News

Microsoft Touts Security Copilot for Emerging Threats

• By Kurt Mackie
• January 11, 2024

Organizations will need artificial intelligence (AI) tools to address coming attacks that will leverage AI, Microsoft suggested in a Wednesday announcement.

The announcement by Joy Chik, president of identity and access management at Microsoft, laid out general identity security "best practices" for organizations. They include using Microsoft Security Copilot, which currently is at the preview stage:

1. Empower your workforce with Microsoft Security Copilot.
2. Enforce least privilege access everywhere, including AI apps.
3. Get prepared for more sophisticated attacks.
4. Unify access policies across identity, endpoint, and network security.
5. Control identities and access for multicloud.

Microsoft Security Copilot, unveiled in March of last year, is currently at the "invitation-only Early Access Program" release phase. To try the Microsoft Security Copilot preview, organizations need to sign up through their Microsoft account representative, according to the FAQ section of this Microsoft Security landing page.

Attacks were on the rise in 2023 and attackers have shifted to other tactics, such as exploiting overprivileged "machine identity" permissions used by applications. On the AI front, "attackers are already using AI to launch, scale, and even automate new and sophisticated cyberattacks, all without writing a single line of code," Chik indicated.

AI service providers typically state that they oversee their large language models used for generative AI with the aim of reducing harmful use cases. Such controls apparently can be bypassed, per Chik's statement, although she didn't elaborate on the matter.

Microsoft previously described how Security Copilot will work with Microsoft 365 Defender to analyze attack campaigns and automate the forensics. It also previously described how Security Copilot will work with Microsoft Intune to better track device and user security issues.

Chik suggested that defensive measures using generative AI may emerge in security products sometime this year, presumably meaning Microsoft's products.

This year generative AI will become deeply infused into cybersecurity solutions and play a critical role in securing access…. To stay ahead of malicious actors, identity professionals need all the help they can get. Here's where Microsoft Security Copilot can make a big difference at your organization and help cut through today's noisy security landscape. Generative AI can meaningfully augment the talent and ingenuity of your identity experts with automations that work at machine-speed and intelligence.

The identity teams in organizations should get used to using generative AI tools and then "start building a company prompt library that outlines the specific queries commonly used for various company tasks, projects, and business processes," Chik added.

Organizations won't be able to just turn on multifactor authentication to meet the coming threat landscape, which may leverage sophisticated attacks via "token theft, cookie replay, and AI-powered phishing campaigns." Instead, organizations should take a "multilayered approach" to identity security, Chik suggested:

Start by implementing phishing-resistant multifactor authentication that is based on cryptography or biometrics such as Windows Hello, FIDO2 security keys, certificate-based authentication, and passkeys (both roaming and device-bound). These methods can help you combat more than 99% of identity attacks as well as advanced phishing and social engineering schemes.

Organizations can use machine learning with a Secure Web Gateway and continuous access evaluation to help address "sophisticated attacks like token theft and cookie replay," Chik added. She also suggested using Microsoft Authenticator to deal with "multifactor authentication fatigue" attacks, which is a method attackers use to bypass a secondary authentication measures. Microsoft Entra Permissions Management can be used to control identities for organizations leveraging multicloud environments.

Lots more best practices were advocated in the announcement, mostly for organizations using the whole fleet of Microsoft Entra identity and security products. The AI integration with Security Copilot apparently is coming, possibly this year, but the timing wasn't indicated.