Microsoft announces Gen AI security copilot and Defender XDR

AI has become the force multiplier attackers were waiting to fine-tune their tradecraft for greater accuracy and devastating results while avoiding detection. FraudGPT and other attempts by attackers to sell AI-based attack tools are just the beginning.  

Microsoft’s decision to go all-in on generative AI to unify threat intelligence across all security apps, copilots, clouds, and platforms reflects their enterprise customers’ urgency for a solution to stop these attacks that often go undetected. 

Today at Microsoft Ignite 2023, Microsoft launched a series of new cybersecurity solutions designed to identify, detect, and respond to threats enterprises face, many of which current detection and response systems can’t detect or stop. The company’s new idea of cybersecurity is based on using generative AI to find threats and share that information with all of its applications, copilots, extended detection and response (XDR) systems, the cloud, and hybrid clouds in real-time. Gen AI is the new DNA of Microsoft’s broad security strategy.  

Attack data shows enterprise human and machine identities under siege

“The speed, scale, and sophistication of cyber attacks today are unparalleled, and security is the number one priority for CIOs worldwide,” said Microsoft CEO Satya Nadella on the company’s FY24 Q1 earnings call in October. He stated, “We see high demand for security copilot, the industry’s first and most advanced generative AI product, which is now seamlessly integrated with Microsoft Defender 365. 

Nadella said on the conference call that security copilot can stop attacks at machine speed, an area of concern for many CISOs. 

CISOs tell VentureBeat machine identities are growing exponentially faster than human ones, and one confided that up to 40% of endpoints are unknown on their network. 

Machine industries are growing so fast that it is estimated that most enterprises have up to 45 times more machine identities than human ones. Gen AI is table stakes for controlling and securing machine identities at scale. 

Microsoft detected password attacks surging from 579 per second to over 4,000 in the last two years. Existing systems need help to keep up with the rapidly growing number and complexity of password attacks. With cybercrime losses projected to reach $10.5 trillion globally by 2025, attackers continue fine-tuning their tradecraft with AI and exploring new breach strategies. 

Vasu Jakkal, Microsoft’s Corporate Vice President of Security, Compliance, Identity, and Management, says, “Generative AI is ushering in a new era of cyber defense by enabling us to be proactive instead of reactive. Microsoft Security has the largest data footprint in the world with 65 trillion daily signals, combined with expertise in global threat intelligence, monitoring more than 300+ threat groups, and insights on attacker behaviors from more than 1 million customers and over 15,000 partners.

Selling consolidation with gen-AI powered XDR 

With app and platform consolidation on the minds of nearly every CISO and CIO today, Microsoft’s decision to launch its unified security operations platform now is good timing, especially with its promise of delivering increased visibility across infrastructures. The operations platform security suite includes Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Security Copilot. 

Forrester Principal Analyst Allie Mellen told VentureBeat, “the Unified Security Operations platform strategy will be a boon to Microsoft’s efforts to get more customers leveraging a combination of Defender, Azure, and Sentinel. Given the massive changes the SIEM market is undergoing, this strategy will bring more Defender customers to Sentinel as they look for ways to reduce SIEM costs and unify their security tooling.”

“The CISO is always looking for opportunities to consolidate data to save costs. With XDR and SIEM separate, data for detection and investigation is stored in two separate places, which is frustrating for security teams that already have to defend their exorbitant SIEM budget,” Mellen said. 

“Bringing these two products together into a unified analyst experience simplifies security analyst workflow. They can now investigate and respond to incidents from XDR and SIEM in a single place, while still maintaining the quality of detections from XDR and the flexibility of SIEM,” Mellen observed. 

96% of CISOs plan to consolidate their security platforms, with 63% saying extended detection and response (XDR) is their top solution choice, according to Cynet’s 2022 survey of CISOs. Nearly all CISOs surveyed said they have consolidation on their roadmaps, up from 61% in 2021. Leading XDR platform providers include Broadcom, Cisco, CrowdStrike, Fortinet, Microsoft, Palo Alto Networks, SentinelOne, Sophos, TEHTRIS, Trend Micro, and VMWare.   

Microsoft sees the potential to sell XDR as a consolidation catalyst to its enterprise accounts. CrowdStrike’s XDR strategy is core to how it sells consolidation and was first introduced at its 2022 Fal.Con event. Palo Alto Networks’ strong focus on selling consolidation at its Ignite ’22 event has proven that positioning XDR as a consolidation catalyst is a lucrative strategy. In rebranding Microsoft Defender 365 to Defender XDR, Microsoft says the Defender platform now includes products beyond the Microsoft 365 suite. 

Defender XDR is also designed to protect devices across Windows, Linux, macOS, Android, and iOS and multi-cloud environments spanning Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). It’s an enterprise-level product strategy to drive consolidation at scale and win over the majority, if not all, of a cybersecurity tech stack.

Microsoft security copilot defines a new era of cybersecurity efficiency and expertise

Microsoft security copilot is designed to streamline and simplify security operations centers’ (SOC) analysts’ workloads while ensuring its secure and responsible use. 

Mellen told VentureBeat, “The announcement of Microsoft Copilot for security earlier this year kicked off a flurry of generative AI activity in the security industry, particularly around how it can improve analyst experience. The latest announcements from Microsoft refine their strategy and home in on the thing that matters most to security teams: how to ensure its secure, responsible, ethical use,” 

Microsoft copilot is now integrated with Microsoft Defender XDR and Sentinel solutions. This integration accelerates incident response with advanced features like guided investigation, rapid evidence aggregation, and malware analysis.

These areas include the following:  

• Integration into Microsoft Purview: Microsoft Security Copilot is now a core component of Microsoft Purview, a feature Microsoft had hinted at providing in the past. Having copilot as part of Pruviews will streamline data security and compliance management. This integration will also improve operational efficiency, especially in managing the high volume of alerts typically overwhelming data security teams.
• Enhanced Analyst Capabilities: The security copilot’s intuitive design will also help shorten the learning curve for new data security analysts, offering guided responses and the ability to generate detailed alert summaries swiftly. This not only speeds up response times but also serves as a practical training tool, enriching the skill sets of security professionals.
• Now included as part of Advanced eDiscovery Tools: The application of natural language processing in eDiscovery will save analysts hundreds of hours a year alone. It replaces complex keyword query languages, streamlining the search process for compliance admins and making it faster and more precise.
• Private Preview and Embedded Experience: Microsoft has also completed the integration of copilot into the Microsoft Intune admin center. IT admins and security analysts can use generative AI for tailored guidance, addressing specific organizational needs, including policy development and troubleshooting.
• Identity Management with Microsoft Entra: One of the most popular requests and features that Microsoft has hinted at in the past, security copilot is now integrated into Microsoft Entra to simplify identity management tasks, streamlining processes related to user credentials and access rights, crucial for investigating identity risks and handling daily identity tasks.
• Private Preview Expansion: Microsoft’s customers can integrate Security Copilot into various Microsoft solutions like Microsoft Entra, Purview, Intune, and Sentinel. This integration facilitates tasks such as identity management, device policy generation, data protection, compliance, risk management, and cloud security posture management.

AI’s impact on experiences and scale is just getting started  

Where Microsoft’s new XDR platform strategy shows how AI brings immediate scale and data sharing across previously separate apps and platforms, CrowdStrike’s launch today of CrowdStrike Falcon Go shows the flexibility and scale an AI-based XDR strategy can have to serve small and medium businesses (SMBs). 

CrowdStrike designed Falcon® Go to be configurable with a few quick clicks so SMBs can deploy the solution quickly and protect themselves against ransomware attacks and breaches. Just as Microsoft’s new platform represents the next generation of AI-powered security at the high end of the market, Falcon® Go represents the next generation of AI-native solutions for SMBs.

“Small and medium-sized businesses today need to think about compliance and security from day one,” said Josh Jones, head of corporate development at Vanta. “As the leader in trust management providing automated security and compliance for organizations of all sizes, our team shares CrowdStrike’s vision and passion for empowering SMBs to protect themselves from the complex cyber threats of today and tomorrow.”

“With Falcon, we have the confidence of CrowdStrike’s industry-leading protection so we can focus on running our business,” said Don Thorstenson, IT manager at BPG Designs. “Deploying and managing cybersecurity has never been this easy.”