Microsoft Partners with Rubrik to Enhance Incident Response with Generative AI


Microsoft has announced a new partnership with Zero Trust cybersecurity vendor Rubrik. The deal will allow enterprise customers to utilize natural language processing and generative AI to speed up security response times during cyber attacks.

Rubrik is a cybersecurity company that focuses on enhancing data security and operational resilience for organizations. It offers a platform that supports ransomware investigation, incident containment, sensitive data discovery, orchestrated application recovery, and Zero Trust data protection.

“In a time when bad actors are becoming increasingly inventive, organizations must lean on AI to turn the tables on attackers,” said Charlie Bell, EVP of Security, Compliance, Identity, and Management at Microsoft. “Working with Rubrik establishes a counterpoint to the modern threats that our customers are facing and allows organizations to react to incidents more quickly. Through the speed of AI, we believe security defenders will be able to identify and stop attacks faster than ever before.”

Rubrik explained that the new integration with Azure OpenAI Services would help security teams in the following ways:

  • Streamline incident creation: It detects malicious activities within Rubrik Security Cloud and automatically creates an incident in Microsoft Sentinel.
  • Recommend Task Workstreams: It provides recommendations for incident response activities to help IT admins expedite the investigation of security incidents.
  • Accelerate Cyber Recovery: It generates code for the investigation of incidents in Microsoft Sentinel.

The Rubrik Anomaly Detection service will use AI to ensure real-time monitoring of data backups and detection of file activity within the system. Subsequently, it identifies anomalies and forwards the data for further investigation to Microsoft Sentinel.

Microsoft Sentinel then uses the information to create special rules for monitoring purposes. If an anomaly is detected based on the rules, Microsoft Sentinel will automatically create a workspace where security teams can work together to investigate the issue. Additionally, it provides recommendations for immediate action to mitigate the security incident.

Microsoft’s ongoing investments bolster cybersecurity

This announcement is an important step in Microsoft’s ongoing efforts to integrate generative AI capabilities into its ecosystem. It will be interesting to see how the new partnership with Rubrik will help to protect businesses. Microsoft has recently announced a new Security Copilot tool that helps security teams with threat hunting and incident response.