At Microsoft, we see this moment giving rise to what we call the Frontier Firm: organizations that are human-led and agent-operated. With more than 80% of leaders already using agents or planning to within the year, we’re entering a world where every person may soon have an entire agentic team at their side¹. By 2028, IDC projects 1.3 billion agents in use—a scale that changes everything about how we work and how we secure².

In the agentic era, security must be ambient and autonomous, just like the AI it protects. This is our vision for security as the core primitive, woven into and around everything we build and throughout everything we do. At RSAC™ 2026 Conference, we’ll share how we are delivering on that vision through our AI-first, end-to-end, security platform that helps you protect every layer of the AI stack and secure with agentic AI.

Join us at RSAC Conference 2026—March 22–26 in San Francisco

RSAC 2026 will give you a front‑row seat to how AI is transforming the global threat landscape, and how defenders can stay ahead with:

• A deeper understanding of how AI is reshaping the global threat landscape
• Insight into how Microsoft can help you protect every layer of the AI stack and secure with agentic AI
• Product demos, curated sessions, executive conversations, and live meetings with our experts in the booth

This is your moment to see what’s next and what’s possible as we enter the era of agentic security.

Microsoft at RSAC™ 2026

From Microsoft Pre‑Day to innovation sessions, networking opportunities, and 1:1 meetings, explore experiences designed to help you navigate the age of AI with clarity and impact.

Explore conference events

Microsoft Pre-Day: Your first look at what’s next in security

Kick off RSAC 2026 on Sunday, March 22 at the Palace Hotel for Microsoft Pre‑Day, an exclusive experience designed to set the tone for the week ahead.

Hear keynote insights from Vasu Jakkal, CVP of Microsoft Security Business and other Microsoft security leaders as they explore how AI and agents are reshaping the security landscape.

You’ll discover how Microsoft is advancing agentic defense, informed by more than 100 trillion security signals each day. You’ll learn how solutions like Agent 365 deliver observability at every layer, and how Microsoft’s purpose‑built security capabilities help you secure every layer of the AI stack. You’ll also explore how our expert-led services can help you defend against cyberthreats, build cyber resilience, and transform your security operations.

The experience concludes with opportunities to connect, including a networking reception and an invite-only dinner for CISOs and security executives.

Microsoft Pre‑Day is your chance to hear what is coming next and prepare for the week ahead. Secure your spot today.

Executive events: Exclusive access to insights, strategy, and connections

For CISOs and senior security decision makers, RSAC 2026 offers curated experiences designed to deliver maximum value:

• CISO Dinner (Sunday, March 22): Join Microsoft Security executives and fellow CISOs for an intimate dinner following Microsoft Pre-Day. Share insights, compare strategies, and build connections that matter.
• The CISO and CIO Mandate for Securing and Governing AI (Monday, March 23): A session outlining why organizations need integrated AI security and governance to manage new risks and accelerate responsible innovation.
• Executive Lunch & Learn: AI Agents are here! Are you Ready? (Tuesday, March 24): A panel exploring how observability, governance, and security are essential to safely scaling AI agents and unlocking human potential.
• The AI Risk Equation: Visibility, Control, and Threat Acceleration (Wednesday, March 25): A deeply interactive discussion on how CISOs address AI proliferation, visibility challenges, and expanding attack surfaces while guiding enterprise risk strategy.
• Post-Day Forum (Thursday, March 26): Wrap up RSAC with an immersive, half‑day program at the Microsoft Experience Center in Silicon Valley—designed for deeper conversations, direct access to Microsoft’s security and AI experts, and collaborative sessions that go beyond the main‑stage content. Explore securing and managing AI agents, protecting multicloud environments, and deploying agentic AI through interactive discussions. Transportation from the city center will be provided. Space is limited, so register early.

These experiences are designed to help CISOs move beyond theory and into actionable strategies for securing their organizations in an AI-first world.

Keynote and sessions: Insights you can act on

On Monday, March 23, don’t miss the RSAC 2026 keynote featuring Vasu Jakkal, CVP of Microsoft Security. In Ambient and Autonomous Security: Building Trust in the Agentic AI Era (3:55 PM-4:15 PM PDT), learn how ambient, autonomous platforms with deep observability are evolving to address AI-powered threats and build a trusted digital foundation.

Here are two sessions you don’t want to miss:

1. Security, Governance, and Control for Agentic AI 

• Monday, March 23 | 2:20–3:10 PM. Learn the core principles that keep autonomous agents secure and governed so organizations can innovate with AI without sprawl, misuse, or unintended actions.
  • Speakers: Neta Haiby, Partner, Product Manager and Tina Ying, Director, Product Marketing, Microsoft 

2. Advancing Cyber Defense in the Era of AI Driven Threats 

• Tuesday, March 24 | 9:40–10:30 AM. Explore how AI elevates threat sophistication and what resilient, intelligence-driven defenses look like in this new era.
  • Speaker: Brad Sarsfield, Senior Director, Microsoft Security, NEXT.ai

Plus, don’t miss our sessions throughout the week: 

• Monday, March 23 
  • Cyber Coaches: Lessons from Securing US Water Infrastructure
• Tuesday, March 24 
  • How to Red Team a Frontier AI Model
  • Turning Mandates Into Momentum: Policy Tools for PQC Adoption 
  • AI, Identity, and Ethical Governance: Building Trust in High Stakes Systems
• Wednesday, March 25 
  • VC Investments—2026 and Beyond
  • The Fundamentals Forum: Let’s Get Back to Basics
• Thursday, March 26 
  • Beyond Red Teaming: Why AI Security Needs a Bigger Playbook
  • Architecting Systems for Human–AI Collaboration in Cyber Defense
  • Disrupting Cybercrime Networks, Successfully, Continuously, and at Scale
  • Automated Cyber Defense: Lessons from DARPA’s AI Cyber Challenge
  • AI on Trial: How CISOs Navigate Hype, Risk, and Accountability 

Microsoft Booth #5744: Theater sessions and interactive experiences

Visit the Microsoft booth at Moscone Center for an immersive look at how modern security teams protect AI‑powered environments. Connect with Microsoft experts, explore security and governance capabilities built for agentic AI, and see how solutions work together across identity, data, cloud, and security operations.

Test your skills and compete in security games

At the center of the booth is an interactive single‑player experience that puts you in a high‑stakes security scenario, working with adaptive agents to triage incidents, optimize conditional access, surface threat intelligence, and keep endpoints secure and compliant, then guiding you to demo stations for deeper exploration.

Quick sessions, big takeaways, plus a custom pet sticker

You can also stop by the booth theater for short, expert‑led sessions highlighting real‑world use cases and practical guidance, giving you a clear view of how to strengthen your security approach across the AI landscape—and while you’re there, don’t miss the Security Companion Sticker activation, where you can upload a photo of your pet and receive a curated AI-generated sticker.

Microsoft Security Hub: Your space to connect

Throughout the week, the iconic Palace Hotel will serve as Microsoft’s central gathering place—a welcoming hub where you can step away from the bustle of the conference. It’s a space to recharge and connect with Microsoft security experts and executives, participate in focused thought leadership sessions and roundtable discussions, and take part in networking experiences designed to spark meaningful conversations. Full details on sessions and activities are available on the Microsoft Security Experiences at RSAC™ 2026 page.

Customers can also take advantage of scheduled one-on-one meetings with Microsoft security experts during the week. These meetings offer an opportunity to dig deeper into today’s threat landscape, discuss specific product questions, and explore strategies tailored to your organization. To schedule a one-on-one meeting with Microsoft executives and subject matter experts, speak with your account representative or submit a meeting request form.

Partners: Building security together

Microsoft’s presence at RSAC 2026 isn’t just about our technology. It’s about the ecosystem. Visit the booth and the Security Hub to meet members of the Microsoft Intelligent Security Association (MISA) and explore how our partners extend and enhance Microsoft Security solutions. From integrated threat intelligence to compliance automation, these collaborations help you build a stronger, more resilient security posture.

Special thanks to Ascent Solutions, Avertium, BlueVoyant, CyberProof, Darktrace, and Huntress for sponsoring the Microsoft Security Hub and karaoke party.

Why join us at RSAC?

Attending RSAC™ 2026? By engaging with Microsoft Security, you’ll gain clear perspective on how AI agents are reshaping risk and response, practical guidance to help you focus on what matters most, and meaningful connections with peers and experts facing the same challenges.

Together, we can make the world safer for all. Join us in San Francisco and be part of the conversation defining the next era of cybersecurity.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹According to data from the 2025 Work Trend Index, 82% of leaders say this is a pivotal year to rethink key aspects of strategy and operations, and 81% say they expect agents to be moderately or extensively integrated into their company’s AI strategy in the next 12–18 months. At the same time, adoption on the ground is spreading but uneven: 24% of leaders say their companies have already deployed AI organization-wide, while just 12% remain in pilot mode.

²IDC Info Snapshot, sponsored by Microsoft, 1.3 Billion AI Agents by 2028, May 2025 #US53361825

The post Your complete guide to Microsoft experiences at RSAC™ 2026 Conference appeared first on Microsoft Security Blog.

But what actually needs to change? And what should you be doing about it? Read IDC’s latest research, The Next Era of Cloud Security: Cloud-Native Application Protection Platform and Beyond, to dive deep into the future of cloud security—and what it means for chief information security officers (CISOs), security architects, and product leaders.

Five IDC insights into the evolving cloud security landscape

1. One platform is quietly becoming a top investment

IDC research found that cloud-native application protection platforms (CNAPPs) are now one of the top three security investments for 2025. Why? Because they’re solving problems that legacy tools can’t, protecting cloud-native applications throughout their lifecycle—further reinforcing the importance of ecosystems, consolidation, and more.

2. The role of the CISO is evolving to align security with business priorities

In 37% of organizations, CISOs now have ownership over cloud security management. IDC calls them “3D CISOs.” They don’t just manage risk—they drive business outcomes and digital innovation. These leaders are reshaping how security is embedded across the organization, from DevOps pipelines to boardroom conversations. IDC’s whitepaper details the expanded and evolving role of CISOs and their impact on improving the overall security posture of organizations.   

3. Tool sprawl increases costs and introduces vulnerabilities

Organizations are grappling with tool sprawl, using an average of 10 cloud security tools and often adding more each year. This complexity—driven by fragmented platforms, regulatory requirements, and integration challenges—creates blind spots and slows response times. But stopping the sprawl isn’t easy. It requires a deliberate approach, anchored in a unified security platform that simplifies operations and strengthens protection. IDC research underscores this, highlighting how greater visibility and tool consolidation drive measurable gains in efficiency and cost management.

4. Generative AI is already changing the game

Forget the hype. Generative AI is delivering real value for cloud security—from automated threat detection to faster incident response, and more. IDC’s data shows how security teams are using generative AI, including how it can enhance the capabilities of security analysts and allow them to focus on more complex tasks.

5. The future is integrated and autonomous

Security leaders are moving toward unified security operations (SecOps) platforms that combine cloud-native protection, threat intelligence, and AI-powered automation. Some are exploring the new frontier of agentic AI—autonomous systems that can detect, isolate, and remediate known cyberthreats without human intervention. The IDC whitepaper explores what this future looks like—and how close we really are.

Why mitigating security risk matters now more than ever

Cloud security is a critical business imperative. As IDC puts it, “Security risk is business risk.” The decisions you make today will shape your organization’s resilience, agility, and ability to innovate tomorrow. Whether you’re a CISO or a cloud architect, this research offers a roadmap for navigating what’s next. It’s not just about buying new tools. It’s about building a smarter, more unified approach to cloud security.

Ready to see what’s inside?

71% of organizations surveyed believe that over the next two years, it would be beneficial for their organization to invest in a unified SecOps platform that includes technologies such as extended detection and response (XDR), endpoint detection and response (EDR), security information and event management (SIEM), CNAPP and cloud security, generative AI, and threat intelligence. But that’s easier said than done. And in this post, we’ve only scratched the surface. The full IDC study covers:

• The evolving role of CNAPP in cloud security.
• How CISOs are aligning security with business goals.
• The impact of generative AI and agentic AI on security operations center (SOC) operations.
• Strategies for reducing tool sprawl and improving visibility.
• Guidance for integrating CNAPP with XDR, SIEM, and managed services.

Innovate faster with Microsoft

Microsoft’s integrated CNAPP, powered by industry-leading generative AI and threat intelligence, unifies security across the entire application lifecycle. With comprehensive visibility, real-time cloud detection and response, and proactive risk prioritization, it protects your modern cloud and AI applications from code to runtime.

Microsoft empowers your security teams to identify, prioritize, and mitigate risks early, adhere to compliance and regulatory requirements, prevent cloud breaches, and stay ahead of emerging cloud and AI cyberthreats. Innovate securely, quickly, and confidently, across hybrid and multicloud environments.

Learn more

Read IDC’s full whitepaper, The Next Era of Cloud Security: Cloud-Native Application Protection Platform and Beyond.

Learn about our new e-book: The 5 generative AI security threats you need to know.

Sign up to read the quick-start e-book to Executing cloud-native application protection platform (CNAPP) strategy.

Learn more about Microsoft Defender for Cloud.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Microsoft Ignite

Join us at Microsoft Ignite to explore the latest solutions for securing AI. Connect with industry leaders, innovators, and peers shaping what’s next.

San Francisco on November 17-21
Online (free) on November 18-20

Register now

The post New IDC research highlights a major cloud security shift appeared first on Microsoft Security Blog.

The shift is already underway:

• 66% of organizations are developing or planning to develop custom generative AI applications.²

• 88% of organizations are somewhat or extremely concerned about indirect prompt injection attacks.³

• 80% of business leaders cite sensitive data leakage via AI as a top concern.⁴

To help organizations navigate this new landscape, Microsoft has published a new guide, titled 5 Generative AI Security Threats You Must Know About. In this blog post, we’ll highlight the key themes covered in the e-book, including the challenges organizations face, the top generative AI threats to organizations, and how companies can enhance their security posture to meet the dangers of today’s unpredictable AI environments.

5 Generative AI Security Threats You Must Know About 

A definitive guide to unifying security across cloud and AI applications.

Read the guide

Security leaders face urgent challenges

As generative AI becomes embedded in enterprise workflows, security leaders face a new set of challenges that demand a shift in strategy. These aren’t just technical hurdles, they’re architectural, behavioral, and operational risks that require a broader, unified approach to security.

• Cloud vulnerabilities
  Most generative AI applications are cloud-based, which means cyberattackers can exploit weaknesses in the model, app, or infrastructure to move laterally and compromise sensitive data or model integrity.

• Data exposure risks
  GenAI thrives on large datasets—but that scale also makes it a prime target. Security teams must contend with the risk of data leakage and the complexity of enforcing governance across sprawling environments.

• Unpredictable model behavior
  Generative AI models don’t always behave predictably. The same input can yield different outputs, making it difficult to anticipate how models will respond to malicious prompts or manipulation. This opens the door to prompt injection attacks and AI agent abuse.

These foundational risks set the stage for an even more pressing reality: as generative AI scales, cyberattackers are exploiting its unique weaknesses in ways that demand security leaders’ immediate attention—starting with the top cyberthreats you need to watch.

Critical generative AI threats to watch

Generative AI introduces a new class of cyberthreats that go beyond traditional cloud vulnerabilities, targeting the very architecture and behavior of AI systems. These risks aren’t simply technical—they challenge the trust, integrity, and resilience of models that organizations increasingly rely on. Cyberattackers are finding creative ways to exploit the data-driven nature of AI, turning its strengths into weaknesses that demand fresh strategies and defenses.

Among the most critical cyberthreats are poisoning attacks, where cyberattackers manipulate training data to skew outputs and erode accuracy. Evasion attacks take a different route, using obfuscation or jailbreak prompts to slip harmful content past AI filters. And perhaps most insidious are prompt injection attacks—carefully crafted inputs that override original instructions, steering models toward unintended or malicious actions. These cyberthreats and more underscore why security leaders must rethink traditional approaches and build AI-specific safeguards. For a deeper dive into critical threats and practical guidance on mitigation, read the full Microsoft guide: 5 Generative AI Security Threats You Must Know About.

Building a proactive defense for AI and multicloud environments

Modern cybersecurity requires a holistic approach that correlates signals across applications, infrastructure, and user behavior. In the e-book, we explore how cloud-native application protection platforms (CNAPP) simplify this complexity by unifying tools like cloud security posture management (CSPM), cloud infrastructure entitlement management (CIEM), and cloud workload protection platform (CWPP) into a single platform. By stitching together identity data, storage logs, code vulnerabilities, and internet exposure, CNAPP provides security teams with full context to detect and remediate cyberthreats faster. This integrated view is critical as generative AI introduces unpredictable behaviors, making traditional siloed defenses insufficient.

Microsoft Defender for Cloud exemplifies this proactive model by delivering end-to-end AI security across development and runtime. It scans code repositories for misconfigurations, monitors container images for vulnerabilities, and continuously maps attack paths to sensitive assets. In runtime, Defender for Cloud detects AI-specific threats such as jailbreak attacks, credential theft, and data leakage—leveraging more than 100 trillion daily signals from Microsoft Threat Intelligence.² By combining posture management with real-time threat protection, organizations can secure generative AI workloads and maintain trust in an evolving cyberthreat landscape. 

Redefining security for the generative AI era

As generative AI becomes foundational, security leaders must evolve their strategies. Microsoft helps organizations unify security and governance across the full cloud and AI app lifecycle. With comprehensive visibility, proactive risk prioritization, and real-time detection and response, Microsoft protects your modern cloud and AI assets from code to runtime—while helping you comply with evolving regulations and standards. 

Organizations like Icertis are already taking action.

Microsoft Defender for Cloud emerged as our natural choice for the first line of defense against AI-related threats. It meticulously evaluates the security of our Azure OpenAI deployments, monitors usage patterns, and promptly alerts us to potential threats. These capabilities empower our Security Operations Center (SOC) teams to make more informed decisions based on AI detections, ensuring that our AI-[powered] contract management remains secure, reliable, and ahead of emerging threats.

—Subodh Patil, Principal Cyber Security Architect, Icertis

Generative AI is transforming cybersecurity—empowering defenders while giving cyberattackers new tools to scale phishing, deepfakes, and adaptive malware. To understand the top AI-powered cyberthreats and how to mitigate them, get the e-book: 5 Generative AI Security Threats You Must Know About.

Explore more resources:

• Learn more about Microsoft Cloud Security Solutions.

• Learn about Security for AI.

Learn more with Microsoft Security

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Microsoft Ignite

Join us at Microsoft Ignite to explore the latest solutions for securing AI. Connect with industry leaders, innovators, and peers shaping what’s next.

San Francisco on November 17-21
Online (free) on November 18-20

Register now

¹ Microsoft Digital Defense Report 2025

²Accelerate AI transformation with strong security: The path to securely embracing AI adoption in your organization, Microsoft Security.

³ If your org’s using any virtual assistants with AI capabilities, are you concerned about indirect prompt injection attacks?

⁴ THE NEXT ERA OF CLOUD SECURITY: Cloud-Native Application Protection Platform and Beyond“, Doc. #US53297125, April 2025

The post The 5 generative AI security threats you need to know about detailed in new e-book appeared first on Microsoft Security Blog.

Join us, in San Francisco from November 17–21, 2025—or online from November 18–20, 2025—as we spotlight our AI-first, end-to-end security platform designed to protect identities, devices, data, applications, clouds, infrastructure, and—critically—AI systems and agents.

Why security professionals should attend Microsoft Ignite: 

• Learn from experts and peers: Hear from industry leaders, security executives, and customers about security innovations, trends and real-world results. 
• Explore cutting-edge solutions: Dive into cloud, AI, and security tools through in-depth sessions, hands-on labs, and solution showcases. 
• Grow your skills and credentials: Take certification exams and test our latest security solutions with guidance from experts. (One free exam included with conference registration). 
• Connect and collaborate: Network with security experts, partners, and peers at community spaces, evening events, and one-on-one meetings.
• Focus on your specialty: Attend targeted presentations and sessions designed for security professionals and other roles. 

Explore the security sessions at Microsoft Ignite 2025

Discover sessions tailored for security pros. Filter by topic, format, and role to plan your Microsoft Ignite experience.

Explore the catalog

Make the most of your time at Microsoft Ignite

Whether you’re joining Microsoft Ignite in person or online, you’ll have access to a full slate of experiences designed to help you connect, learn, and grow as a security professional. Explore what’s in store below. 

• Keynote: The Ignite keynote will include a dedicated security segment featuring Vasu Jakkal, Corporate Vice President (CVP) of Microsoft Security Business, and Charlie Bell, Executive Vice President of Microsoft Security. Together, they’ll explore the future of cybersecurity in the age of AI—setting the stage for deeper conversations throughout the event.  
• Start strong at the Security Forum (November 17, 2025): Kick off Microsoft Ignite a day early with the Security Forum, an immersive, in-person event featuring in-depth discussions, interactive roundtables, and fresh insights from Microsoft leaders and industry experts—including Vasu Jakkal, CVP of Microsoft Security Business, and Ann Johnson, CVP and Deputy Chief Information Security Officer (CISO), Customer Security Management Office. Select the Security Forum option during your Microsoft Ignite registration.
• Breakout sessions: Explore the latest security strategies, tools, and trends with expert-led presentations and panel discussions. These sessions are designed to deliver actionable insights and practical solutions for today’s security challenges. If you’re a Microsoft Security partner, be sure to check out the partner-focused security sessions at Microsoft Ignite. 
• Theater sessions: Experience fast-paced, demo-driven talks in the Innovation Hub, where you’ll see real-world applications of Microsoft security technologies and learn advanced techniques to strengthen your security posture. 
• Hands-on labs: Dive into practical, instructor-led labs where you can test drive the newest Microsoft security tools and technologies. These sessions are designed to help you build real-world skills, troubleshoot with experts, and walk away ready to implement what you’ve learned.
• Earn Microsoft Security certifications: Take advantage of onsite certification opportunities to validate your expertise and advance your career. Whether you’re looking to deepen your knowledge or showcase your skills, earning certifications in in Microsoft security products is a powerful way to stand out.
• Networking and community events: Microsoft Ignite is where the security community comes together. Meet peers, Microsoft engineers, and most-valued partners (MVPs) at expert meetups, connection pods, and community theater sessions, including these two exclusive experiences on Tuesday, November 18, 2025:
  • Security Leaders Dinner: Join Microsoft Security executives for an elevated dining experience at the Palace Hotel in San Francisco. Enjoy meaningful conversations and build connections with fellow security leaders over dinner. (Registration required, exclusive to CISOs and Vice Presidents. Request your spot today.)
  • Secure the Night party: Celebrate with fellow security professionals and partners at our signature evening event. Enjoy music, drinks, and entertainment while networking in a relaxed, festive atmosphere. Many thanks to our sponsors and members of the Microsoft Intelligent Security Association (MISA), Ascent Solutions, BlueVoyant, Darktrace, Illumio, Inforcer, LTIMindtree, Security Risk Advisors, and Yubico. (Registration required. Get on the guest list.)
• Microsoft Intelligent Security Association (MISA): Security is a team sport, and we’re excited to be joined by members of MISA at our Expert meet up area where select partners will demo their solutions. MISA will also be hosting a happy hour for members on Wednesday November 19, 2025. Members, secure your spot today!

Below, we break down the three core security themes shaping this year’s experience, along with the sessions you won’t want to miss. See the full sessions catalog.

Modernize your security operations

See how our unified, AI-powered platform brings together the foundational tools security teams use to prevent, detect, respond to, and defend against cyberthreats—all while streamlining operations.

Breakout sessions: Explore the latest in Microsoft Sentinel, Microsoft Defender, and Microsoft Entra—where security is integrated into every layer of your AI stack. Learn how scalable architectures, agentic workflows, and unified controls automate threat response, reshape security operations center (SOC) operations, and protect identities for both humans and AI agents. Expect deep dives into Microsoft Security Copilot agents, AI-powered security, predictive SOC strategies, Zero Trust, compliance, and integrated security foundations—all led by our top security experts.

Theater sessions: Get fast-paced, demo-driven insights in the Innovation Hub. See how to eliminate passwords with phishing-resistant passkeys, build custom Security Copilot agents, and stop ransomware before it starts. Learn advanced automation and hunting techniques with Microsoft Sentinel.

Hands-on labs: Turn theory into practice with real-world scenarios. Test drive Microsoft Defender XDR, implement Zero Trust across identities and devices, and integrate Microsoft Purview with Microsoft Defender for enhanced visibility. Instructor-led labs help you build skills, troubleshoot with experts, and leave Microsoft Ignite ready to modernize your SOC.

Protect your cloud and AI

Explore ways to protect your cloud and AI platforms, apps, and agents, from code to runtime, with Microsoft Defender, Microsoft Purview, and Microsoft Entra.

Breakout sessions: Learn how to secure cloud-native and AI workloads with Microsoft Defender for Cloud, implement proactive posture management, and automate threat detection and response. Explore design strategies for securing agentic AI systems across the lifecycle, aligned with the Microsoft Secure Future Initiative, and discover new capabilities for agent visibility, governance, and least-privilege access.

Theater sessions: Get practical guidance on strengthening your Microsoft Azure security posture, aligning AI innovation with compliance using Microsoft Purview, and enabling secure SAP access with Microsoft Entra ID Governance. See how Microsoft’s unified platform defends cloud environments, applications, and data—integrating Zero Trust, compliance, and threat intelligence across every layer.

Hands-on labs: Gain real-world experience mitigating threats with Defender for Cloud, maximizing Cloud Security Posture Management (CSPM), and safeguarding AI agents across their lifecycle. These instructor-led labs help you build practical skills in cloud and AI security, ensuring you’re ready to protect what matters most as your organization innovates.

Secure your data

Simplify investigations, address insider risks, and protect sensitive data—across clouds, devices, AI apps, and agents—to meet the challenges of tomorrow.

Breakout sessions: Discover how Microsoft Purview delivers layered data protection to prevent exfiltration, secures data wherever it lives, and integrates across Microsoft 365, Microsoft Azure, Windows, and Microsoft Fabric. Learn best practices for classification, labeling, and data loss prevention (DLP), scale investigations with AI-powered Data Security Investigations, and enable secure Microsoft Copilot adoption with safeguards to prevent data loss and insider risks.

Theater sessions: See how Microsoft Purview Compliance Manager unifies compliance, security, and AI readiness, and how to leverage existing security investments for comprehensive data protection. Explore how Microsoft Purview Data Security Posture Management delivers actionable insights to strengthen your data security posture.

Hands-on labs: Get practical experience creating and managing sensitive information types and labels, implementing insider risk management and adaptive protection, and configuring DLP policies across Microsoft 365. These labs equip you with real-world skills to secure data and meet tomorrow’s challenges.

Don’t miss your chance to be part of Microsoft Ignite. Register today to secure your spot, connect with the global security community, and get hands-on with the latest innovations. Join us in San Francisco or online—your journey to stronger security starts here. Conference passes are limited—use RSVP code ATXTJ77W to secure your spot. Once capacity is reached, we will no longer be able to accept registrations. Your RSVP code expires October 20—register today.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Securing agentic AI: Your guide to the Microsoft Ignite sessions catalog appeared first on Microsoft Security Blog.

At Microsoft Ignite 2025, we will showcase end-to-end security innovations and share world-class threat and regulatory intelligence to give you the advantage you need to safely adopt AI and face the rapidly changing threat landscape. Register today using RSVP code ATXTJ77W to secure your spot and join us November 17-21, 2025, in San Francisco, California—or online November 18-21, 2025—for a week of immersive learning, hands-on experiences, and strategic insights tailored for security leaders, practitioners, and innovators.

Why attend? Because security can’t wait

The security community comes together at Microsoft Ignite to explore the latest innovations, share real-world insights, and connect with peers and industry leaders, including Charlie Bell, Executive Vice President, Microsoft Security, and Vasu Jakkal, Corporate Vice President, Microsoft Security Business. Whether you’re a chief information security officer (CISO), security operations (SecOps) lead, identity architect, or cloud security engineer, this year’s event is designed to help you:

• Accelerate secure AI adoption with ready-to-go security and governance tools.
• Modernize your SecOps with an AI-first, end-to-end security platform.
• Protect your data, identities, and infrastructure across clouds, devices, and applications.
• Stay ahead of cyberthreats with world-class threat intelligence and regulatory insights.

From the Microsoft Security Forum to hands-on labs and certification opportunities, here’s what you can expect.

Microsoft Security Forum (Monday, November 17, 2025)

Kick off Microsoft Ignite a day early with a half-day pre-conference forum dedicated to security. Hear from Microsoft leaders, industry experts, and peers as they unpack the latest threat intelligence, secure AI strategies, and real-world insights. Join us for presentations, demos, and roundtable discussions, and gain actionable insights to lead confidently in the era of AI-powered security. Space is limited—register early to secure your spot!

Security is a team sport—and Microsoft Ignite is your chance to connect with the best in the business. There will be multiple community events throughout the week. Don’t miss the Secure the Night party—our signature celebration with customers and partners on Tuesday, November 18, 2025. Register here (please note, the party requires a separate registration from the main conference).

Connect with the Security Community at Microsoft Ignite 2025

Join Microsoft Security leaders on Tuesday, November 18, 2025, at the Palace Hotel in San Francisco for an evening of good food and great conversation. Network with peers from across the industry, share ideas, and build new connections. After dinner, join us for Secure the Night—a casual evening of music, drinks, and continued networking. Request your spot today.

One-on-one meetings

Schedule time with Microsoft Security leaders and experts to discuss your most pressing questions.

Hands-on labs and demos

Get under the hood of Microsoft’s latest security innovations. Explore live demos and participate in hands-on labs featuring:

Certifications and career growth

Advance your career with Microsoft Security certifications. Whether you’re looking to validate your skills or expand your expertise, Microsoft Ignite offers multiple opportunities to get certified on-site.

Register now

The future of security is being written today—and you have a front-row seat. Meet the experts, see the tech, and learn how you can accelerate your AI adoption. We look forward to seeing you there!

Microsoft Ignite 2025

Join us in San Francisco or online for a week of immersive learning, hands-on experiences, and strategic insights. Register now.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Connect with the security community at Microsoft Ignite 2025 appeared first on Microsoft Security Blog.

Microsoft maintains a continuous effort to protect its platforms and customers from fraud and abuse. From blocking imposters on Microsoft Azure and adding anti-scam features to Microsoft Edge, to fighting tech support fraud with new features in Windows Quick Assist, this edition of Cyber Signals takes you inside the work underway and important milestones achieved that protect customers.

We are all defenders. 

Between April 2024 and April 2025, Microsoft:

• Thwarted $4 billion in fraud attempts.
• Rejected 49,000 fraudulent partnership enrollments.
• Blocked about 1.6 million bot signup attempts per hour.

The evolution of AI-enhanced cyber scams

AI has started to lower the technical bar for fraud and cybercrime actors looking for their own productivity tools, making it easier and cheaper to generate believable content for cyberattacks at an increasingly rapid rate. AI software used in fraud attempts runs the gamut, from legitimate apps misused for malicious purposes to more fraud-oriented tools used by bad actors in the cybercrime underground.

AI tools can scan and scrape the web for company information, helping cyberattackers build detailed profiles of employees or other targets to create highly convincing social engineering lures. In some cases, bad actors are luring victims into increasingly complex fraud schemes using fake AI-enhanced product reviews and AI-generated storefronts, where scammers create entire websites and e-commerce brands, complete with fake business histories and customer testimonials. By using deepfakes, voice cloning, phishing emails, and authentic-looking fake websites, threat actors seek to appear legitimate at wider scale.

According to the Microsoft Anti-Fraud Team, AI-powered fraud attacks are happening globally, with much of the activity coming from China and Europe, specifically Germany due in part to Germany’s status as one of the largest e-commerce and online services markets in the European Union (EU). The larger a digital marketplace in any region, the more likely a proportional degree of attempted fraud will take place.

E-commerce fraud

Fraudulent e-commerce websites can be set up in minutes using AI and other tools requiring minimal technical knowledge. Previously, it would take threat actors days or weeks to stand up convincing websites. These fraudulent websites often mimic legitimate sites, making it challenging for consumers to identify them as fake. 

Using AI-generated product descriptions, images, and customer reviews, customers are duped into believing they are interacting with a genuine merchant, exploiting consumer trust in familiar brands.

AI-powered customer service chatbots add another layer of deception by convincingly interacting with customers. These bots can delay chargebacks by stalling customers with scripted excuses and manipulating complaints with AI-generated responses that make scam sites appear professional.

In a multipronged approach, Microsoft has implemented robust defenses across our products and services to protect customers from AI-powered fraud. Microsoft Defender for Cloud provides comprehensive threat protection for Azure resources, including vulnerability assessments and threat detection for virtual machines, container images, and endpoints.

Microsoft Edge features website typo protection and domain impersonation protection using deep learning technology to help users avoid fraudulent websites. Edge has also implemented a machine learning-based Scareware Blocker to identify and block potential scam pages and deceptive pop-up screens with alarming warnings claiming a computer has been compromised. These attacks try to frighten users into calling fraudulent support numbers or downloading harmful software.

Job and employment fraud

The rapid advancement of generative AI has made it easier for scammers to create fake listings on various job platforms. They generate fake profiles with stolen credentials, fake job postings with auto-generated descriptions, and AI-powered email campaigns to phish job seekers. AI-powered interviews and automated emails enhance the credibility of job scams, making it harder for job seekers to identify fraudulent offers.

To prevent this, job platforms should introduce multifactor authentication for employer accounts to make it harder for bad actors to take over legitimate hirers’ listings and use available fraud-detection technologies to catch suspicious content.

Fraudsters often ask for personal information, such as resumes or even bank account details, under the guise of verifying the applicant’s information. Unsolicited text and email messages offering employment opportunities that promise high pay for minimal qualifications are typically an indicator of fraud.

Employment offers that include requests for payment, offers that seem too good to be true, unsolicited offers or interview requests over text message, and a lack of formal communication platforms can all be indicators of fraud.

Tech support scams

Tech support scams are a type of fraud where scammers trick victims into unnecessary technical support services to fix a device or software problems that don’t exist. The scammers may then gain remote access to a computer—which lets them access all information stored on it, and on any network connected to it or install malware that gives them access to the computer and sensitive data.

Tech support scams are a case where elevated fraud risks exist, even if AI does not play a role. For example, in mid-April 2024, Microsoft Threat Intelligence observed the financially motivated and ransomware-focused cybercriminal group Storm-1811 abusing Windows Quick Assist software by posing as IT support. Microsoft did not observe AI used in these attacks; Storm-1811 instead impersonated legitimate organizations through voice phishing (vishing) as a form of social engineering, convincing victims to grant them device access through Quick Assist. 

Quick Assist is a tool that enables users to share their Windows or macOS device with another person over a remote connection. Tech support scammers often pretend to be legitimate IT support from well-known companies and use social engineering tactics to gain the trust of their targets. They then attempt to employ tools like Quick Assist to connect to the target’s device. 

Quick Assist and Microsoft are not compromised in these cyberattack scenarios; however, the abuse of legitimate software presents risk Microsoft is focused on mitigating. Informed by Microsoft’s understanding of evolving cyberattack techniques, the company’s anti-fraud and product teams work closely together to improve transparency for users and enhance fraud detection techniques. 

The Storm-1811 cyberattacks highlight the capability of social engineering to circumvent security defenses. Social engineering involves collecting relevant information about targeted victims and arranging it into credible lures delivered through phone, email, text, or other mediums. Various AI tools can quickly find, organize, and generate information, thus acting as productivity tools for cyberattackers. Although AI is a new development, enduring measures to counter social engineering attacks remain highly effective. These include increasing employee awareness of legitimate helpdesk contact and support procedures, and applying Zero Trust principles to enforce least privilege across employee accounts and devices, thereby limiting the impact of any compromised assets while they are being addressed. 

Microsoft has taken action to mitigate attacks by Storm-1811 and other groups by suspending identified accounts and tenants associated with inauthentic behavior. If you receive an unsolicited tech support offer, it is likely a scam. Always reach out to trusted sources for tech support. If scammers claim to be from Microsoft, we encourage you to report it directly to us at http://approjects.co.za/?big=reportascam. 

Building on the Secure Future Initiative (SFI), Microsoft is taking a proactive approach to ensuring our products and services are “Fraud-resistant by Design.” In January 2025, a new fraud prevention policy was introduced: Microsoft product teams must now perform fraud prevention assessments and implement fraud controls as part of their design process. 

Recommendations

• Strengthen employer authentication: Fraudsters often hijack legitimate company profiles or create fake recruiters to deceive job seekers. To prevent this, job platforms should introduce multifactor authentication and Verified ID as part of Microsoft Entra ID for employer accounts, making it harder for unauthorized users to gain control.
• Monitor for AI-based recruitment scams: Companies should deploy deepfake detection algorithms to identify AI-generated interviews where facial expressions and speech patterns may not align naturally.
• Be cautious of websites and job listings that seem too good to be true: Verify the legitimacy of websites by checking for secure connections (https) and using tools like Microsoft Edge’s typo protection.
• Avoid providing personal information or payment details to unverified sources: Look for red flags in job listings, such as requests for payment or communication through informal platforms like text messages, WhatsApp, nonbusiness Gmail accounts, or requests to contact someone on a personal device for more information.

Using Microsoft’s security signal to combat fraud

Microsoft is actively working to stop fraud attempts using AI and other technologies by evolving large-scale detection models based on AI, such as machine learning, to play defense by learning from and mitigating fraud attempts. Machine learning is the process that helps a computer learn without direct instruction using algorithms to discover patterns in large datasets. Those patterns are then used to create a comprehensive AI model, allowing for predictions with high accuracy.

We have developed in-product safety controls that warn users about potential malicious activity and integrate rapid detection and prevention of new types of attacks.

Our fraud team has developed domain impersonation protection using deep-learning technology at the domain creation stage, to help protect against fraudulent e-commerce websites and fake job listings. Microsoft Edge has incorporated website typo protection, and we have developed AI-powered fake job detection systems for LinkedIn.

Microsoft Defender Smartscreen is a cloud-based security feature that aims to prevent unsafe browsing habits by analyzing websites, files, and applications based on their reputation and behavior. It is integrated into Windows and the Edge browser to help protect users from phishing attacks, malicious websites, and potentially harmful downloads.

Furthermore, Microsoft’s Digital Crimes Unit (DCU) partners with others in the private and public sector to disrupt the malicious infrastructure used by criminals perpetuating cyber-enabled fraud. The team’s longstanding collaboration with law enforcement around the world to respond to tech support fraud has resulted in hundreds of arrests and increasingly severe prison sentences worldwide. The DCU is applying key learnings from past actions to disrupt those who seek to abuse generative AI technology for malicious or fraudulent purposes. 

Quick Assist features and remote help combat tech support fraud

To help combat tech support fraud, we have incorporated warning messages to alert users about possible tech support scams in Quick Assist before they grant access to someone approaching them purporting to be an authorized IT department or other support resource.

Windows users must read and click the box to acknowledge the security risk of granting remote access to the device.

Microsoft has significantly enhanced Quick Assist protection for Windows users by leveraging its security signal. In response to tech support scams and other threats, Microsoft now blocks an average of 4,415 suspicious Quick Assist connection attempts daily, accounting for approximately 5.46% of global connection attempts. These blocks target connections exhibiting suspicious attributes, such as associations with malicious actors or unverified connections.

Microsoft’s continual focus on advancing Quick Assist safeguards seeks to counter adaptive cybercriminals, who previously targeted individuals opportunistically with fraudulent connection attempts, but more recently have sought to target enterprises with more organized cybercrime campaigns that Microsoft’s actions have helped disrupt.

Our Digital Fingerprinting capability, which leverages AI and machine learning, drives these safeguards by providing fraud and risk signals to detect fraudulent activity. If our risk signals detect a possible scam, the Quick Assist session is automatically ended. Digital Fingerprinting works by collecting various signals to detect and prevent fraud.

For enterprises combating tech support fraud, Remote Help is another valuable resource for employees. Remote Help is designed for internal use within an organization and includes features that make it ideal for enterprises.

By reducing scams and fraud, Microsoft aims to enhance the overall security of its products and protect its users from malicious activities.

Consumer protection tips

Fraudsters exploit psychological triggers such as urgency, scarcity, and trust in social proof. Consumers should be cautious of:

• Impulse buying—Scammers create a sense of urgency with “limited-time” deals and countdown timers.
• Trusting fake social proof—AI generates fake reviews, influencer endorsements, and testimonials to appear legitimate.
• Clicking on ads without verification—Many scam sites spread through AI-optimized social media ads. Consumers should cross-check domain names and reviews before purchasing.
• Ignoring payment security—Avoid direct bank transfers or cryptocurrency payments, which lack fraud protections.

Job seekers should verify employer legitimacy, be on the lookout for common job scam red flags, and avoid sharing personal or financial information with unverified employers.

• Verify employer legitimacy—Cross-check company details on LinkedIn, Glassdoor, and official websites to verify legitimacy.
• Notice common job scam red flags—If a job requires upfront payments for training materials, certifications, or background checks, it is likely a scam. Unrealistic salaries or no-experience-required remote positions should be approached with skepticism. Emails from free domains (such as johndoehr@gmail.com instead of hr@company.com) are also typically indicators of fraudulent activity.
• Be cautious of AI-generated interviews and communications—If a video interview seems unnatural, with lip-syncing delays, robotic speech, or odd facial expressions, it could be deepfake technology at work. Job seekers should always verify recruiter credentials through the company’s official website before engaging in any further discussions.
• Avoid sharing personal or financial information—Under no circumstances should you provide a Social Security number, banking details, or passwords to an unverified employer.

Microsoft is also a member of the Global Anti-Scam Alliance (GASA), which aims to bring governments, law enforcement, consumer protection organizations, financial authorities and providers, brand protection agencies, social media, internet service providers, and cybersecurity companies together to share knowledge and protect consumers from getting scammed.

Recommendations

• Remote Help: Microsoft recommends using Remote Help instead of Quick Assist for internal tech support. Remote Help is designed for internal use within an organization and incorporates several features designed to enhance security and minimize the risk of tech support hacks. It is engineered to be used only within an organization’s tenant, providing a safer alternative to Quick Assist.
• Digital Fingerprinting: This identifies malicious behaviors and ties them back to specific individuals. This helps in monitoring and preventing unauthorized access.
• Blocking full control requests: Quick Assist now includes warnings and requires users to check a box acknowledging the security implications of sharing their screen. This adds a layer of helpful “security friction” by prompting users who may be multitasking or preoccupied to pause to complete an authorization step.

Kelly Bissell: A cybersecurity pioneer combating fraud in the new era of AI

Kelly Bissell’s journey into cybersecurity began unexpectedly in 1990. Initially working in computer science, Kelly was involved in building software for healthcare patient accounting and operating systems at Medaphis and Bellsouth, now AT&T.

His interest in cybersecurity was sparked when he noticed someone logged into a phone switch attempting to get free long-distance calls and traced the intruder back to Romania. This incident marked the beginning of Kelly’s career in cybersecurity.

“I stayed in cybersecurity hunting for bad actors, integrating security controls for hundreds of companies, and helping shape the NIST security frameworks and regulations such as FFIEC, PCI, NERC-CIP,” he explains.

Currently, Kelly is Corporate Vice President of Anti-Fraud and Product Abuse within Microsoft Security. Microsoft’s fraud team employs machine learning and AI to build better detection code and understand fraud operations. They use AI-powered solutions to detect and prevent cyberthreats, leveraging advanced fraud detection frameworks that continuously learn and evolve.

“Cybercrime is a trillion-dollar problem, and it’s been going up every year for the past 30 years. I think we have an opportunity today to adopt AI faster so we can detect and close the gap of exposure quickly. Now we have AI that can make a difference at scale and help us build security and fraud protections into our products much faster.”

Previously Kelly managed the Microsoft Detection and Response Team (DART) and created the Global Hunting, Oversight, and Strategic Triage (GHOST) team that detected and responded to attackers such as Storm-0558 and Midnight Blizzard.

Prior to Microsoft, during his time at Accenture and Deloitte, Kelly collaborated with companies and worked extensively with government agencies like the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation, where he helped build security systems inside their operations.

His time as Chief Information Security Officer (CISO) at a bank exposed him to addressing both cybersecurity and fraud, leading to his involvement in shaping regulatory guidelines to protect banks and eventually Microsoft.

Kelly has also played a significant role in shaping regulations around the National Institute of Standards and Technology (NIST) and Payment Card Industry (PCI) compliance, which helps ensure the security of businesses’ credit card transactions, among others.

Internationally, Kelly played a crucial role in helping establish agencies and improve cybersecurity measures. As a consultant in London, he helped stand up the United Kingdom’s National Cyber Security Centre (NCSC), which is part of the Government Communications Headquarters (GCHQ), the equivalent of CISA. Kelly’s efforts in content moderation with several social media companies, including YouTube, were instrumental in removing harmful content.

That’s why he’s excited about Microsoft’s partnership with GASA. GASA brings together governments, law enforcement, consumer protection organizations, financial authorities, internet service providers, cybersecurity companies, and others to share knowledge and define joint actions to protect consumers from getting scammed.

“If I protect Microsoft, that’s good, but it’s not sufficient. In the same way, if Apple does their thing, and Google does their thing, but if we’re not working together, we’ve all missed the bigger opportunity. We must share cybercrime information with each other and educate the public. If we can have a three-pronged approach of tech companies building security and fraud protection into their products, public awareness, and sharing cybercrime and fraudster information with law enforcement, I think we can make a big difference,” he says.

Next steps with Microsoft Security

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Methodology: Microsoft platforms and services, including Azure, Microsoft Defender for Office, Microsoft Threat Intelligence, and Microsoft Digital Crimes Unit (DCU), provided anonymized data on threat actor activity and trends. Additionally, Microsoft Entra ID provided anonymized data on threat activity, such as malicious email accounts, phishing emails, and attacker movement within networks. Additional insights are from the daily security signals gained across Microsoft, including the cloud, endpoints, the intelligent edge, and telemetry from Microsoft platforms and services. The $4 billion figure represents an aggregated total of fraud and scam attempts against Microsoft and our customers in consumer and enterprise segments (in 12 months).

The post Cyber Signals Issue 9 | AI-powered deception: Emerging fraud threats and countermeasures appeared first on Microsoft Security Blog.

Microsoft Defender for Cloud, the integrated CNAPP from Microsoft, delivers comprehensive security and compliance from code to runtime, enhanced by generative AI and threat intelligence to help you secure your hybrid and multicloud environments. With Defender for Cloud, organizations can support secure development, minimize risks with contextual posture management, and protect workloads and applications from modern threats in a unified security operations (SecOps) experience.  

Defender for Cloud not only transcends traditional security silos and extends its end-to-end security across multicloud and hybrid infrastructure, it delivers advanced security posture management and threat remediation capabilities as well. In order to prove the solution’s business benefits, Microsoft commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study. The study aims to provide business leaders and decision-makers with a solid framework with which they can evaluate the benefits and potential financial impact of Defender for Cloud on their organizations.

Through the course of the study, participating interviewees reported experiencing a wide variety of benefits related to Defender for Cloud, including reduced operational risk, a compressed, more secure development lifecycle, and reduced time to investigate and remediate threats faster.

All told, the study found that the benefits of Defender for Cloud add up to a significant net present value (NPV) of $4.25 million over three years. But that’s not the whole story. Here are some other key takeaways mentioned by Forrester’s interviewees.

1. Shorter threat investigation and remediation times

“[Defender for Cloud] just takes out the weird stuff happening on our network that ends up on the cybersecurity desk. We’ve already probably cut back about 60% of the workload, and a lot of that revolves around false positives, so I can get better data. The systems assess the data properly…I’m not even going to give it to the analyst. I’m going to auto-close.”

—Chief technology officer, Life Sciences

Defender for Cloud was found to register 50% fewer false positives than legacy security solutions. Simultaneously, the solution reduced the investigation and remediation times of legitimate threats by 30%. Due to these dramatic improvements, study participants avoided 36,000 investigation and remediation hours on average. By reallocating the corresponding $796,000 of SecOps labor to proactive threat hunting and other high-value activities, companies were able to further improve their security performance.

2. Improved security operations center (SOC) productivity

“[With Defender for Cloud], if the tools are configured properly, the [global] efficiencies in your SOC can probably be up to 30% for a fine-tuned environment.”

—Technical manager, Business-to-business Software

By broadening the number and types of workloads protected by Defender for Cloud, participating businesses saw an average 30% improvement in SecOps productivity. This boost was a combination of consolidating duplicative multicloud security policies, replacing patching processes and other similar time-consuming procedures with automation, and embracing the efficiency gains of a better-integrated Microsoft ecosystem. In financial terms, these productivity gains translate to a $5.6 million savings over three years.

3. Lower total cost of ownership

“[Without Defender for Cloud], it would be so much more complex. It would cost us double to maintain [our multicloud security stack].”

—Cyberdefense leader, Materials

Interviewees reported that Defender for Cloud reduced their licensing costs by 10% when compared to legacy security solutions. This savings is the result of eliminating the licensing and management costs associated with five legacy security solutions over three years—made possible because of the breadth of workloads protected by Defender for Cloud. Interviewees also reported 1,700-hour reduction in security stack administrative work thanks to their ability to consolidate workloads across their multicloud infrastructures. These adjustments together yielded more than $1 million in cost savings.

4. More comprehensive cyberthreat coverage and prioritization

“Microsoft is capturing 10% of real incidents [not caught by other solutions deployed], reducing our attack surface by 10%.“

—Chief information security officer (CISO), Technology

Defender for Cloud caught 10% more legitimate cyberthreats than the prior security environments study participants had been using, on average. Each of these threats required a response and would have been missed. Interviewees defined the incidents they had previously lacked the capacity to address a mix of increasingly complex and overlapping cyberthreats that included but were not limited to runtime container risk, overprovisioning container privileges, malware, phishing and social engineering efforts, and shadow IT. Not only did Defender for Cloud identify these incidents, it provided greater context surrounding them, improving threat prioritization and avoiding $292,000 in costs related to data breaches.

5. Lower compliance costs

“[Defender for Cloud] is capable of saving up to 5% of [my organization’s] engineering overhead around [audit and compliance] meetings and collaboration.”  

—CISO, Technology

With Defender for Cloud, participating organizations decreased their compliance-related costs. Auditing fees were avoided and compliance-related meeting schedules were streamlined, reducing reliance on outside auditing services. Over three years, the average savings related to these process improvements was $857,000, a 15% reduction in audit compliance overhead.

The advantages of Microsoft Defender for Cloud

Overall, the Forrester study found that Defender for Cloud markedly enhanced the security, compliance, and operational efficiency of each company participating in the TEI study. Through representative interviews and financial analysis, Forrester determined that a composite organization experiencing the aggregate benefits of the study’s participants received $8.52 million in financial benefits over three years. In balancing these benefits against $4.27 million in costs over the same period, Forrester determined that Defender for Cloud represents a net present value (NPV) of $4.25 million.

Interviewees participating in the study went beyond the financial benefits in their praise of Defender for Cloud. After adopting the solution, participants saw reduced risk and improvements to both their security and compliance postures at scale. Even as regulatory and compliance landscapes shifted beneath their feet, these organizations were better able to use the added context of Microsoft cloud security benchmarks to stay on solid ground—remaining compliant when others might not have.

Additionally, interviewees noted that Defender for Cloud helped them more securely collaborate with their technology partners and to establish more secure, more efficient software development pipelines. These benefits, interviewees emphasized, would have further benefits down the road as well, including reduced development times, improved time-to-value, and ultimately greater potential for business growth.

Learn more

To learn more about the business value of Microsoft Defender for Cloud, explore the Total Economic Impact™ Of Microsoft Defender for Cloud study for further analysis and findings, as well as the perspectives of Defender for Cloud users interviewed in the study. Also, register for the webinar featuring Forrester on top cloud security trends, key considerations, and quantifying the business value of CNAPP.

Learn more about Microsoft Cloud Security Solutions.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI study appeared first on Microsoft Security Blog.

This is why a proactive and integrated Zero Trust approach is needed more than ever. A Zero Trust approach considers all activity as suspect, and relies on three foundational principles: verify explicitly, ensure least privilege access, and assume breach. It’s especially effective when an end-to-end security approach is applied to Zero Trust, protecting identities, endpoints, apps, infrastructure, networks, and data consistently across the entire organization’s environment. To learn more about how our new capabilities in identity and network access and security operations make it easier to implement Zero Trust across your entire environment, register for “Zero Trust in the Age of AI” and bring your questions to the livestream at 10:00 AM PT on July 31, 2024.

Microsoft is committed to security above all else² and dedicated to the principles of Zero Trust. We’ll continue to innovate new capabilities for our end-to-end security that combine effectively with these solid principles. We’ll explore the value of these new capabilities at our “Zero Trust in the Age of AI” spotlight at 10:00 AM PT on July 31, 2024. Led by Corporate Vice President of Microsoft Security Vasu Jakkal, the online event will include:

• A keynote exploring why an end-to-end approach centered around a Zero Trust strategy is crucial in addressing future security challenges.
• A demo of the latest product innovations, walking you through how a strong Zero Trust strategy can thwart a breach attempt at machine speed with Microsoft’s unified security operations platform, and how the new Microsoft Entra Suite helps protect every access point to any resource, from anywhere.
• A panel discussion with Gary McLellan, Head of Engineering Frameworks and Core Mobile Apps at Virgin Money, and Carlos Rivera, Senior Analyst at Forrester, on practical ways to take your Zero Trust strategy to the next level.    

Zero Trust in the age of AI

Watch our on-demand webinar to learn how to simplify your Zero Trust strategy with the latest end-to-end security innovations.

Watch the webinar

Simplifying Zero Trust implementation

With the recent general availability of the Microsoft Entra Suite and the Microsoft unified security operations platform, Microsoft is reaffirming our commitment to Zero Trust. We believe Forrester has acknowledged this commitment by naming Microsoft as a leader in the 2023 Zero Trust Platform Providers Wave™, recognizing our advocacy of Zero Trust in our products and supporting services as well as giving us the highest scores possible in the innovation and vision criteria.

The Microsoft Entra Suite is the industry’s most comprehensive Zero Trust user access solution for the workforce while our unified security operations platform offers unified threat protection and posture management. This combination of products simplifies the implementation of Zero Trust architecture.

For a technical deep dive on the new Microsoft Entra Suite, join us on August 14, 2024, for the Microsoft Entra Suite Tech Accelerator, part of an ongoing virtual program aimed at expanding attendees’ technical knowledge of Microsoft products and connect them with industry peers.

We’re looking forward to seeing you at the “Zero Trust in the Age of AI” spotlight at 10 AM PT on July 31, 2024! Register today!

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Cybercrime Expected To Skyrocket in Coming Years, Statista. February 22, 2024.

²Expanding Microsoft’s Secure Future Initiative (SFI), Charlie Bell. May 3, 2024.

The post Zero Trust in the Age of AI: Join our online event to learn how to strengthen your security posture appeared first on Microsoft Security Blog.

For defenders who are working hard to manage threats across multiple clouds, platforms, and devices, research and investigation is a time-consuming and difficult challenge. Thankfully, we’ve recently launched two new security solutions designed to give you a comprehensive view of the security threats to your business—and track what’s changing day-to-day.

I’m really excited about these new products and invite you to learn more about them at our next digital event—Stop Ransomware with Microsoft Security—on September 15, 2022.

See the latest threat intelligence solutions in action

We have a lot to look forward to at this event. Charlie Bell, Executive Vice President of Microsoft Security, and Vasu Jakkal, Corporate Vice President of Microsoft Security, Compliance, Identity, and Privacy Business, will join other security experts to discuss how to get ahead of ransomware and proactively prepare for even the most sophisticated attacks.

But this event goes beyond strategies and thought leadership—you’ll also get an exciting, in-depth look at two innovative new security products:

• Microsoft Defender Threat Intelligence
• Microsoft Defender External Attack Surface Management

These new security solutions work together to help you understand both your adversaries and your own security environment. With more visibility into your infrastructure and better insights into breaches and potential threats, you’ll be able to prioritize the right response tactics and keep pace with an ever-changing threat environment.

Register for the Stop Ransomware with Microsoft Security digital event to learn more.

Stay ahead of adversaries

Let’s start with Microsoft Defender Threat Intelligence. This solution works by analyzing signals from across the internet, then enriching this data with powerful machine learning algorithms to extract insights relevant to your organization.

When you attend this free digital event, you’ll learn exactly how to use this new solution to dive deep into a breach and really understand the nature of the attack and the assets affected.

Elevate your security posture

While Microsoft Defender Threat Intelligence can help you understand the threat landscape, Microsoft Defender External Attack Surface Management gives you greater knowledge of your attack surface.

With the help of this tool, you can build a more complete understanding of your security posture and locate unknown, unmanaged resources that are visible from the internet—the same view an attacker has when selecting a target. 

Throughout the Stop Ransomware with Microsoft Security digital event, we’ll be demonstrating both Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management. Join us to learn how you can bolster your security strategy by integrating both products into your own security operation center—or connect with cybersecurity professionals during a live question and answer chat if you have questions.

Learn from the experts firsthand

We crafted every session in the Stop Ransomware with Microsoft Security digital event to empower you with the tools and insights you need to make the most of threat intelligence. Join your fellow cybersecurity professionals in the following sessions:

• Ransomware, threat intelligence, and the state of security: Join Vasu Jakkal and Charlie Bell as they discuss the Microsoft approach to security, including what analysts are seeing in the threat landscape and how threat intelligence can help organizations prepare for the worst.
• Unmask adversaries with Microsoft Defender Threat Intelligence: Threat intelligence is the foundation of effective cybersecurity. As threats like ransomware increase in sophistication, it becomes even more critical to understand adversaries and their infrastructure. Learn how threat intelligence can enhance incident response and give your business the insights you need to stay ahead of threats.
• Locate and secure your external attack surface: The external attack surface is constantly changing, and unknown, unsecured resources may fall outside your security coverage. Learn how to view your organization from the outside in—the same way an attacker does—and not only locate unmanaged assets but also protect them.
• Threat intelligence is the cornerstone of solid security: Explore common use cases for threat intelligence and discover real-world applications to learn how you can enhance your existing security solutions and stop ransomware in its tracks.

Don’t just react to threats. Get ahead of them.

Join the Stop Ransomware with Microsoft Security digital event to learn how to safeguard your organization from today’s attacks—and be ready for tomorrow’s.

At this digital event, you’ll:

• Hear key insights from Microsoft’s leadership, including a fireside conversation between Charlie Bell, Executive Vice President of Microsoft Security, and Vasu Jakkal, Corporate Vice President of Microsoft Security, Compliance, Identity, and Privacy Business.
• Learn about two new security solutions: Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management.
• See threat intelligence from Microsoft Security in action and learn how to use it to prevent and remove even the most sophisticated ransomware.
• Get your questions answered by threat protection experts during a live question and answer chat.

Secure everything. Limit nothing. Be fearless.

Register now.

Stop Ransomware with Microsoft Security
September 15, 2022
9:00 AM-10:30 AM PT

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Stop Ransomware with Microsoft Security digital event presents threat intelligence in action appeared first on Microsoft Security Blog.

RaaS is often an arrangement between an operator, who develops and maintains the malware and attack infrastructure necessary to power extortion operations, and “affiliates” who sign on to deploy the ransomware payload against targets. Affiliates purchase initial access from brokers or hit lists of vulnerable organizations, such as those with exposed credentials or already having malware footholds on their networks. Cybercriminals then use these footholds as a launchpad to deploy a ransomware payload against targets.

The impact of RaaS dramatically lowers the barrier to entry for attackers, obfuscating those behind initial access brokering, infrastructure, and ransoming. Because RaaS actors sell their expertise to anyone willing to pay, budding cybercriminals without the technical prowess required to use backdoors or invent their own tools can simply access a victim by using ready-made penetration testing and system administrator applications to perform attacks.

The endless list of stolen credentials available online means that without basic defenses like multifactor authentication (MFA), organizations are at a disadvantage in combating ransomware’s infiltration routes before the malware deployment stage. Once it’s widely known among cybercriminals that access to your network is for sale, RaaS threat actors can create a commoditized attack chain, allowing themselves and others to profit from your vulnerabilities.

While many organizations consider it too costly to implement enhanced security protocols, security hardening actually saves money. Not only will your systems become more secure, but your organization will spend less on security costs and less time responding to threats, leaving more time to focus on incoming incidents.

Businesses are experiencing an increase in both the volume and sophistication of cyberattacks. The Federal Bureau of Investigation’s 2021 Internet Crime Report found that the cost of cybercrime in the United States totaled more than USD6.9 billion.¹ The European Union Agency for Cybersecurity (ENISA) reports that between May 2021 and June 2022, about 10 terabytes of data were stolen each month by ransomware threat actors, with 58.2 percent of stolen files including employees’ personal data.²

It takes new levels of collaboration to meet the ransomware challenge. The best defenses begin with clarity and prioritization, which means more sharing of information across and between the public and private sectors and a collective resolve to help each other make the world safer for all. At Microsoft, we take that responsibility to heart because we believe security is a team sport. You can explore the latest cybersecurity insights and updates at our threat intelligence hub Security Insider. 

With a broad view of the threat landscape—informed by 43 trillion threat signals analyzed daily, combined with the human intelligence of our more than 8,500 experts—threat hunters, forensics investigators, malware engineers, and researchers, we see first-hand what organizations are facing and we’re committed to helping you put that information into action to pre-empt and disrupt extortion threats.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹Internet Crime Report, Federal Bureau of Investigation. 2021.

²Ransomware: Publicly Reported Incidents are only the tip of the iceberg, European Union Agency for Cybersecurity. July 29, 2022.

The post Cyber Signals: Defend against the new ransomware landscape appeared first on Microsoft Security Blog.