidomain attacks are on the verge of becoming a digital epidemic as nation-states and well-funded cybercrime attack groups look to exploit wide gaps in digital estates’ defenses. Enterprises are having to contend with widening – and often unknown – gaps between enterprise assets, apps, systems, data, identities and endpoints.

The fast-rising pace of attacks is driving a graph database arms race across leading cybersecurity providers. Microsoft‘s Security Exposure Management Platform (MSEM) at Ignite 2024 reflects how quickly the arms race is maturing and why its containment requires more advanced platforms. 

In addition to Microsoft’s MSEM, other key players in the graph database arms race for combating multidomain threats include CrowdStrike with its Threat Graph, Cisco’s SecureX, SentinelOne’s Purple AI, Palo Alto Networks’ Cortex XDR and Trend Micro’s Vision One, alongside providers like Neo4j, TigerGraph and Amazon Neptune who supply foundational graph database technology​.

“Three years ago, we were seeing 567 password-related attacks per second. Today, that number has skyrocketed to 7,000 per second. This represents a massive escalation in the scale, speed and sophistication of modern cyber threats, underscoring the urgency for proactive and unified security strategies,”​ Vasu Sakkal, Microsoft’s corporate vice president of security, compliance, identity, management and privacy, told VentureBeat during a recent interview.

Microsoft goes all-in on their security vision at Ignite 2024

With every organization experiencing more multidomain intrusion attempts and suffering from undiscovered breaches, Microsoft is doubling down on security, pivoting its strategy to graph-based defense in MSEM. Sakkal told VentureBeat, “The sophistication, scale, and speed of modern attacks require a generational shift in security. Graph databases and generative AI offer defenders the tools to unify fragmented insights into actionable intelligence.”​

Cristian Rodriguez, CrowdStrike’s Americas Field CTO, echoed the importance of graph technology in a recent interview with VentureBeat. “Graph databases allow us to map adversary behavior across domains, identifying the subtle connections and patterns attackers exploit. By visualizing these relationships, defenders gain the contextual insight needed to anticipate and disrupt complex, cross-domain attack strategies,” Rodriguez said.

Key announcements from Ignite 2024 include:

• Microsoft Security Exposure Management Platform (MSEM). At the core of Microsoft’s strategy, MSEM leverages graph technology to dynamically map relationships across digital estates, including devices, identities and data. MSEM support for graph databases enables security teams to identify high-risk attack paths and prioritize proactive remediation efforts.

• Zero Day Quest. Microsoft is offering $4M in rewards to uncover vulnerabilities in AI and cloud platforms. This initiative aims to bring together researchers, engineers and AI red teams to address critical risks preemptively.

• Windows Resiliency Initiative. Focusing on zero trust principles, this initiative looks to enhance system reliability and recovery by securing credentials, implementing Zero Trust DNS protocols and fortifying Windows 11 against emerging threats.

• Security Copilot Enhancements. Microsoft claims that Security Copilot’s generative AI capabilities enhance SOC operations by automating threat detection, streamlining incident triage and reducing mean time to resolution by 30%. Integrated with Entra, Intune, Purview and Defender, these updates provide actionable insights, helping security teams address threats with greater efficiency and accuracy.
  
• Updates in Microsoft Purview. Purview’s advanced Data Security Posture Management (DSPM) tools tackle generative AI risks by discovering, protecting and governing sensitive data in real-time. Features include detecting prompt injections, mitigating data misuse and preventing oversharing in AI apps. The tool also strengthens compliance with AI governance standards, aligning enterprise security with evolving regulations.

Why now? The role of graph databases in cybersecurity

John Lambert, corporate vice president for Microsoft Security Research, underscored the critical importance of graph-based thinking in cybersecurity, explaining to VentureBeat, “Defenders think in lists, cyberattackers think in graphs. As long as this is true, attackers win.”

He added that Microsoft’s approach to exposure management involves creating a comprehensive graph of the digital estate, overlaying vulnerabilities, threat intelligence and attack paths. “It’s about giving defenders a complete map of their environment, allowing them to prioritize the most critical risks while understanding the potential blast radius of any compromise,” Lambert added.

Graph databases are gathering momentum as an architectural strategy for cybersecurity platforms. They excel at visualizing and analyzing interconnected data, which is critical for identifying attack paths in real time.

Key benefits of graph databases include:

• Relational Context: Map relationships between assets and vulnerabilities.
• Fast Querying: Traverse billions of nodes in milliseconds.
• Threat Detection: Identify high-risk attack paths, reducing false positives.
• Knowledge Discovery: Use graph AI for insights into interconnected risks.
• Behavioral Analysis: Graphs detect subtle attack patterns across domains.
• Scalability: Integrate new data points seamlessly into existing threat models.
• Multidimensional Analysis:

The Gartner heat map underscores how graph databases excel in cybersecurity use cases like anomaly detection, monitoring and decision-making, positioning them as essential tools in modern defense strategies.

“Emerging Tech: Optimize Threat Detection With Knowledge Graph Databases,” May 2024. Source: Gartner

What makes Microsoft’s MSEM platform unique

The Microsoft Security Exposure Management Platform (MSEM) differentiates itself from other graph database-driven cybersecurity platforms through its real-time visibility and risk management, which helps security operations center teams stay on top of risks, threats, incidents and breaches.

Sakkal told VentureBeat, “MSEM bridges the gap between detection and action, empowering defenders to anticipate and mitigate threats effectively.” The platform exemplifies Microsoft’s vision of a unified, graph-driven security approach, offering organizations the tools to stay ahead of modern threats with precision and speed.

Built on graph-powered insights, MSEM integrates three core capabilities needed to battle back against multi-domain attacks and fragmented security data. They include:

1. Attack Surface Management. MSEM is designed to provide a dynamic view of an organization’s digital estate, enabling the identification of assets, interdependencies and vulnerabilities. Features like automated discovery of IoT/OT devices and unprotected endpoints ensure visibility while prioritizing high-risk areas. The device inventory dashboard categorizes assets by criticality, helping security teams focus on the most urgent threats with precision.

Source: Microsoft

2. Attack Path Analysis. MSEM uses graph databases to map attack paths from an adversary’s perspective, pinpointing critical routes they might exploit. Enhanced with AI-driven graph modeling, it identifies high-risk pathways across hybrid environments, including on-premises, cloud and IoT systems.

3. Unified Exposure Insights. Microsoft also designed MSEM to translate technical data into actionable intelligence for both security professionals and business leader personas. It supports ransomware protection, SaaS security, and IoT risk management, ensuring targeted, insightful data is provided to security analysts.

Microsoft also announced the following MSEM enhancements at Ignite 2024: 

• Third-Party Integrations: MSEM connects with Rapid7, Tenable and Qualys, broadening its visibility and making it a powerful tool for hybrid environments.
• AI-Powered Graph Modeling: Detects hidden vulnerabilities and performs advanced threat path analysis for proactive risk reduction.
• Historical Trends and Metrics: This tool tracks shifts in exposure over time, helping teams adapt to evolving threats confidently.

Graph databases’ growing role in cybersecurity

Graph databases have proven invaluable in tracking and defeating multi-domain attacks. They excel at visualizing and analyzing interconnected data in real time, enabling faster and more accurate threat detection, attack path analysis and risk prioritization. It’s no surprise that graph database technology dominates the roadmaps of leading cybersecurity platform providers.

Cisco’s SecureX Threat Response is one example. The Cisco platform extends the utility of graph databases into network-centric environments, connecting data across endpoints, IoT devices and hybrid networks. Key strengths include an integrated incident response that’s integrated across the Cisco suite of apps and tools and network-centric visibility.”What we have to do is make sure that we use AI natively for defenses because you cannot go out and fight those AI weaponization attacks from adversaries at a human scale. You have to do it at machine scale,” Jeetu Patel, Cisco’s executive vice president and CPO, told VentureBeat in an interview earlier this year.

CrowdStrike’s Threat Graph was introduced at their annual customer event, Fal.Con in 2022 and is often cited as an example of the power of graph databases in endpoint security. Processing over 2.5 trillion daily events, Threat Graph excels in detecting weak signals and mapping adversary behavior. Rodriguez emphasized to VentureBeat, “Our graph capabilities ensure precision by focusing on endpoint telemetry, providing defenders with actionable insights faster than ever.” CrowdStrike’s key differentiators include endpoint precision in tracking lateral movements and identifying anomalous behaviors. Threat Graph also supports behavioral analysis used on AI to uncover adversary techniques across workloads.

Palo Alto Networks (Cortex XDR), SentinelOne (Singularity) and Trend Micro are among the notable players leveraging graph databases to enhance their threat detection and real-time anomaly analysis capabilities. Gartner predicted in the recent research note Emerging Tech: Optimize Threat Detection With Knowledge Graph Databases that their widespread adoption will continue due to their ability to support AI-driven insights and reduce noise in security operations.​

Graph databases will transform enterprise defense

Microsoft’s Lambert encapsulated the industry’s trajectory by stating, “May the best attack graph win. Graph databases are transforming how defenders think about interconnected risks,” underscoring their pivotal role in modern cybersecurity strategies.

Multi-domain attacks target the weaknesses between and within complex digital estates. Finding gaps in identity management is an area nation-state attackers concentrate on and mine data to access the core enterprise systems of a company. Microsoft joins Cisco, CrowdStrike, Palo Alto Networks, SentinelOne and Trend Micro, enabling and continuing to improve graph database technology to identify and act on threats before a breach happens.