Ignite 2023: Microsoft Introduces New Unified Security Operations Platform, Security Copilot Features


Key Takeaways:

  • Microsoft is merging Sentinel, Defender XDR, and Security Copilot into a unified security operations platform.
  • Microsoft is embedding Security Copilot into various security solutions, such as Microsoft Purview, Microsoft Entra, Microsoft Defender for Cloud, and Microsoft Intune.
  • The Security Copilot standalone experience gains new Defender EASM capabilities to provide insights into external attack surfaces.

It’s been a couple of months since Microsoft introduced Security Copilot, an AI-powered assistant that’s designed to help cybersecurity professionals detect breaches. At its Ignite 2023 conference, the company announced a slew of new updates coming to Security Copilot and the expansion of AI-powered capabilities across all clouds and platforms.

Vasu Jakkal, CVP of Security, Compliance, Identity & Privacy at Microsoft, shared the results of a recent controlled trial conducted to assess the impact of Security Copilot. The new security tool delivered responses that were 44 percent more accurate and incident reports that were 11 percent more precise. Participants also observed that the Copilot tool offered remediation steps that were 73 percent more appropriate.

Microsoft unveiled that it’s combining Sentinel, Defender XDR (formerly Microsoft Defender 365), and Security Copilot into a unified security operations platform to help customers manage and protect corporate data. “With a single set of automation rules and playbooks enriched with generative AI, coordinating response is now easier and quicker for analysts of every level. In addition, unified hunting now gives analysts the ability to query all SIEM and XDR data in one place to uncover threats and take appropriate remediation action,” explained Jakkal.

Microsoft Introduces New Unified Security Operations Platform, Security Copilot Features

The unified operations platform uses AI and machine learning to help security teams block sophisticated cyberattacks and detect financial fraud. They can use natural language commands to craft KQL queries, analyze scripts, create incident summaries, and perform other complex tasks in Defender XDR and Microsoft Sentinel. Microsoft encourages customers to contact their account team to join the public preview of the unified security operations platform.

Microsoft is enhancing its Security portfolio with new embedded experiences in Security Copilot, aiming to bolster threat detection and response capabilities. Additionally, the standalone experience of Security Copilot now consolidates signals from various security solutions, including Microsoft Defender, Microsoft Defender for Cloud, Microsoft Sentinel, Microsoft Intune, Microsoft Entra, and Microsoft Purview.

Security Copilot coming to Microsoft Purview and other security solutions

Microsoft plans to embed the Security Copilot experience in Microsoft Purview solutions. It will allow customers to quickly generate a comprehensive summary of alerts and information, expediting the investigation and response process. The AI translator capabilities in eDiscovery enable users to define search queries with natural language commands. Microsoft has also added new data security capabilities in the Security Copilot standalone experience.

In Microsoft Entra, Security Copilot will make it easier for cybersecurity teams to investigate identity risks and troubleshoot identity-related tasks. It’s possible to use natural language commands to ask questions about users, groups, permissions, and sign-ins. IT admins will be able to get a risk summary, remediation steps, and recommendations to mitigate identity risks. In Microsoft Entra ID Governance, administrators can use Security Copilot to streamline the creation of access rights and user credentials.

In Microsoft Defender for Cloud, Security Copilot provides AI-generated guidance to help IT Pros discover and remediate security risks and critical vulnerabilities in cloud environments. This capability is currently available in public preview for commercial customers. In Microsoft Intune, Security Copilot can help security analysts and IT admins with device, policy, and app management tasks. Other features include AI-powered troubleshooting, endpoint management features, and device policy generation.

The Security Copilot standalone experience is getting new Defender EASM capabilities to let security teams gain insights into their external attack surface. This capability provides visibility into critical vulnerabilities and helps to prioritize remediation efforts.

Microsoft Purview Data Loss Prevention now allows IT admins to configure policies to prevent employees from pasting sensitive information to select websites. Microsoft Defender for Cloud Apps is getting support for more than 400 large language model applications.

Microsoft expands end-to-end security to offer comprehensive protection

Microsoft Defender XDR is getting new threat intelligence capabilities to enhance protection against emerging cyberattacks. The Detonation Intelligence feature lets users search/contextualize threats and view results to detect malicious URLs and documents. Microsoft regularly updates vulnerability profiles when new information is discovered about vulnerabilities.

Microsoft Entra Permissions Management is getting new integration with Defender for Cloud. It should help to understand the correlation between access permissions and potential vulnerabilities across Azure, AWS, and Google Cloud. There is also an updated attack path analysis experience to block complex cloud attacks. Microsoft Purview is extending its data protection capabilities to provide access controls for structured and unstructured data types.

Last but not least, Microsoft is adding three new solutions to its Intune Suite in February next year. These include Microsoft Intune Enterprise Application Management, Microsoft Intune Advanced Analytics, and Microsoft Cloud PKI. Microsoft plans to expand the Intune Suite capabilities to government customers in March 2024.