The world of information technology is changing rapidly. While many organizations are still leveraging antiquated security solutions that can’t keep up with the new threats, others have turned to next-generation technologies like Microsoft Security Copilot (MSP). MSP is a cloud-based solution that provides actionable intelligence and guidance with a focus on protection, response and recovery. In this article we’ll examine some of the key components of MSP in greater detail so you can make an informed decision about whether or not it’s right for your organization.
Protect their assets, data and customers
Security Copilot end-to-end defense: AI-powered Data Security
- Context-based classification for proactive protection against advanced attacks
- Proactive protection against targeted attacks that evade traditional defenses by leveraging insider knowledge of your organization’s systems and processes
- DLP Adaptive Protection forensics helps you discover where sensitive data has been exposed or leaked (for example, through social media)
Data Security
Microsoft Security Copilot is a cloud-based service that provides you with a single console to manage your Azure security subscriptions and subscriptions for other Microsoft technologies, like Office 365. With this service, you can:
- Manage your existing licenses and subscriptions in one place
- Easily add new licenses as they become available
- Receive notifications when new updates are available
Context-based classification
Context-based classification is a way to classify data based on the context of where it was created and/or accessed. This can be useful for ensuring that information remains safe, even when it moves across different devices and locations. For example, if you’re working with sensitive data at home on your personal computer but don’t want to keep the same level of protection while traveling, context-based classification could help you set up different rules for each environment so that only certain files are encrypted or protected at any given time.
Proactive protection
Anticipate and prevent attacks, detect and respond to threats, identify, classify and group threats, take action on threats. Prevent attacks from spreading by blocking or quarantining them. Detect malware in email attachments with advanced antimalware capabilities that are designed to help protect you from ransomware attacks.
Adaptive Protection forensics
- Adaptive Protection forensics is a key component of the Adaptive Protection Platform. It provides you with a comprehensive view of your security posture, including:
- Detailed analysis of all threats that have been detected by the Adaptive Protection Platform.
- A summary of your overall security state and recommendations for improving it.
Defender for Teams
Defender for Teams is a cloud-based security solution that provides real-time protection for your data. It integrates with other solutions and can be used with other security solutions. Defender for Teams is easy to use and affordable, so you can protect your organization without breaking the bank.
Purview Adaptive Protection
The Copilot demo showed the potential of this tool, which can crunch an entire security incident into one- or two-page executive summaries within moments. This includes flowcharts and reverse-engineering that shows how malware was able to infect a host, including lateral attacks. Defender for Teams essentially prevents malware and bad actors from using Teams as a way of infecting a corporate machine, instead of using email and phishing links. It uses the same detection ‘engine’ and gives the same level of protection, including reporting of events to the Security Operations Centre (SOC).
The OCR (Optical Character Recognition) function of a scanner can be used to detect sensitive data within a picture, i.e., someone has taken a photo of a sensitive document, and tries to exfiltrate the photo rather than the actual document. This has been historically difficult, but with some clever AI assistance, should finally close this security gap.
Token protection will protect your organization from lateral attacks, as it will stop bad actors from stealing tokens and using them to jump from one system to another. For example, during March this year several high-profile YouTube channels were breached by attackers using token-based attacks. If a conditional access policy is breached, this new service can immediately revoke tokens and show where there are gap and unprotected users or apps across your environment.
Purview Adaptive Protection uses machine learning within Purview to dynamically change how much access or ability a user has if they have been identified as a “high risk” user by the system; this means that if Purview has observed, for example, a future leaver beginning to act suspiciously and is collecting sensitive data then Purview can automatically disable “USB storage”, “email externally” and “printing remotely” to dynamically prevent a breach from occurring.
Conclusion
Microsoft Security Copilot is a product that is designed to help organizations protect their assets, data and customers. It is a cloud-based service that provides you with the tools necessary to keep your organization safe from cyber attacks and other security threats.