When it comes to a complex issue such as computer security, there are no simple answers. As the effects of hacking run the gamut from the annoyingly personal – like never-ending popup windows on your computer screen – to a large-scale, global level – such as the gasoline shutdowns that crippled the East Coast in 2021 – it makes sense that there’s no single approach to attacking the problem.
It takes more than just one angle to handle what has become an increasingly important aspect of technology development. Many organizations simply focus on patching problems after they occur. But Microsoft is taking a holistic direction in its security measures, covering the entire spectrum with a team that is working to stop vulnerabilities before they even spawn, eliminating code flaws before they reach your computer and the prying keyboards of hackers across the globe. For the security team, the thinking goes, it’s never an if, but when an issue will arise.
“It’s a perennial cat and mouse game,” said Justin Campbell, principal security software engineering lead, Microsoft Security. “Things are evolving. Windows isn’t stagnant. There are new things added, new considerations, new technologies and new procedures researched. That’s not just in security, but how we build our software. There’s still code from 30 years ago that’s in equal consideration with new items we are shipping today. It’s a tremendous spectrum.”
Campbell leads a new global security team comprised of more than 60 members called Microsoft Offensive Research & Security Engineering (MORSE), which takes a three-pronged approach to securing code within the operating system. Red, blue and green teams, each with a different role to play, help MORSE aggressively battle security threats, repair broken code and prevent issues from ever happening.
The overlapping work done by the trio of teams helps develop new technology that benefits each side, from identifying potential weak spots in code to building new tools for the latest threats to strengthening security capabilities that have short- and long-term effects.
Many cybersecurity terms have their roots in computer simulations, video games, military exercises and real-time simulators that many of the experts have studied to learn the tricks of the trade. So, red teams try to identify an attack path to breach organizations’ security defenses through real-world attack strategies. Blue teams attempt to defend those attacks and prevent the red team from breaching existing defenses. Green teams help mitigate high-risk, systemic security issues and fix them at scale by building in learnings and tools from the red and blue teams.