As threat actors evolve and develop new tools and techniques to penetrate organizations, security analysts need comprehensive solutions now more than ever.
According to Microsoft, data security admins are already stretched thin by the number of alerts received, with an average of more than 50 per day, of which only around a third are actioned. The story is very similar for compliance admins who are facing mammoth tasks reviewing evidence which, on average, takes up 60% of their time.
In order to address these issues, the company has today announced a series of upgrades to its online safety portfolio, including a major upgrade for Microsoft Security Copilot.
Streamlining with Microsoft Security Copilot
Going forward, Microsoft says Security Copilot will cut down the curve for analysts looking to enhance their skills by simplifying processes. For example, with Security Copilot embedded in Microsoft Purview, analysts will be able to investigate and respond to the latest alerts at a much faster rate by generating a complete overview of existing information and alerts.
The process for finding existing logs has been simplified and accelerated. No longer will keywords be needed to navigate eDiscovery, as Security Copilot brings natural language to its search functions.
In private preview, Microsoft Security Copilot has also been integrated with the Microsoft Intune admin center, where it will cater to the specific needs of your organization by using the power of generative AI to analyze data provided by security and management tools to rapidly develop and deploy new policies.
The company says this will help fine tune your organization’s overall security posture by enhancing endpoint management and joining forces with existing Security Copilot features available now.
Moreover, Security Copilot will unify your company’s security platforms by delivering a comprehensive security infrastructure across identity management, device management, data protection and compliance, and cloud security.
Microsoft Entra
For those looking to manage suspicious activity on user accounts, identify users with excessive access privileges, or weed out those individuals who bring unnecessary risk to your organization, Security Copilot will provide insight via Microsoft Entra into who poses the greatest risk.
Managing user credentials has also been streamlined with Security Copilot by generating efficient workflows for user credentials, making it easier to monitor access and generate new credentials.
Organizations have more devices online than ever before, and each individual device is a threat to identity, network and cloud security. Entra will now provide a centralized management system for access controls, allowing the implementation of robust multi-factor authentication.
By the end of 2023, Microsoft Entra Internet Access will include the ability to employ web filtering, conditional access, and network compliance checks to provide additional security.
Microsoft Intune
Microsoft Intune will also have new features available through Security Copilot allowing security teams to manage and gather data from individual devices within your organization, enabling the development of device policy and best practices for future deployments.
If you are worried about the use of generative AI within your organization, new Entra features can secure any data or information used with AI applications. Security Copilot will also recommend the best configurations for your organization specific needs.
External Attack Surface and Cloud Security
As the attack surface for many organizations grows, enhancements to Microsoft Defender EASM and Defender for Cloud will allow new ways of monitoring potential attack paths and receive guidance on security posture through natural language search queries, rather than battling complicated keyword searches in the midst of an intrusion.
Finally, Microsoft Defender for Cloud also provides attack path analysis, highlighting the most likely paths of attack and providing greater insight into your cloud security and assisting in the prediction and remediation of vulnerabilities.
