In as we speak’s quickly altering cyberthreat panorama, influenced by international occasions and AI developments, safety have to be high of thoughts. Over the previous three years, password cyberattacks have surged from 579 to greater than 7,000 per second, practically doubling within the final yr alone.¹ New cyberattack strategies problem our safety posture, pushing us to reimagine how the worldwide safety neighborhood defends organizations.
At Microsoft, we stay steadfast in our dedication to safety, which continues to be our high precedence. By way of our Safe Future Initiative (SFI), we’ve devoted the equal of 34,000 full-time engineers to the hassle, making it the biggest cybersecurity engineering challenge in historical past—driving steady enchancment in our cyber resilience. In our newest replace, we share insights into the work we’re doing in tradition, governance, and cybernorms to advertise transparency and higher help our prospects on this new period of safety. For every engineering pillar, we offer particulars on steps taken to scale back danger and supply steering so prospects can do the identical.
Insights gained from SFI assist us proceed to harden our safety posture and product improvement. At Microsoft Ignite 2024, we’re happy to unveil new safety options, an industry-leading bug bounty program, and improvements in our AI platform.
Remodeling safety with graph-based posture administration
Microsoft’s Safety Fellow and Deputy Chief Info Safety Workplace (CISO) John Lambert says, “Defenders suppose in lists, cyberattackers suppose in graphs. So long as that is true, attackers win,” referring to cyberattackers’ relentless give attention to the relationships between issues like identities, information, and units. Exploiting these relationships helps criminals and spies do extra intensive harm past the purpose of intrusion. Poor visibility and understanding of relationships and pathways between entities can restrict conventional safety options to defending in siloes, unable to detect or disrupt superior persistent threats (APTs).
We’re excited to announce the overall availability of Microsoft Safety Publicity Administration. This progressive answer dynamically maps altering relationships between important belongings similar to units, information, identities, and different connections. Powered by our safety graph, and now with third-party connectors for Fast 7, ServiceNow, Qualys, and Tenable in preview, Publicity Administration gives prospects with a complete, dynamic view of their IT belongings and potential cyberattack paths. This empowers safety groups to be extra proactive with an end-to-end publicity administration answer. Within the consistently evolving cyberthreat panorama, defenders want instruments that may rapidly determine sign from noise and assist prioritize important duties.
Past seeing potential cyberattack paths, Publicity Administration additionally helps safety and IT groups measure the effectiveness of their cyber hygiene and safety initiatives similar to zero belief, cloud safety, and extra. At present, prospects are utilizing Publicity Administration in additional than 70,000 cloud tenants to proactively defend important entities and measure their cybersecurity effectiveness.
Asserting $4 million AI and cloud safety bug bounty “Zero Day Quest”
Born out of our Safe Future Initiative commitments and our perception that safety is a workforce sport, we additionally introduced Zero Day Quest, the {industry}’s largest public safety analysis occasion. We’ve got an extended historical past of partnering throughout the {industry} to mitigate potential points earlier than they influence our prospects, which additionally helps us construct safer merchandise by default and by design.
Yearly our bug bounty program pays thousands and thousands for high-quality safety analysis with over $16 million awarded final yr. Zero Day Quest will construct on this work with a further $4 million in potential rewards targeted on cloud and AI—— that are areas of highest influence to our prospects. We’re additionally dedicated to collaborating with the safety neighborhood by offering entry to our engineers and AI crimson groups. The hunt begins now and can culminate in an in-person hacking occasion in 2025.
As a part of our ongoing dedication to transparency, we’ll share the main points of the important bugs as soon as they’re fastened so the entire {industry} can study from them—in any case, safety is a workforce sport.
New advances for securing AI and new abilities for Safety Copilot
AI adoption is quickly outpacing many different applied sciences within the digital period. Our generative AI answer, Microsoft Safety Copilot, continues to be adopted by safety groups to spice up productiveness and effectiveness. Organizations in each {industry}, together with Nationwide Australia Financial institution, Intesa Sanpaolo, Oregon State College, and Eastman are capable of carry out safety duties sooner and extra precisely.² A latest research discovered that three months after adopting Safety Copilot, organizations noticed a 30% discount of their imply time to resolve safety incidents. Greater than 100 companions have built-in with Safety Copilot to counterpoint the insights with ecosystem information. New Copilot abilities at the moment are out there for IT admins in Microsoft Entra and Microsoft Intune, information safety and compliance groups in Microsoft Purview, and safety operations groups within the Microsoft Defender product household.
In line with our Safety for AI workforce’s new “Speed up AI transformation with sturdy safety” white paper, we discovered that over 95% of organizations surveyed are both already utilizing or creating generative AI, or they plan to take action sooner or later, with two thirds (66%) selecting to develop a number of AI apps of their very own. This fast-paced adoption has led to 37 new AI-related payments handed into regulation worldwide in 2023, reflecting a rising worldwide effort to handle the safety, security, compliance, and transparency challenges posed by AI applied sciences.³ This underscores the criticality of securing and governing the info that fuels AI. By way of Microsoft Defender, our prospects have found and secured greater than 750,000 generative AI app cases and Microsoft Purview has audited greater than a billion Copilot interactions.⁴
Microsoft Purview is already serving to hundreds of organizations, similar to Cummins, KPMG, and Auburn College, with their AI transformation by offering information safety and compliance capabilities throughout Microsoft and third-party purposes. Now, we’re saying new capabilities in Microsoft Purview to find, defend, and govern information in generative AI purposes. Accessible for preview, new capabilities in Purview embody Knowledge Loss Prevention (DLP) for Microsoft 365 Copilot, prevention of information oversharing in AI apps, and detection of dangerous AI use similar to malicious intent, immediate injections, and misuse of protected supplies. Moreover, Microsoft Purview now contains Knowledge Safety Posture Administration (DSPM) that offers prospects a single pane of glass to proactively uncover information dangers, similar to delicate information in person prompts, and obtain really useful actions and insights for fast responses throughout incidents. For extra particulars, learn the weblog on Tech Neighborhood.
Microsoft continues to innovate on our end-to-end safety platform to assist defenders make the advanced easier, whereas staying forward of cyberthreats and enabling their AI transformation. On the similar time, we’re constantly enhancing the security and safety of our cloud providers and different applied sciences, together with these latest steps to make Home windows 11 safer.
Subsequent steps with Microsoft Safety
From the advances introduced to our day by day protection of shoppers, and the steadfast dedication of Chief Govt Officer (CEO) Satya Nadella and each worker, safety stays our high precedence at Microsoft as we ship on our ideas of safe by design, safe by default, and safe operations. To study extra about our imaginative and prescient for the way forward for safety, tune in to the Microsoft Ignite keynote.
Microsoft Ignite 2024
Acquire insights to maintain your organizations safer with an AI-first, end-to-end cybersecurity strategy.
Are you a daily person of Microsoft Safety merchandise? Evaluate your expertise on Gartner Peer Insights™ and get a $25 present card. To study extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our skilled protection on safety issues. Additionally, comply with us on LinkedIn (Microsoft Safety) and X (@MSFTSecurity) for the most recent information and updates on cybersecurity.
¹ Microsoft Digital Protection Report 2024.
² Microsoft buyer tales:
³ How nations all over the world try to manage synthetic intelligence, Theara Coleman, The Week US. July 4, 2023.
⁴ Earnings Launch FY25 Q1, Microsoft. October 30, 2024.