At Microsoft, we remain steadfast in our commitment to security, which continues to be our top priority. Through our Secure Future Initiative (SFI), we’ve dedicated the equivalent of 34,000 full-time engineers to the effort, making it the largest cybersecurity engineering project in history—driving continuous improvement in our cyber resilience. In our latest update, we share insights into the work we are doing in culture, governance, and cybernorms to promote transparency and better support our customers in this new era of security. For each engineering pillar, we provide details on steps taken to reduce risk and provide guidance so customers can do the same.

Insights gained from SFI help us continue to harden our security posture and product development. At Microsoft Ignite 2024, we are pleased to unveil new security solutions, an industry-leading bug bounty program, and innovations in our AI platform. 

Transforming security with graph-based posture management 

Microsoft’s Security Fellow and Deputy Chief Information Security Office (CISO) John Lambert says, “Defenders think in lists, cyberattackers think in graphs. As long as this is true, attackers win,” referring to cyberattackers’ relentless focus on the relationships between things like identities, files, and devices. Exploiting these relationships helps criminals and spies do more extensive damage beyond the point of intrusion. Poor visibility and understanding of relationships and pathways between entities can limit traditional security solutions to defending in siloes, unable to detect or disrupt advanced persistent threats (APTs).

We are excited to announce the general availability of Microsoft Security Exposure Management. This innovative solution dynamically maps changing relationships between critical assets such as devices, data, identities, and other connections. Powered by our security graph, and now with third-party connectors for Rapid 7, ServiceNow, Qualys, and Tenable in preview, Exposure Management provides customers with a comprehensive, dynamic view of their IT assets and potential cyberattack paths. This empowers security teams to be more proactive with an end-to-end exposure management solution. In the constantly evolving cyberthreat landscape, defenders need tools that can quickly identify signal from noise and help prioritize critical tasks.  

Beyond seeing potential cyberattack paths, Exposure Management also helps security and IT teams measure the effectiveness of their cyber hygiene and security initiatives such as zero trust, cloud security, and more. Currently, customers are using Exposure Management in more than 70,000 cloud tenants to proactively protect critical entities and measure their cybersecurity effectiveness.

Announcing $4 million AI and cloud security bug bounty “Zero Day Quest” 

Born out of our Secure Future Initiative commitments and our belief that security is a team sport, we also announced Zero Day Quest, the industry’s largest public security research event. We have a long history of partnering across the industry to mitigate potential issues before they impact our customers, which also helps us build more secure products by default and by design.  

Every year our bug bounty program pays millions for high-quality security research with over $16 million awarded last year. Zero Day Quest will build on this work with an additional $4 million in potential rewards focused on cloud and AI—— which are areas of highest impact to our customers. We are also committed to collaborating with the security community by providing access to our engineers and AI red teams. The quest starts now and will culminate in an in-person hacking event in 2025.

As part of our ongoing commitment to transparency, we will share the details of the critical bugs once they are fixed so the whole industry can learn from them—after all, security is a team sport. 

New advances for securing AI and new skills for Security Copilot 

AI adoption is rapidly outpacing many other technologies in the digital era. Our generative AI solution, Microsoft Security Copilot, continues to be adopted by security teams to boost productivity and effectiveness. Organizations in every industry, including National Australia Bank, Intesa Sanpaolo, Oregon State University, and Eastman are able to perform security tasks faster and more accurately.² A recent study found that three months after adopting Security Copilot, organizations saw a 30% reduction in their mean time to resolve security incidents. More than 100 partners have integrated with Security Copilot to enrich the insights with ecosystem data. New Copilot skills are now available for IT admins in Microsoft Entra and Microsoft Intune, data security and compliance teams in Microsoft Purview, and security operations teams in the Microsoft Defender product family.   

According to our Security for AI team’s new “Accelerate AI transformation with strong security” white paper, we found that over 95% of organizations surveyed are either already using or developing generative AI, or they plan to do so in the future, with two thirds (66%) choosing to develop multiple AI apps of their own. This fast-paced adoption has led to 37 new AI-related bills passed into law worldwide in 2023, reflecting a growing international effort to address the security, safety, compliance, and transparency challenges posed by AI technologies.³ This underscores the criticality of securing and governing the data that fuels AI. Through Microsoft Defender, our customers have discovered and secured more than 750,000 generative AI app instances and Microsoft Purview has audited more than a billion Copilot interactions.⁴  

Microsoft Purview is already helping thousands of organizations, such as Cummins, KPMG, and Auburn University, with their AI transformation by providing data security and compliance capabilities across Microsoft and third-party applications. Now, we’re announcing new capabilities in Microsoft Purview to discover, protect, and govern data in generative AI applications. Available for preview, new capabilities in Purview include Data Loss Prevention (DLP) for Microsoft 365 Copilot, prevention of data oversharing in AI apps, and detection of risky AI use such as malicious intent, prompt injections, and misuse of protected materials. Additionally, Microsoft Purview now includes Data Security Posture Management (DSPM) that gives customers a single pane of glass to proactively discover data risks, such as sensitive data in user prompts, and receive recommended actions and insights for quick responses during incidents. For more details, read the blog on Tech Community. 

Microsoft continues to innovate on our end-to-end security platform to help defenders make the complex simpler, while staying ahead of cyberthreats and enabling their AI transformation. At the same time, we are continuously improving the safety and security of our cloud services and other technologies, including these recent steps to make Windows 11 more secure. 

Next steps with Microsoft Security

From the advances announced to our daily defense of customers, and the steadfast dedication of Chief Executive Officer (CEO) Satya Nadella and every employee, security remains our top priority at Microsoft as we deliver on our principles of secure by design, secure by default, and secure operations. To learn more about our vision for the future of security, tune in to the Microsoft Ignite keynote. 

Microsoft Ignite 2024

Gain insights to keep your organizations safer with an AI-first, end-to-end cybersecurity approach.

Register now

Are you a regular user of Microsoft Security products? Review your experience on Gartner Peer Insights™ and get a $25 gift card. To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

¹ Microsoft Digital Defense Report 2024.

² Microsoft customer stories:

• National Australia Bank invests in an efficient, cloud-managed future with Windows 11 Enterprise
• Intesa Sanpaolo accrues big cybersecurity dividends with Microsoft Sentinel, Copilot for Security
• Oregon State University protects vital research and sensitive data with Microsoft Sentinel and Microsoft Defender
• Eastman catalyzes cybersecurity defenses with Copilot for Security

³ How countries around the world are trying to regulate artificial intelligence, Theara Coleman, The Week US. July 4, 2023.

⁴ Earnings Release FY25 Q1, Microsoft. October 30, 2024.

The post AI innovations for a more secure future unveiled at Microsoft Ignite appeared first on Microsoft Security Blog.

To add to the complexity, dedicated cybersecurity teams are currently resource constrained, especially compared to their cyberattackers. Globally, the cybersecurity workforce gap has widened this year, with four million roles left unfilled in 2023—a nearly 13% year-on-year increase.²

To help our global defenders, Microsoft has put together the Be Cybersmart Kit, designed to educate everyone on best practices for going passwordless, not falling for sophisticated phishing or fraud, device protection, AI safety, and more.

Empower everyone to be a cybersecurity champion

Help educate everyone in your organization with cybersecurity awareness resources and training curated by the security experts at Microsoft.

Get the Be Cybersmart Kit

In partnership with the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) we have focused on four simple best practices:

• Use strong passwords and consider a password manager. 
• Turn on multifactor authentication.
• Learn to recognize and report phishing.
• Make sure to keep your software updated.

“Cybersecurity is not a one-time thing, but that doesn’t mean it has to be a hassle. Small changes in our technology habits can be easy, like using multifactor authentication or keeping your devices and software up to date. All the bad news about the latest data breaches can leave us feeling powerless, but adopting simple, repeatable behaviors goes a long way to protecting our families and businesses. It’s important to stay safe online because your data is worth protecting.”

—Lisa Plaggemie, Executive Director, NCA

The Be Cybersmart Kit goes further, providing information and infographics that cover six of the most universally important elements of cybersecurity. These areas of focus are AI Safety, Cybersecurity 101, Devices, Fraud, Phishing, and Passwords. For example, the AI Safety infographic delivers new guidance that focuses on the safe use of AI tools within your organization, including making sure you haven’t become overconfident in AI-generated content and search results and that you’re using the AI tools provisioned by your IT organization.

The Be Cybersmart Kit is a great starting point, and it’s just one of the many resources Microsoft has put together on its Cybersecurity Awareness site. Those seeking more in-depth resources can access expert-level learning paths, certifications, and technical documentation to continue their cybersecurity education. And for students pursuing the field of cybersecurity, the Microsoft Cybersecurity Scholarship Program and many more educational opportunities are here to help. The goal of all these programs is to help foster a security-first culture and continuous learning for students and professionals alike.

“CISA is excited to lead the federal government’s efforts to reduce online risk during this 21st Cybersecurity Awareness month and every month. We work with government and industry to raise cybersecurity awareness and help everyone, from individuals to businesses to all levels of government, stay safe online in our ever-connected world. Protecting ourselves online is about taking a few simple, everyday steps to keep our digital lives safe.”

—Jen Easterly, Director, CISA

The cyberthreats we face in the era of AI

AI-enhanced phishing threats and social engineering are on the rise. These threats are often highly targeted and present fewer of the tell-tale signs of their traditionally generated counterparts. In the FBI’s 2023 Internet Crime Report, the agency states that its Internet Crime Complaint Center fielded more than 800,000 cyber incident complaints. The FBI estimates the total losses associated with these incidents to be greater than USD10 billion.²

To better understand phishing-related risk factors in the era of AI, Microsoft has collaborated with Fortra to put together the Phishing Benchmark Global Report. The report found that 10.4% of phishing simulation participants clicked the email phishing link they were sent—a 3.4% increase over the previous year.³ Even more worrying, 60% of users who clicked on the email link also ultimately submitted their password to the phishing website.³ These attacks target tens of millions of users annually, and with AI-enhanced features they are more and more likely to evade traditional security layers like firewalls and email security measures. AI can also aid cyberattackers in setting up their phishing sites in locations that internet browsers and security providers are less capable of detecting as high-risk.

In the era of AI, we are all cyberdefenders. Despite this, 52% of employees still say their job has nothing to do with cybersecurity.³ This couldn’t be further from the truth. Employees are the first and last line of defense—and Microsoft recognized the importance of this when we created the Secure Future Initiative. Our Chief Executive Officer Satya Nadella has led the charge himself as Microsoft puts “security above all else, before all other features and investments.” This is why educating everyone on staying cybersafe is so important right now. Whether you point your employees to some of the resources linked in this article, highlight your own in-house resources, or bring in outside experts, it’s time to act now.

We all have a role to play as cyberdefenders both at work and home. Identity and device protection can help protect individuals and their families from malicious cyberthreats—and Microsoft is making it easier than ever to stay safer on unsecure Wi-Fi with the expansion of privacy protection. Consumers can get the added protection of a VPN on their phones and computers when on-the-go in places like coffee shops or airports. And now, device notifications alert users to unsafe Wi-Fi connections guiding them to turn on VPN for a safer connection.

For informed individuals looking to further broaden their understanding of the landscape, Microsoft invites you to join the Build a Security-First Culture in the Era of AI webinar on October 30, 2024. Let’s all do our part to secure our world—together.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Bold action against fraud: Disrupting Storm-1152, Microsoft. August 7, 2024.

²Cybersecurity Workforce Study, ISC2.

³Phishing Benchmark Global Report, Fortra.

The post Cybersecurity Awareness Month: Securing our world—together appeared first on Microsoft Security Blog.

In response, many leading organizations are re-evaluating their security strategy and moving away from a patchwork of disparate solutions in an effort to reduce costs, eliminate gaps, and improve security posture overall. They are adopting an end-to-end security approach, which is not an entirely new concept but rather an evolving vision of the technology, culture, and training necessary to tackle cybersecurity successfully. End-to-end security focuses on fully securing your entire digital estate pre- and post-breach, with management, mitigation, and assessment capabilities. For instance, Microsoft Security spans more than 50 categories within six product families, aligning seamlessly with our Security Future Initiative efforts introduced in November 2023.

End-to-end security is a comprehensive and proactive approach to protecting your environment that is grounded in a Zero Trust security strategy. It’s about a cohesive user experience as much as it is about complete threat intelligence and a consistent data platform. All products work together effectively to address identity, devices, clouds, data, and network. It requires that you have a multitude of capabilities in place, from identity to data to threat protection to governance and compliance. It protects you from every angle, across security, compliance, identity, device management, and privacy. And you can accelerate the benefits of end-to-end security even further with generative AI.

Zero Trust security

Build a secure hybrid workforce and drive business agility with a Zero Trust approach to security.

Get started

Why an evolving landscape makes end-to-end security appealing

You can’t protect what you can’t see or understand. Many organizations are siloed rather than possessing a single vision for cybersecurity. And when these siloed areas of the organization—perhaps none are more siloed than IT and security teams—are not talking to each other, the integration of tools, people, and processes faces a major roadblock. With AI tools gaining popularity in the digital workplace, communication challenges are more apparent as organizations seek increased visibility and greater control of AI usage.

Another challenge is the enormous scale of data that needs analysis to produce threat intelligence and effective threat response. The volume can be overwhelming, and with a patchwork security strategy, even best-in-breed tools are less effective because they cannot contribute to a complete view of the data and offer no way to organize it.

To optimize for the evolving landscape, organizations are changing their security priorities.

Figure 1. A list of nine of the top security priorities organizations should implement in the face of the ever evolving cybersecurity landscape.

The desire for simplification and more effective security are motivating organizations to move to an end-to-end security approach because of significant advantages. Microsoft customers tell us that juggling myriad security products is difficult to maintain and they want to seize opportunities for AI and better manage risk.

ING, one of the biggest banks in Europe, is a great example of how an organization benefits from an end-to-end approach. ING consolidated a fragmented, complicated mix of security tools into an end-to-end security approach for better protection of their private, public, and multicloud environments. The firm is using the solution to protect the company and the 38 million customers it serves across 40 countries.

What are the advantages of an end-to-end security approach?

The end-to-end security approach consolidates all your cybersecurity tools, from data protection to incident response and everything in between, into one solution. According to IDC’s North American Tools and Vendors Consolidation Survey conducted in November and December 2023, approximately 86% of organizations are either actively consolidating or planning to consolidate their tools. And 50% of those planning a consolidation have almost 50 tools (20 vendors on average).³ By interconnecting different tools through APIs, you simplify the security of your organization and gain greater visibility over everything happening. Without that visibility, you lack the knowledge of what you need to protect and govern your data, as well as investigate when a breach occurs.  

When combined with AI, end-to-end security overcomes challenges that can’t be solved by automation or code. That kind of agility is critical to address potential risks and successfully defend against modern cyberthreats, especially in confronting the scale at which breaches are occurring.

Plus, end-to-end security solves challenges in a way that allows for data gravity, which involves bringing applications and services to your data rather than the other way around. It’s useful in instances where the data is extremely large. Introducing data gravity enables new types of security scenarios to be built, sparking innovation in your security strategy. And end-to-end security paves the way for security assessments of your resources and other benefits of continuous posture management.

“By adopting multiple interoperable Microsoft security solutions, we have improved our preventative capabilities, our incident response times, and our scope for monitoring our environment,” said Glauco Sampaio, Chief Information Security Officer at Cielo. “It was surprisingly simple to enable real-time visibility across our environment. It’s been a leap in our security maturity level.”

Explore how adopting end-to-end security benefits you

Taking an end-to-end approach to security can pay major dividends, especially as you align to the Zero Trust framework. You will be able to determine which solutions to deploy and identify any gaps. An end-to-end approach will help you consolidate the number of tools and applications and use the ones that maximize your benefits. To explore how Microsoft Security with Microsoft Copilot for Security enables you to safeguard your people, data, and infrastructure, visit our webpage.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Execs: Partners ‘Critical’ To Achieving Responsible AI, Security, CRN. May 23, 2024.

²ISC2 Publishes 2023 Workforce Study, ISC2. October 31, 2023.

³North American Security Tools and Vendors Consolidation Study: Insights on Product Consolidation Plans, IDC. April 2024.

The post How comprehensive security simplifies the defense of your digital estate appeared first on Microsoft Security Blog.

Zero Trust in the age of AI

Watch our on-demand webinar to learn how to simplify your Zero Trust strategy with the latest end-to-end security innovations.

Watch the webinar

The extraordinary advancements in technology that make our work lives easier and more flexible also create opportunities for bad actors seeking more effective ways to launch cyberattacks. A Zero Trust strategy is vital for helping keep your organization safe in an era when cyberattacks against passwords, networks, and applications continue to increase. According to Gartner®, “AI enhancement can provide malicious code, and facilitate phishing and social engineering, which enables better intrusion, increased credibility, and more damaging attacks.”¹

A proactive Zero Trust security strategy unifies defenses across identities, endpoints, networks, applications, data, and infrastructure with comprehensive security policies, pervasive threat protection, and governance. While individual tools are typically used to fulfill requirements across each Zero Trust pillar, a truly comprehensive strategy connects them together through a centralized access policy engine and integrated threat protection. This delivers defense-in-depth cybersecurity across your on-premises, hybrid, and multicloud environments.

Buying individual solutions and building truly comprehensive architecture from scratch is a herculean effort for most organizations. We’ve designed our security offering from the ground up to enable Zero Trust—delivering built-in integrations with unified policies, controls, and automation to accelerate your implementation and strengthen your security posture.

These announcements further simplify the implementation of a Zero Trust architecture across the full lifecycle from prevention to detection and response. The Microsoft Entra Suite enables organizations to converge policies across identities, endpoints, and private and public networks with a unified access policy engine. Our unified security operations platform brings together all the security signals your environment generates, then normalizes, analyzes, and uses them to proactively defend against cyberthreats.

The Microsoft Entra Suite

Given that 66% of digital attack paths involve insecure identity credentials, the Microsoft Entra Suite plays a critical role in preventing security breaches.²

Implemented alone, neither identity nor network security can address all possible access scenarios. The Microsoft Entra Suite unifies identity and network access security—a novel and necessary approach for Zero Trust security. It provides everything you need to verify users, prevent overprivileged permissions, improve detections, and enforce granular access controls for all users and resources. Its native integration facilitates collaboration between identity and network teams. It also reduces your IT administrators’ workload, because they can easily manage and enforce granular identity and network access policies in one place. In addition, Microsoft Entra skills in Microsoft Copilot for Security help identity professionals respond more quickly to identity risks.

The Microsoft Entra Suite can help you do the following:

Unify Conditional Access policies for identities and networks. Security teams only have to manage one set of policies in one portal to configure access controls for both identities and networks. Now they can extend Zero Trust access policies to any application, whether it’s in the cloud, on-premises, or even to the open internet. Conditional Access evaluates any access request, no matter where it’s coming from, performing real-time risk assessment to strengthen protection against unauthorized access. And because the access policy engine is unified, identity and network teams can be confident that they protect every access point without leaving gaps that often exist between disparate solutions.  

Ensure least privilege access for all users accessing all resources and apps, including AI. Identity professionals can automate the access lifecycle from the day a new employee joins their organization, through all their role changes, until the time of their exit. No matter how long or multifaceted an employee’s journey, Microsoft Entra ID Governance ensures they have the right access to just the applications and resources they need, which helps prevent a cyberattacker’s lateral movement in case of a breach. Identity professionals and business leaders have an additional layer of access control with regular, machine learning-powered access reviews to recertify access needs, ensure compliance with internal policies, and remove unnecessary permissions based on machine learning-powered insights that help reduce reviewer fatigue.  

Improve the user experience for both in-office and remote workers. Employees enjoy a faster and easier onboarding experience, faster and more secure sign-in through passwordless authentication, single sign-on for all applications, and superior performance. They can use a self-service portal to request access to relevant packages, manage approvals and access reviews, and view request and approval history. Face Check with Microsoft Entra Verified ID enables real-time verification of a user’s identity, which streamlines remote onboarding and self-service recovery of passwordless accounts.

Reduce the complexity and cost of managing security tools from multiple vendors. Since traditional on-premises security solutions don’t scale to the needs of modern cloud-first, AI-first environments, organizations are seeking ways to secure and manage their assets from the cloud. With the Microsoft Entra Suite, they can retire multiple on-premises security tools, such as traditional VPNs, on-premises Secure Web Gateway, and on-premises identity governance.

Microsoft Sentinel is generally available in Microsoft’s unified security operations platform

A complete Zero Trust architecture provides effective prevention, detection, investigation, and response to cyberthreats across every layer of your digital estate. Because threat actors constantly pivot, no defense is ever absolute. That’s why taking an “assume breach” stance by continuously re-verifying every action while monitoring for new risks and threats is a Zero Trust principle.

According to our research, organizations use as many as 80 individual tools in their security portfolio. For many, this means having to manually manage integration between their security information and event management (SIEM); security orchestration, automation, and response (SOAR); extended detection and response (XDR); posture and exposure management; cloud security; and threat intelligence.

We’ve been on a journey to unify these tools over the last few years and are excited to take the next step by bringing Microsoft Sentinel into the Microsoft Defender portal, which we can announce is generally available. Microsoft Sentinel customers on the commercial cloud with at least one Microsoft Defender XDR workload deployed will now be able to:

• Onboard a single workspace into the Defender portal.
• Have unified incidents and unified hunting with Microsoft Defender XDR, streamlining their investigations and reducing context switching.
• Take advantage of Microsoft Copilot for Security for incident summaries and reports, guided investigation, auto-generated Microsoft Teams messages, code analysis, and more.
• Extend attack disruption beyond Defender XDR workloads to other critical apps—starting with SAP.
• Get tailored, post-incident recommendations on preventing similar or repeat cyberattacks that tie directly into the Microsoft Security Exposure Management initiatives to automatically improve readiness scores as actions are completed.

Microsoft Sentinel customers can adopt the new experience easily while continuing to use the classic experience in Microsoft Azure if needed. It’s never been easier to add SIEM capabilities like connectors to hundreds of data sources, and extended retention or additional compliance capabilities to your existing Microsoft Defender XDR environment.

Some more details of the unified security operations platform include:

Automatically disrupt hands-on-keyboard cyberattacks with attack disruption. This out-of-the-box capability is powered by AI and machine learning to detect and stop the progression of advanced cyberattacks being conducted by well-resourced and sophisticated threat actors. Attack disruption stops the progress of human-operated ransomware, business email compromise, adversary-in-the-middle, and malicious use of OAuth apps in real time with 99% confidence, giving your security team a chance to complete their investigation and remediation under less pressure. By combining native and third-party signals from Defender XDR and Microsoft Sentinel, attack disruption has expanded to stop even more attacks in critical apps, such as SAP.

Detect and investigate faster with more accuracy. Bringing the depth of XDR signal from Defender and the flexibility of log sources from Microsoft Sentinel delivers an improved signal-to-noise ratio and enhanced alert correlation. Cyberattack timelines are automatically fully correlated in a single incident, allowing analysts to move faster to respond to breaches, with a more comprehensive view of an attack. The unification of SIEM and XDR has delivered to our customers, on average, 50% faster correlation among XDR, log data, custom detections, and threat intelligence—with 99% accuracy.³

Improved threat hunting experience. With a single experience for data querying, analysts don’t have to remember where data is available or jump across portals. Customers have found significant benefit in their ability to proactively search through data for an indicator of compromise. Embedded Microsoft Copilot for Security acts across SIEM and XDR data to further accelerate the work of security analysts with skills such as guided response or natural language to Kusto Query Language (KQL) translation.

“Our team has greatly benefited from the unified threat hunting experience provided by the platform. The integration of various data sources, including those from third-party providers through Microsoft Sentinel, has significantly enhanced our incident response capabilities. This has allowed us to expand on our threat hunting and custom detection possibilities.”

—DOW

Get started now: Commercial cloud users of Microsoft Sentinel with at least one Defender XDR workload deployed can onboard a single workspace into the Defender portal through a simple wizard, available on the home screen at security.microsoft.com. After the workspace is onboarded, customers can use the unified security operations platform for SIEM and XDR, while retaining access to their Microsoft Sentinel experience in the Azure portal.

“The biggest benefit of the unified security operations platform has been the ability to combine data in Defender XDR with logs from third-party security tools. Another advantage has been to eliminate the need to switch between Defender XDR and Microsoft Sentinel portals. We now have a single pane of glass, which the team has been wanting for some years.”

—Robel Kidane, Group Information Security Manager, Renishaw plc

Simplifying implementation of your Zero Trust architecture

By incorporating the principles of Zero Trust—verify explicitly, use least privileged access, and assume breach—the Microsoft Entra Suite and the Microsoft unified security operations platform help leaders and stakeholders for security operations, identity, IT, and network infrastructure understand their organization’s overall Zero Trust posture. They verify explicitly by ensuring continuous authentication and authorization of all access requests. They enforce least privileged access by granting only the minimal level of access necessary for users to perform their tasks, thereby reducing attack surfaces. Additionally, they assume breach by continuously monitoring and analyzing activities to identify and respond to cyberthreats proactively.

We encourage you to watch the Zero Trust spotlight on-demand, when Microsoft experts and thought leaders will dive deeper into these and other announcements, including the general availability of Microsoft Entra Internet Access and Microsoft Entra Private Access, which is part of the Microsoft Entra Suite.

Learn more about the Microsoft Entra Suite

• Read more about the general availability of Microsoft Entra Suite.
• Read more about the general availability of Microsoft Entra Internet Access and Microsoft Entra Private Access.
• Read about Microsoft Entra plans and pricing.
• Visit the Microsoft Entra Suite trial page.
• Learn more about Microsoft identity and network access solutions.
• Register for the Tech Accelerator on August 14, 2024.

Learn more about the unified security operations platform

• Combine least privileged access with endpoint management and data governance for even stronger protection of sensitive information.
• Get started with the general availability of Microsoft Sentinel in the Defender Portal with some helpful FAQs.
• Learn more about the exposure management public preview.
• Read about the new Microsoft Sentinel SOC optimization API.
• Learn more about the general availability of Microsoft Sentinel in the unified SOC platform.
• Learn about our how SOC optimization helps your organization manage costs and protections.
• Manually deploy playbooks in the unified experience.
• Compare Microsoft 365 Enterprise Plans.
• Learn about Microsoft Sentinel pricing.

Learn more about Zero Trust

• Watch the on-demand Zero Trust spotlight.
• Embrace proactive security with Zero Trust.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Gartner Survey Shows AI-Enhanced Malicious Attacks Are a New Top Emerging Risk for Enterprises, Gartner press release. May 22, 2024. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

²State of Multicloud Risk Report, Microsoft. 2024.

³Microsoft Internal Research. June 2024.

The post Simplified Zero Trust security with the Microsoft Entra Suite and unified security operations platform, now generally available appeared first on Microsoft Security Blog.

Microsoft Threat Intelligence has observed that gift cards are attractive targets for fraud and social engineering practices. Unlike credit or debit cards, there’s no customer name or bank account attached to them, which can lessen scrutiny of their potentially suspicious use in some cases and present cybercriminals with a different type of payment card surface to study and exploit.

Microsoft has seen an uptick in activity from threat actor group Storm-0539, also known as Atlas Lion, around the United States holidays, including Memorial Day, Labor Day, Thanksgiving, Black Friday, and Christmas. In advance of Memorial Day 2024, Microsoft has observed a 30% increase in activity from Storm-0539 between March and May 2024.

The latest edition of Cyber Signals dives deep into the world of gift card fraud, shedding light on Storm-0539 and its sophisticated cybercrime techniques and persistence, while providing guidance to retailers on how to stay ahead of these risks.

Cyber Signals

The latest report describes how organizations can protect gift cards from Storm-0539's cybercrime techniques.

Read the report

The evolution of Storm-0539 (Atlas Lion)

Active since late 2021, this cybercrime group represents an evolution of threat actors who previously specialized in malware attacks on point-of-sale (POS) devices like retail cash registers and kiosks to compromise payment card data, and today they are adapting to target cloud and identity services in steadily attacking the payment and card systems associated with large retailers, luxury brands, and well-known fast food restaurants.

Sophisticated strategies

What sets Storm-0539 apart is its deep understanding of cloud environments, which it exploits to conduct reconnaissance on organizations’ gift card issuance processes and employee access. Its approach to compromising cloud systems for far-reaching identity and access privileges mirrors the tradecraft and sophistication typically seen in nation-state-sponsored threat actors, except instead of gathering email or documents for espionage, Storm-0539 gains and uses persistent access to hijack accounts and create gift cards for malicious purposes and does not target consumers exclusively. After gaining access to an initial session and token, Storm-0539 will register its own malicious devices to victim networks for subsequent secondary authentication prompts, effectively bypassing multifactor authentication protections and persisting in an environment using the now fully compromised identity.

A cloak of legitimacy

To remain undetected, Storm-0539 adopts the guise of legitimate organizations, obtaining resources from cloud providers under the pretense of being non-profits. It creates convincing websites, often with misleading “typosquatting” domain names a few characters different from authentic websites, to lure unsuspecting victims, further demonstrating its cunning and resourcefulness.

Defending against the storm

Organizations that issue gift cards should treat their gift card portals as high-value targets for cybercriminals and should focus on continuous monitoring, and audit for anomalous activities. Implementing conditional access policies and educating security teams on social engineering tactics are crucial steps in fortifying defenses against such sophisticated actors. Given Storm-0539’s sophistication and deep knowledge of cloud environments, it is recommended that you also invest in cloud security best practices, implement sign-in risk policies, transition to phishing-resistant multifactor authentication, and apply the least privilege access principle.

By adopting these measures, organizations can enhance their resilience against focused cybercriminals like Storm-0539, while keeping trusted gift, payment, and other card options as attractive and flexible amenities for customers. To learn more about the latest threat intelligence insights, visit Microsoft Security Insider.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Cyber Signals: Inside the growing risk of gift card fraud appeared first on Microsoft Security Blog.

Security is our top priority at Microsoft—above all else—and our expanded Secure Future Initiative underscores our company-wide commitment to making the world a safer place for everyone. I am proud that Microsoft is prioritizing security in the age of AI as we continue to innovate with a security-first mindset. 

Today, new capabilities are now available in Microsoft Defender and Microsoft Purview to help organizations secure and govern generative AI applications at work. These releases deliver purpose-built policy tools and better visibility to help you secure and govern generative AI apps and their data. We are also delivering a new unified experience for the security analyst and integrating Microsoft Copilot for Security across our security product portfolio.  

You’ll be able to see firsthand these innovations and more across the Microsoft Security portfolio at RSA Conference (RSAC). I also hope you will also join me on Tuesday, May 7, 2024, for “Securing AI: What We’ve Learned and What Comes Next,” to explore the strategies that every organization can implement to securely design, deploy, and govern AI.

Secure your AI transformation with Microsoft Security

Wherever your organization is in your AI transformation, you will need comprehensive security controls to secure govern your AI applications and data throughout their lifecycle—development, deployment, and runtime.  

With the new capabilities announced today, Microsoft becomes the first security provider to deliver end-to-end AI security posture management, threat protection, data security, and governance for AI.

Discover new AI attack surfaces, strengthen your AI security posture, and protect AI apps against threats with Microsoft Defender for Cloud. Now security teams can identify their entire AI infrastructure—such as plugins, SDKs, and other AI technologies—with AI security posture management capabilities across platforms like Microsoft Azure OpenAI Service, Azure Machine Learning, and Amazon Bedrock. You can continuously identify risks, map attack paths, and use built-in security best practices to prevent direct and indirect attacks on AI applications, from development to runtime.

Integrated with Microsoft Azure AI services, including Microsoft Azure AI Content Safety and Azure OpenAI, Defender for Cloud will continuously monitor AI applications for anomalous activity, correlate findings, and enrich security alerts with supporting evidence. Defender for Cloud is the first cloud-native application protection platform (CNAPP) to deliver threat protection for AI workloads at runtime, providing security operations center (SOC) analysts with new detections that alert to malicious activity and active threats, such as jailbreak attacks, credential theft, and sensitive data leakage. Additionally, SOC analysts will be able facilitate incident response with native integration of these signals into Microsoft Defender XDR.

Identify and mitigate data security and data compliance risks with Microsoft Purview. Give your security teams greater visibility into and understanding of which AI applications are being used and how to help you safeguard your data effectively in the age of AI. The Microsoft Purview AI Hub, now in preview, delivers insights such as sensitive data shared with AI applications, total number of users interacting with AI apps and their associated risk level, and more. To prevent potential oversharing of sensitive data, new insights help organizations identify unlabeled files that Copilot references and prioritize mitigation of oversharing risks. Additionally, we are excited to announce the preview of non-compliant usage insights in the AI Hub to help customers discover potential AI interactions that violate enterprise and regulatory policies in areas like hate and discrimination, corporate sabotage, money laundering, and more.

Govern AI usage to comply with regulatory policies with new AI compliance assessments in Microsoft Purview. We understand how important it is to comply with regulations, and how complicated it can be when deploying new technology. Four new Compliance Manager assessment templates, now in preview, are available to help you assess, implement, and strengthen compliance with AI regulations and standards, including EU AI Act, NIST AI RMF, ISO/IEC 23894:2023, and ISO/IEC 42001. The new assessment insights will also be surfaced within the Purview AI Hub, providing recommended actions to support compliance as you onboard and deploy AI solutions.

Together we can help everyone pursue the benefits of AI, by thoughtfully addressing the new risks. The new capabilities in Microsoft Defender for Cloud and Microsoft Purview, which build on top of the innovations we shared at Microsoft Ignite 2023 and Microsoft Secure 2024, are important advancements in empowering security teams to discover, protect, and govern AI—whether you’re adopting software as a service (SaaS) AI solutions or building your own.

Read more about all of the new capabilities and features that help you secure and govern AI.

Strengthening end-to-end security with a unified security operations platform

We continue investing in our long-standing commitment to providing you with the most complete end-to-end protection for your entire digital estate. There is an immediate need for tool consolidation and AI to gain the speed and scale required to defend against these new digital threats. Microsoft integrates all of the foundational SOC tools—cloud-native security information and event management (SIEM), comprehensive native extended detection and response (XDR), unified security posture management, and generative AI—to deliver true end-to-end threat protection in a single platform, with a common data model, and a unified analyst experience.  

The new unified security operations platform experience, in preview, transforms the real-world analyst experience with a simple, approachable user experience that brings together all the security signals and threat intelligence currently stuck in other tools. Analysts will have more context at every stage, with helpful recommendations and suggestions for automation that make investigation and response easier than ever before. We are also introducing new features across Microsoft Sentinel and Defender XDR, including global search, custom detections, and automation rules.

We are also pleased to announce a number of additional new features and capabilities that will empower your security operations center (SOC) to work across Microsoft security products for stronger end-to-end security.

• Microsoft Security Exposure Management initiatives help your security team identify risky exposures and instances of insufficient implementation of essential security controls, to find opportunities for improvement.
• SOC analysts can now use insider risk information as part of their investigation in Microsoft Defender XDR.
• Microsoft Defender XDR expands to include native operational technology (OT) protection, enabling automatic correlation of OT threat signal into cross-workload incidents and the ability to manage OT and industrial control system vulnerabilities directly within Defender XDR.
• Expanded attack disruption in Microsoft Defender XDR, powered by AI, machine learning, and threat intelligence, will cover new attack scenarios like disabling malicious OAuth apps and will significantly broaden compromised user disruption, such as leaked credentials, stuffing, and guessing.
• Microsoft Sentinel launches SOC Optimizations to provide tailored guidance to help manage costs, increase the value of data ingested, and improve coverage against common attack techniques.

Expanded Microsoft Copilot for Security integrations

When it comes to supporting security teams and relieving complexity, Microsoft Copilot for Security offers a great advantage. Greater integration of Copilot across the Microsoft security portfolio and beyond provides richer embedded experiences and Copilot capabilities from familiar and trusted products. We are proud to announce new Microsoft Copilot for Security integrations, including Purview, new partner plugins, Azure Firewall, and Azure Web Application Firewall. These integrations provide your security teams with real-time guidance, deeper investigative insights, and expanded access to data from across your environment.  

Security for the era of AI

An end-to-end security platform will be a determining factor in every organization’s transformation and will play a critical role in the durability of AI-powered innovation. Organizations that focus on securing AI and invest in using AI to strengthen security will be the lasting leaders in their industries and markets. Microsoft is committed to empowering these industry and market leaders with security solutions that can help them achieve more. We bring together four critical advantages: large-scale data and threat intelligence; the most complete end-to-end platform; industry leading, responsible AI; and tools to help you secure and govern AI.

With the general availability of Copilot for Security, Microsoft has delivered on our promise to put industry-leading generative AI into the hands of IT and security professionals of all levels of experience. Now, with today’s release of new capabilities in Defender for Cloud and Microsoft Purview, we are also delivering on our commitment to empower IT and security teams with the tools they need to take advantage of AI safely, responsibly, and securely.

Lastly and importantly, security is a team sport. We look forward to working together with the industry and our partners on advancing cyber security for all. 

I do hope you’ll connect with us at RSAC this week, where we will be demonstrating our comprehensive security portfolio and how it helps you protect your environment from every angle to prepare for and confidently adopt and deploy AI. 

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post New capabilities to help you secure your AI transformation appeared first on Microsoft Security Blog.

In 2015, when we introduced Windows Hello and Windows Hello for Business as secure ways to access Windows 10 without entering a password, our identity systems were detecting around 115 password attacks per second.¹ Less than a decade later, that number has surged 3,378% to more than 4,000 password attacks per second.² Password attacks are so popular because they still get results. It’s painfully clear that passwords are not sufficient for protecting our lives online. No matter how long and complicated you make your password, or how often you change it, it still presents a risk.

The good news is that we’ve made a lot of progress toward making passwords a relic of the past. For a while, you’ve been able to sign in to apps and websites using FIDO security keys, Windows Hello, or the Microsoft Authenticator app instead of a password. Since September 2021, you’ve not only been able to sign in to your Microsoft account without a password, but you’ve also been able to delete your password altogether.³ We’re almost there.

And now there’s an even better way to sign in to more places without passwords: passkeys.

The future of signing in

If you’re like many people, you probably still use passwords to sign in to most of your websites and apps, most likely from multiple devices. This can translate into hundreds of passwords to remember, unless you use a password manager. With passkeys, instead of creating, managing, remembering, and entering passwords, you access your digital accounts the same way you unlock your device—usually with your face, fingerprint, or device PIN. More and more apps and services are adding support for passkeys; you can already use them to sign in to the most popular ones. Passkeys are so much easier and more secure than passwords that we predict passkeys will replace passwords almost entirely (and we hope this happens soon).

Starting today, you can use a passkey to access your Microsoft account using your face, fingerprint, or device PIN on Windows, Google, and Apple platforms. Your passkey gives you quick and easy access to the Microsoft services you use every day, and it will do a much better job than your password of protecting your account from malicious attacks.

Easier and more secure than passwords

Think of how many times and places you sign in with a password every single day. Is it 10? 50? Not only is this a frustrating experience, it’s also an unreliable way to protect a digital account. Here’s why: When you enter a password to sign in to an account, you’re essentially sharing a secret with the website or app to prove that you should have access to the account. The problem is that anyone who gets a hold of this secret can gain access to your account, and if your password gets compromised and appears on the dark web, the repercussions can be serious.

To make your credentials stronger, an app or website might require you to make your password longer or more complex. But even if you follow all the best practices for creating “strong” passwords, it’s still a trivial exercise for hackers to guess, steal, or trick you into revealing them.

You may have experienced an attack yourself—you click on a link in an email that seems legitimate, which leads to a website that looks just like the one you’re used to, asking you to enter your credentials. But when you do, nothing happens, or you get an error message. By the time you notice that the URL in your browser address bar is different from the usual one, it’s too late. You’ve just been phished by a malicious website.

Many app and website providers understand that even complicated passwords aren’t good enough to protect your account, so they give you the choice to use two-step or multifactor authentication with approvals and codes sent to your phone, email, or an app. While traditional multifactor authentication can help protect your account, it’s not attacker-proof, and it creates another frustrating barrier between you and your content: all these access attempts, passwords, and codes on all your devices can really add up.

This is why we’re so enthusiastic about passkeys.

How passkeys work

Passkeys work differently than passwords. Instead of a single, vulnerable secret, passkey access uses two unique keys, known as a cryptographic key pair. One key is stored safely on your device, guarded by your biometrics or PIN. The other key stays with the app or website for which you create the passkey. You need both parts of the key pair to sign in, just as you need both your key and the bank’s key to get into your safety deposit box.

Because this key pair combination is unique, your passkey will only work on the website or app you created it for, so you can’t be tricked into signing in to a malicious look-alike website. This is why we say that passkeys are “phishing-resistant.”

Even better, all the goodness and strength of cryptographic authentication stays behind the scenes. All you have to do to sign in is use your device unlock gesture: look into your device camera, press your finger on a fingerprint reader, or enter your PIN. Neither your biometric information nor your PIN ever leaves your device and they never get shared with the site or service you’re signing in to. Passkeys can also sync between your devices, so if you lose or upgrade your device, your passkeys will be ready and waiting for you when you set up your new one.

The best part about passkeys is that you’ll never need to worry about creating, forgetting, or resetting passwords ever again.

Creating a passkey for your Microsoft account

Creating a passkey for your Microsoft account is easy. On the device where you want to create the passkey, follow this link, and choose the face, fingerprint, PIN, or security key option. Then follow the instructions on your device.

To learn more about creating passkeys for your Microsoft account, visit this guide.

Signing into your Microsoft account using a passkey

When you sign in to your Microsoft account, you can use your passkey by choosing Sign-in options and then selecting face, fingerprint, PIN, or security key. Your device will open a security window, and then you can use your passkey to sign in.

Figure 1. Signing in to your Microsoft account on mobile devices.

Today, you can use a passkey to sign in to Microsoft apps and websites, including Microsoft 365 and Copilot on desktop and mobile browsers. Support for signing into mobile versions of Microsoft applications using your passkey will follow in the coming weeks.

If you want to use passkeys to sign in to work-related apps and services, your admin can configure Microsoft Entra ID to accept passkeys hosted on a hardware security key or in the Microsoft Authenticator app installed on your mobile device.

In this era of AI, there’s unprecedented opportunity for creativity and productivity that empowers every person on the planet—including billions of Microsoft users who access services for work and life every day—to achieve more. Protecting and accessing your digital life doesn’t need to be a hassle, and you shouldn’t have to choose between simple access and safe access. Accessing your Microsoft account with a passkey lets you put the frustration of passwords and codes behind you, so you can focus on being creative and getting things done.

Happy World Password(less) Day!

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Password Guidance, Microsoft Identity Protection Team.

²Microsoft Entra expands into Security Service Edge and Azure AD becomes Microsoft Entra ID, Joy Chik. July 11, 2023.

³The passwordless future is here for your Microsoft account, Vasu Jakkal. September 15, 2021.

The post Microsoft introduces passkeys for consumer accounts appeared first on Microsoft Security Blog.

Microsoft Copilot for Security

Powerful new capabilities, new integrations, and industry-leading generative AI—generally available on April 1, 2024.

Learn more

We are inspired by the results of our second Copilot for Security economic study, which shows that experienced security professionals are faster and more accurate when using Copilot, and they overwhelmingly want to continue using Copilot. The gains are truly amazing:

• Experienced security analysts were 22% faster with Copilot.
• They were 7% more accurate across all tasks when using Copilot.
• And, most notably, 97% said they want to use Copilot the next time they do the same task.

This new study focuses on experienced security professionals and expands the randomized controlled trial we published last November, which focused on new-in-career security professionals. Both studies measured the effects on productivity when analysts performed security tasks using Copilot for Security compared to a control group that did not. The combined results of both studies demonstrate that everyone—across all levels of experience and types of expertise—can make gains in security with Copilot. When we put Copilot in the hands of security teams, we can break down barriers to entry and advancement, and improve the work experience for everyone. Copilot enables security for all.

Copilot for Security is now pay-as-you-go

Toward our goal of enabling security for all, Microsoft is also introducing a provisioned pay-as-you-go licensing model that makes Copilot for Security accessible to a wider range of organizations than any other solution on the market. With this flexible, consumption-based pricing model, you can get started quickly, then scale your usage and costs according to your needs and budget. Microsoft Copilot for Security will be available for purchase starting April 1, 2024. Connect with your account representative now so your organization can be among the first to enjoy the incredible gains from Copilot for Security.

Global availability and broad ecosystem

General availability means Copilot for Security will be available worldwide on April 1, 2024. Copilot is multilingual and can process prompts and respond in eight languages with a multilingual interface for 25 different languages, making it ready for all major geographies across North and South America, Europe, and Asia.

Copilot has grown a broad, global ecosystem of more than 100 partners consisting of managed security service providers and independent software vendors. We are so grateful to the partners who continue to play a vital role in empowering everyone to confidently adopt safe and responsible AI.

Partners can learn more about integrating with Copilot.

New Copilot for Security product innovations

Microsoft Copilot for Security helps security and IT professionals amplify their skillsets, collaborate more effectively, see more, and respond faster.

As part of general availability, Copilot for Security includes the following new capabilities:

• Custom promptbooks allow customers to create and save their own series of natural language prompts for common security workstreams and tasks.
• Knowledge base integrations, in preview, empowers you to integrate Copilot for Security with your business context, so you can search and query over your proprietary content.
• Multi-language support now allows Copilot to process prompts and respond in eight different languages with 25 languages supported in the interface.  
• Third-party integrations from global partners who are actively developing integrations and services.
• Connect to your curated external attack surface from Microsoft Defender External Attack Surface Management to identify and analyze the most up-to-date information on your organization’s external attack surface risks.
• Microsoft Entra audit logs and diagnostic logs give additional insight for a security investigation or IT issue analysis of audit logs related to a specific user or event, summarized in natural language.
• Usage reporting provides dashboard insights on how your teams use Copilot so that you can identify even more opportunities for optimization.

To dive deeper into the above announcement and learn about pricing, read the blog on Tech Community. Read the full report to dig into the complete results of our research study or view the infographic. To learn more about Microsoft Copilot for Security, visit our product page or check out our solutions that include Copilot. If you’re interested in a demo or are ready to purchase, please contact your sales representative.

“Threat actors are getting more sophisticated. Things happen fast, so we need to be able to respond fast. With the help of Copilot for Security, we can start focusing on automated responses instead of manual responses. It’s a huge gamechanger for us.” 

—Mario Ferket, Chief Information Security Officer, Dow 

AI-powered security for all

With general availability, Copilot for Security will be available as two rich user experiences: in an immersive standalone portal or embedded into existing security products.

Integration of Copilot with Microsoft Security products will make it even easier for your IT and security professionals to take advantage of speed and accuracy gains demonstrated in our study. Enjoy the product portals you know and love, now enhanced with Copilot capabilities and skills specific to use cases for each product.

The unified security operations platform, coming soon, delivers an embedded Copilot experience within the Microsoft Defender portal for security information and event management (SIEM) and extended detection and response (XDR) that will prompt users as they investigate and respond to threats. Copilot automatically surfaces relevant details for summaries, drives efficiency with guided response, empowers analysts at all levels with natural language to Kusto Query Language (KQL) and script and file analysis, and now includes the ability to assess risks with the latest Microsoft threat intelligence.

Copilot in Microsoft Entra user risk investigation, now in preview, helps you prevent identity compromise and respond to threats quickly. This embedded experience in Microsoft Entra provides a summary in natural language of the user risk indicators and tailored guidance for resolving the risk. Copilot also recommends ways to automate prevention and resolution for future identity attacks, such as with a recommended Microsoft Entra Conditional Access policy, to increase your security posture and keep help desk calls to a minimum.

To help data security and compliance administrators prioritize and address critical alerts more easily, Copilot in Microsoft Purview now provides concise alert summaries, integrated insights, and natural language support within their trusted investigation workflows with the click of a button.

Copilot in Microsoft Intune, now in preview, will help IT professionals and security analysts make better-informed decisions for endpoint management. Copilot in Intune can simplify root cause determination with complete device context, error code analysis, and device configuration comparisons. This makes it possible to detect and remediate issues before they become problems.

Discover, protect, and govern AI usage

As more generative AI services are introduced in the market for all business functions, it is crucial to recognize that as this technology brings new opportunities, it also introduces new challenges and risks. With this in mind, Microsoft is providing customers with greater visibility, protection, and governance over their AI applications, whether they are using Microsoft Copilot or third-party generative AI apps. We want to make it easier for everyone to confidently and securely adopt AI.

To help organizations protect and govern the use of AI, we are enabling the following experiences within our portfolio of products:

• Discover AI risks: Security teams can discover potential risks associated with AI usage, such as sensitive data leaks and users accessing high-risk applications.
• Protect AI apps and data: Security and IT teams can protect the AI applications in use and the sensitive data being reasoned over or generated by them, including the prompts and responses.
• Govern usage: Security teams can govern the use of AI applications by retaining and logging interactions with AI apps, detecting any regulatory or organizational policy violations when using those apps, and investigating any new incidents.

At Microsoft Ignite in November 2023, we introduced the first wave of capabilities to help secure and govern AI usage. Today, we are excited to announce the new out-of-the-box threat detections for Copilot for Microsoft 365 in Defender for Cloud Apps. This capability, along with the data security and compliance controls in Microsoft Purview, strengthens the security of Copilot so organizations can work on all types of data, whether sensitive or not, in a secure and responsible way. Learn more about how to secure and govern AI.

Expanded end-to-end protection to help you secure everything

Microsoft continues to expand on our long-standing commitment to providing customers with the most complete end-to-end protection for your entire digital estate. With the full Microsoft Security portfolio, you can gain even greater visibility, control, and governance—especially as you embrace generative AI—with solutions and pricing that fit your organization. New or recent product features include:

Microsoft Security Exposure Management is a new unified posture and attack surface management solution within the unified security operations platform that gives you insights into your overall assets and recommends priority security initiatives for continuous improvement. You’ll have a comprehensive view of your organization’s exposure to threats and automatic discovery of critical assets to help you proactively improve your security posture and lower the risk of exposure of business-critical assets and sensitive data. Visualization tools give you an attacker’s-eye view to help you investigate exposure attempts and uncover potential attack paths to critical assets through threat modeling and proactive risk exploration. It’s now easier than ever to identify exposure gaps and take action to minimize risk and business disruption.

Adaptive Protection, a feature of Microsoft Purview, is now integrated with Microsoft Entra Conditional Access. This integration allows you to better safeguard your organization from insider risks such as data leakage, intellectual property theft, and confidentiality violations. With this integration, you can create Conditional Access policies to automatically respond to insider risks and block user access to applications to secure your data.

Microsoft Communication Compliance now provides both sentiment indicators and insights to enrich Microsoft Purview Insider Risk Management policies and to identify communication risks across Microsoft Teams, Exchange, Microsoft Viva Exchange, Copilot, and third-party channels. 

Microsoft Intune launched three new solutions in February as part of the Microsoft Intune Suite: Intune Enterprise Application Management, Microsoft Cloud PKI, and Intune Advanced Analytics. Intune Endpoint Privilege Management is also rolling out the option to enable support approved elevations.

Security for all in the age of AI

Microsoft Copilot for Security is a force multiplier for the entire Microsoft Security portfolio, which integrates more than 50 categories within six product families to form one end-to-end Microsoft Security solution. By implementing Copilot for Security, you can protect your environment from every angle, across security, compliance, identity, device management, and privacy. In the age of AI, it’s more important than ever to have a unified solution that eliminates the gaps in protection that are created by siloed tools.

The coming general availability of Copilot on April 1, 2024, is truly a milestone moment. With Copilot, you and your security team can confidently lead your organization into the age of AI. We will continue to deliver on Microsoft’s vision for security: to empower defenders with the advantage of industry-leading generative AI and to provide the tools to safely, responsibly, and securely deploy, use, and govern AI. We are so proud to work together with you to drive this AI transformation and enable security for all.

Join us April 3, 2024, at the Microsoft Secure Tech Accelerator for a deep dive into technical information that will help you and your team implement Copilot. Learn how to secure your AI, see demonstrations, and ask our product team questions. RSVP now.

Microsoft Secure

Watch the second annual Microsoft Secure digital event to learn how to bring world-class threat intelligence, complete end-to-end protection, and industry-leading, responsible AI to your organization.

Watch now

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Cybersecurity and AI news

Discover the latest trends and best practices in cyberthreat protection and AI for cybersecurity.

Get the latest resources

The post Microsoft Copilot for Security is generally available on April 1, 2024, with new capabilities appeared first on Microsoft Security Blog.

Here are just a few examples of incredible women at Microsoft who may never have envisioned cybersecurity as their destination when they were starting out:

• In our recent Cyber Signals briefing, I had the privilege of talking to Homa Hayatyfar, Principal Detection Analytics Manager, Microsoft, who has seen how her pathway to a career in cybersecurity was nonlinear. She arrived at her career in cybersecurity by way of a research background in biochemistry and molecular biology—along with a passion for solving complex puzzles—and she believes that may be what the industry needs more of.
• From our threat intelligence team, Fanta Orr, Intelligence Analysis Director, who improves the understanding of and protection against nation-state cyberthreats to Microsoft customers and the global digital ecosystem. She’s a seasoned foreign affair professional, who spent well over a decade in United States government service before pivoting over to cyberthreat analysis.
• When Sherrod DeGrippo, Director of Threat Intelligence Strategy, began studying fine arts in college, internet access was a rare luxury and the cybersecurity field as we know it today was just emerging. She developed a dual interest in the new world of online communication and do-it-yourself computing after her first experience with bulletin board systems at 14 years old. She thinks her fine arts education helps her discover new ideas and methods for threat intelligence, after more than 20 years in cybersecurity and an unplanned role in incident response. 

“Threat intelligence is about taking subjective information and turning it into objective protections. Ultimately, it’s data-driven intuition and it’s extremely powerful. Women learn this skill early, and in so many areas of life they’re natural threat intelligence analysts.”

—Sherrod DeGrippo, Director of Threat Intelligence Strategy, Microsoft

These cyberdefenders work every day to keep our world safe and also support and mentor other women to create their own trails and pathways. I invite you to follow them on LinkedIn and attend the Women in Cybersecurity (WyCiS) conference presentations and RSA Conference, where many of these amazing women will share their stories over the next few months.

We have made a lot of progress, but there is still much more opportunity

A huge opportunity still exists to welcome more women into cybersecurity. More than 4 million cybersecurity jobs are available globally.² These are roles that women can help fill and triumph in, but we must lay the groundwork to make such roles an attractive and available career option, and to help change the perception of what it takes to succeed.

While there’s been steady progress over the past few years, women fill just 21% of cybersecurity leadership roles and only 17% of board member positions in cybersecurity.³ In 2022, Microsoft Security commissioned a survey to explore the reasons behind the gender gap in cybersecurity skills. Just 44% of women who responded said they feel adequately represented in the industry.

Several factors contribute to fewer women joining the cybersecurity profession than men:

• 28% of respondents believed parents were more encouraging of sons than daughters to explore technology and cybersecurity fields.
• Women lacking cybersecurity role models, including women in leadership roles.
• Implicit bias in the hiring process and a belief that men are a better fit for roles related to technology.

We need to create a pathway to success

By fostering an environment that welcomes women into cybersecurity, we break down barriers and build stronger, more resilient cyber defense mechanisms. Diversity isn’t about filling quotas; it’s about building resilient, innovative teams capable of outthinking and outmaneuvering cyberadversaries. It’s up to us to shift the view that cybersecurity is too demanding—especially as AI can help to alter this balance. And it’s past time to change the perception that cybersecurity is a field of hacker men in hoodies in their basement.

We need to continue to be role models and allies for underrepresented groups, especially for those from underprivileged backgrounds. There is often no easy way for underprivileged aspiring entrants to practice their craft from a young age and eventually enter science, technology, engineering, and mathematics (STEM) fields, regardless of other factors. To change this, we need to invest and support the many not-for-profits that help those from underprivileged backgrounds.

Inspiring the next generation of cybersecurity professionals

During the past year, Microsoft has partnered with many organizations similarly committed to building a more diverse cybersecurity workforce. One huge way these organizations are doing that is by offering training to girls so they can become the next generation of cybersecurity professionals through programs like GirlSecurity, TechTogether, and IGNITE Worldwide (Inspiring Girls Now in Technology Evolution).

Another initiative we support through partnerships offers training to women interested in switching careers or upskilling their cybersecurity knowledge through programs like WiCyS and Executive Women’s Forum (EWF). We also partner with global education programs, including CyberShikshaa in India and WOMCY in Latin America, to empower women and minorities in cybersecurity.

These programs and initiatives have a tremendous impact on encouraging more girls to consider careers in cybersecurity and getting more women to join the cybersecurity workforce. Among other benefits, they help girls and women build confidence, meet female cybersecurity role models, develop or enhance their skills, and gain experience to add to their resumes.

To further develop women’s careers, Microsoft Philanthropies and Women in Cloud jointly sponsor the Women in Cloud Cybersecurity Scholarship to provide women with structured skills development, certification opportunities, and employability readiness coaching. By 2025, more than 5,100 scholarships will be awarded.

The momentum is due in part to community-wide efforts to increase the number of women and diverse employees in cybersecurity roles. Community organizations like Blacks in Cybersecurity (BIC) and WiCyS play a crucial role in providing pipelines for marginalized groups to enter the cybersecurity field.

AI as an ally in cybersecurity diversity

AI is revolutionizing how we approach cybersecurity, from predictive analytics to automated threat detection. Yet beyond algorithms and data models, there’s an urgent need for human insight. According to a study from Utica University, women with their unique perspective also have strong analytical and problem-solving skills, which are essential for identifying and addressing security threats, and tend to have a more risk-averse approach, which can help to reduce the likelihood of human error in security operations.⁴ These unique perspectives help to shape our AI for security and help to ensure that AI is inclusive, fair, reliable, and safe, transparent and inclusive. We also believe that creators of AI, as well as its users, must hold themselves to a standard of accountability. And within that context, the possibilities for this exciting technology are limitless.

Happy International Women’s Day! While progress is being made—and opportunities are opening—for women and minorities in cybersecurity, much can still be done to overcome barriers to entry for these groups. Let’s continue to work for more representation in cybersecurity by forging new paths with more allies.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Women to Watch in Cybersecurity, Forbes. October 26, 2022.

²How the Economy, Skills Gap and Artificial Intelligence are Challenging the Global Cybersecurity Workforce, ISC2. 2023.

³International Women’s Day: Only One-Fifth of Cybersecurity Leadership Roles Filled by Women, IT Security Guru. March 8, 2023.

⁴Why we need more women in cybersecurity TechBeacon.

The post International Women’s Day: Expanding cybersecurity opportunities in the era of AI appeared first on Microsoft Security Blog.

Today we released the sixth edition of Cyber Signals, spotlighting how we are protecting AI platforms from emerging threats related to nation-state cyberthreat actors.

In collaboration with OpenAI, we are sharing insights on state-affiliated threat actors tracked by Microsoft, such as Forest Blizzard, Emerald Sleet, Crimson Sandstorm, Charcoal Typhoon, and Salmon Typhoon, who have sought to use large language models (LLMs) to augment their ongoing cyberattack operations. This important research exposes incremental early moves we observe these well-known threat actors taking around AI, and notes how we blocked their activity to protect AI platforms and users.

We are also announcing Microsoft’s principles guiding our actions mitigating the risks of nation-state Advanced Persistent Threats, Advanced Persistent Manipulators, and cybercriminal syndicates using AI platforms and APIs. These principles include identification and action against malicious threat actors’ use notification to other AI service providers, collaboration with other stakeholders, and transparency.

In addition, Microsoft is helping the wider security community to understand and detect the emerging prospects of LLMs in attack activity. We continue to work with MITRE to integrate these LLM-themed tactics, techniques, and procedures (TTPs) into the MITRE ATT&CK®framework or MITRE ATLAS™ (Adversarial Threat Landscape for Artificial-Intelligence Systems) knowledgebase. This strategic expansion reflects a commitment to not only track and neutralize threats, but also to pioneer the development of countermeasures in the evolving landscape of AI-powered cyber operations.

This edition of Cyber Signals shares insights into how threat actors are using AI to refine their attacks and also how we use AI to protect Microsoft.

Cybercriminals and state-sponsored actors are looking to AI, including LLMs, to enhance their productivity and take advantage of platforms that can further their objectives and attack techniques. Although threat actors’ motives and sophistication vary, they share common tasks when deploying attacks. These include reconnaissance, such as researching potential victims’ industries, locations, and relationships; coding, including improving software scripts and malware development; and assistance with learning and using both human and machine languages. Our research with OpenAI has not identified significant attacks employing the LLMs we monitor closely.

Microsoft uses several methods to protect itself from these types of cyberthreats, including AI-enabled threat detection to spot changes in how resources or traffic on the network are used; behavioral analytics to detect risky sign-ins and anomalous behavior; machine learning models to detect risky sign-ins and malware; Zero Trust, where every access request has to be fully authenticated, authorized, and encrypted; and device health to be verified before a device can connect to the corporate network.

In addition, generative AI has incredible potential to help all defenders protect their organizations at machine speed. AI’s role in cybersecurity is multifaceted, driving innovation and efficiency across various domains. From enhancing threat detection to streamlining incident response, AI’s capabilities are reshaping cybersecurity. The use of LLMs in cybersecurity is a testament to AI’s potential. These models can analyze vast amounts of data to uncover patterns and trends in cyberthreats, adding valuable context to threat intelligence. They assist in technical tasks such as reverse engineering and malware analysis, providing a new layer of defense against cyberattacks. For example, users of Microsoft Copilot for Security have shown a 44% increase in accuracy across all tasks and a 26% faster completion rate. These figures highlight the tangible benefits of integrating AI into cybersecurity practices.¹

As we secure the future of AI, we must acknowledge the dual nature of technology: it brings new capabilities as well as new risks. AI is not just a tool but a paradigm shift in cybersecurity. It empowers us to defend against sophisticated cyberthreats and adapt to the dynamic threat landscape. By embracing AI, we can help ensure a secure future for everyone.

Cyber Signals

See how Microsoft is protecting AI platforms from attempted abuse by nation-state cyberthreat actors.

Read the report

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹What Can Copilot’s Earliest Users Teach Us About Generative AI at Work? Microsoft. November 15, 2023.

© 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

The post Cyber Signals: Navigating cyberthreats and strengthening defenses in the era of AI appeared first on Microsoft Security Blog.