The Struggle for Supremacy in Cyber Threat Intelligence Amid Shadowy Threats

Ahmed
6 min readSep 26, 2023

Table of Contents:

1- Introduction

2- Microsoft does not possess a counterpart to VirusTotal

3- Google lacks a counterpart to Windows Error Reporting (WER)

4- Balancing the Cyber Threats and Regulatory Standards

5- Conclusion

6- Future Challenges and Adaptation

1- Introduction

Regarding cybersecurity capabilities, it’s indisputable that both Google and Microsoft possess security analytics, web scanning and categorization, machine learning (ML), artificial intelligence (AI), user and entity behavior analytics (UEBA), along with diverse intelligence resources.

Consequently, we can regard them as being equally strong in terms of capabilities and resources. However, this situation can vary in specific aspects, and these nuances can be pivotal.

If both competitors have similar tools and capabilities, then the quality and finer aspects of cyber threat intelligence resources can be a determining factor in this ongoing competition. When comparing the cyber intelligence capabilities of both rivals, we should focus on the details of cyber threat intelligence data granularity and its overall quality. The more comprehensive and detailed your threat intelligence data, the more insightful and effective the results you can achieve.

As a simple analogy, think of your SIEM system’s effectiveness being directly tied to the richness of your log resources — beyond its correlation capacity. In other words, having highly detailed and valuable logs about a system or application enables you to gain a broader and more comprehensive view of events and incidents. Therefore, we need to ascertain which contender currently possesses the most detailed and valuable logs in the realm of cyber threat intelligence.

A Security Information And Event Management (SIEM) solution supports threat detection, compliance and security incident management (purplesec.us)

As the threat landscape continually evolves, identifying critical indicators of compromise (IOC) such as threats conveyed via email, downloads, clicks, files or attachments; threats transmitted through IP addresses, domains, or URLs; threats affecting files, DLLs, processes, or registry keys; or anomalies, irregularities, or violations during the cyber kill chain becomes paramount.

Therefore, who can amass the most valuable and comprehensive logs beyond generic IOCs on a global scale? Returning to our comparison, we observe two distinct featured tools for both Google and Microsoft. Specifically, Microsoft has the Windows Error Reporting (WER) system, and Google offers VirusTotal. These featured tools are not alike, and both stand as unique assets in the field of cyber threat intelligence.

2- Microsoft does not possess a counterpart to VirusTotal

VirusTotal, a prominent malware intelligence service globally, delivers multifaceted malware insights. When you upload a file, it furnishes complimentary assessments, incorporating evaluations from over 50 antivirus products.

(ghacks.net)

This service proves valuable for conducting basic malware research and elucidating connections among malware files, domains, and IP addresses. Accessing comprehensive file information on a worldwide scale relies on the utilization of a malware engine. In contrast, Microsoft lacks an equivalent analytical tool endorsed by the security sector. The prospect of Microsoft competing with VirusTotal appears highly improbable. Nevertheless, it’s essential to note that VirusTotal specializes in dynamic analysis, systematically executed within a predetermined and controlled environment.

3- Google lacks a counterpart to Windows Error Reporting (WER)

The widespread use of the Windows operating system and other Microsoft products grants Microsoft the ongoing ability to monitor internet activities. While this extensive global usage provides Microsoft with unparalleled threat intelligence capabilities, it also raises significant privacy concerns.

Utilizing Windows Error Reporting for Gathering Backup Component Crash Dumps (kb.msp360.com)

Microsoft’s products are equipped with a built-in Windows Error Reporting (WER) system that continuously gathers data from any active Microsoft product to detect errors or malfunctions through telemetry. Additionally, an insider source has disclosed that Microsoft’s security teams have harnessed this telemetry system, transforming it into exclusive and potent security tools not yet available elsewhere. Consequently, Windows devices worldwide regularly transmit data to Microsoft, with all information collected from these devices being reported to Microsoft via telemetry. This enables Microsoft to analyze the vast data pool, identifying security incidents proactively before others. Therefore, Microsoft’s WER functions akin to static analysis.

The key advantage of this telemetry system lies in the fact that the data originates from a live environment, as opposed to a predetermined and controlled one. Ultimately, every Windows device serves as a source of threat intelligence, continually supplying Microsoft and its cloud. Naturally, Microsoft extracts relevant signals from your security telemetry or WER files to promptly detect threats. In contrast, Google lacks an equivalent robust tool.

That’s the thing that nobody else has: visibility and data. The data that nobody else has is around those application crashes at the operating system and the software layer. Even for third-party crashes, they have telemetry around those. As you start looking at exploit targets, Microsoft has the ability through their telemetry. Microsoft sees stuff that just nobody else does.

  • Jake Williams, a former member of the National Security Agency (NSA)

4- Balancing the Cyber Threats and Regulatory Standards

While Google and Microsoft both possess significant cybersecurity capabilities, it’s essential to acknowledge their limitations. No cybersecurity solution is entirely foolproof, and there are inherent challenges in dealing with evolving threats. One limitation is the constant need to update and adapt to new attack vectors and tactics. Additionally, the effectiveness of their cybersecurity measures may vary depending on the specific threat landscape and the level of sophistication of threat actors.

4.1. Collaboration and Information Sharing:

Collaboration and information sharing play a crucial role. Both Google and Microsoft actively participate in industry-wide efforts to share threat intelligence and enhance collective security. Such collaborations extend beyond their own ecosystems, involving government agencies, cybersecurity organizations, and other stakeholders. These collaborative efforts aim to strengthen the overall cybersecurity posture and protect users and organizations from emerging threats.

4.2. User Education and Awareness:

While advanced cybersecurity technologies are essential, user education and awareness are equally vital components of a robust security strategy. Google and Microsoft invest in educational initiatives to help users recognize and mitigate cyber threats. They provide resources, guidelines, and training to empower users to make informed decisions and safeguard their digital assets. Promoting a cybersecurity-conscious culture among users is an ongoing commitment for both companies.

4.3. Regulatory Compliance and Data Protection:

In an era of increasing data privacy regulations, compliance and data protection are paramount. Both Google and Microsoft adhere to strict regulatory frameworks and industry standards to safeguard user data. They implement robust data protection measures, encryption protocols, and access controls to ensure the confidentiality and integrity of user information. Compliance with regulations such as GDPR and HIPAA demonstrates their commitment to data privacy.

5- Conclusion

Evaluating the cybersecurity capabilities of Google and Microsoft requires a multifaceted analysis that goes beyond mere technical capabilities. It involves considering their commitment to collaboration, user education, regulatory compliance, and adaptability to future challenges. While both companies exhibit strengths in various aspects, the dynamic nature of cybersecurity ensures that the competition remains fluid and ever-evolving. As the threat landscape continues to change, the true measure of their cybersecurity prowess will be their ability to navigate and innovate in this complex and rapidly changing environment.

To evaluate the cybersecurity prowess or security capacity of these reputable companies, it’s essential to conduct a comprehensive comparison of their security platforms across various criteria. However, these companies appear to engage in a somewhat concealed competition. We can only deduce insights indirectly, discern hidden clues, monitor their public announcements, and assess the products they openly present.

Additionally, we assume they possess substantial or unrestricted financial resources to compete effectively. Drawing a parallel with our previous straightforward SIEM analogy, given its ability to acquire and analyze the most detailed logs, Microsoft appears to be leading this competition at present.

6- Future Challenges and Adaptation

The cybersecurity landscape is ever-evolving, presenting future challenges that demand continuous adaptation. Google and Microsoft are acutely aware of the need to stay ahead of emerging threats. They invest in research and development to innovate and evolve their security solutions. Anticipating the next wave of cyber threats, such as AI-driven attacks and zero-day vulnerabilities, is an ongoing priority. The ability to adapt swiftly to changing circumstances will be a defining factor in their cybersecurity effectiveness.

--

--

Ahmed

Data scientist | Security Researcher | Cloud Specialist | Digital Creator https://mawgoud.medium.com/subscribe