At the RSA Conference, the most influential global forum for the cybersecurity industry, Microsoft unveiled new features within its comprehensive security offering. These innovations are designed to safeguard organizational environments from multiple angles, helping companies prepare, design, implement, and manage artificial intelligence securely. Microsoft has reaffirmed its commitment to cybersecurity through its “Secure Future” initiative, highlighting its mission to make the world a safer place for everyone.
Among the announced updates are new functions for Microsoft Defender and Microsoft Purview, allowing organizations to protect and control generative AI applications in the workplace. Additionally, Microsoft has introduced a unified experience for security analysts by integrating Microsoft Copilot for Security across its range of security products.
Regardless of the level of advancement in an organization’s transformation towards artificial intelligence, robust security controls will be required to securely manage AI applications and data throughout their lifecycle: development, implementation, and runtime.
With the newly announced capabilities, Microsoft positions itself as the first security provider to offer comprehensive AI security management, covering threat protection, data security, and AI governance.
Thanks to Microsoft Defender for Cloud, companies can enhance their security strategies to protect AI applications against emerging threats. Now, security teams can identify all AI infrastructure, including plugins, SDKs, and other technologies, using AI security management capabilities on platforms like Microsoft Azure OpenAI Service, Azure Machine Learning, and Amazon Bedrock.
Integrated with Microsoft Azure’s AI services, such as Microsoft Azure AI Content Safety and Azure OpenAI, Microsoft Defender for Cloud continuously monitors AI applications for anomalous activity, correlates findings, and enriches security alerts with supporting evidence. Microsoft Defender for Cloud is the first Cloud-Native Application Protection Platform (CNAPP) that provides threat protection for AI workloads at runtime, offering security operations center (SOC) analysts new detections that alert them to malicious activities and active threats, such as jailbreak attacks, credential theft, and leakage of confidential data. Additionally, SOC analysts can facilitate incident response by natively integrating these signals into Microsoft Defender XDR.
Microsoft has also announced Microsoft Purview AI Hub, which now in preview version provides information such as shared sensitive data with AI applications, the total number of users interacting with such applications, and the associated risk level, among many other things. To prevent potential over-sharing of sensitive data, the new insights provided help organizations identify untagged files Copilot references and prioritize mitigation of over-sharing risks. Furthermore, Microsoft has announced that the AI Hub will offer information on AI misuse to help customers discover potential interactions of this technology that violate enterprise policies and regulations in areas such as hate and discrimination, corporate harm, money laundering, etc.
Microsoft Purview also includes new AI compliance assessments. Microsoft is aware of the importance of complying with regulations and how challenging deploying new technology can be. Therefore, the company is providing customers with four new Compliance Manager assessment templates, now in preview, to help them evaluate, implement, and strengthen compliance with AI regulations and standards such as the EU AI Act, NIST AI RMF, ISO/IEC 23894:2023, and ISO/IEC 42001.
Unified Security Operations Platform to Enhance Comprehensive Protection
The new unified security operations platform, in preview, transforms the analyst experience in the real world, making it easier and more accessible by bringing together all security signals and threat intelligence in one place. Analysts will have more context at each stage, with helpful recommendations and suggestions for automation, making investigation and response processes easier than ever. Microsoft is also introducing new features in Microsoft Sentinel and Defender XDR, such as global search, custom detections, and automation rules.
Microsoft has also shared a series of new features and additional capabilities that will allow organizations’ security operations centers (SOCs) to work with all of the company’s security products to strengthen end-to-end security:
Microsoft Security Exposure Management initiatives help security teams identify risk exposures and cases of insufficient essential security control implementations to find improvement opportunities.
SOC analysts can now use internal risk information as part of their investigations in Microsoft Defender XDR.
Microsoft Defender XDR is expanded to include native Operational Technology (OT) protection, facilitating automatic threat signal correlation in cross-workload incidents and improving the ability to manage OT and industrial control system vulnerabilities directly within Defender XDR.
The enhanced attack disruption capability in Microsoft Defender XDR, powered by AI, machine learning, and threat intelligence, will cover new attack scenarios such as the disabling of malicious OAuth applications and significantly expand the disruption of compromised users by malicious activities such as leaked credentials and stuffing and guessing actions.
Microsoft Sentinel introduces SOC Optimize to provide personalized guidance and help manage costs, increase data value, and enhance coverage against common attack techniques.
New Integrations of Microsoft Copilot for Security
When it comes to supporting security teams and easing complexity, Microsoft Copilot for Security offers a significant advantage. Increased integration of Copilot across Microsoft’s security portfolio helps obtain richer integrated experiences and Copilot capabilities from well-known and trusted products.
Microsoft has announced new integrations of Microsoft Copilot for Security, including Purview, new partner plugins, Azure Firewall, and Azure Web Application Firewall. These integrations provide security teams in organizations with real-time guidance, more precise research findings, and greater access to data across their environment.
“Organizations that focus on protecting AI and invest in using this technology to enhance security will remain leaders in their industries and markets. Microsoft is committed to empowering them with security solutions that enable them to achieve more. We bring together four key advantages: large-scale data and threat intelligence; the most comprehensive integrated platform; responsible AI leadership; and tools to help protect and govern AI,” comments Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management at Microsoft.