News

Microsoft, Rubrik Leverage Generative AI for Joint Security Collaboration

• By David Ramel
• 06/28/2023

Microsoft, which has become an AI leader thanks to its financial partnership with OpenAI, is using new advanced generative AI technology in a joint collaboration with Zero Trust cybersecurity specialist Rubrik.

Specifically, that collaboration involves integrating Rubrik Security Cloud with Microsoft Sentinel -- for Security Information and Event Management (SIEM) -- along with Microsoft's cloud-hosted Azure OpenAI service, which provides access to cutting-edge large language models (LLMs) used in machine learning to power AI constructs like the ChatGPT chatbox and the GPT- series of LLMs.

Research firm Gartner describes SIEM like this: "SIEM aggregates the event data that is produced by monitoring, assessment, detection and response solutions deployed across application, network, endpoint and cloud environments. Capabilities include threat detection, through correlation and user and entity behavior analytics (UEBA), and response integrations commonly managed through security orchestration, automation and response (SOAR)."

And the generative AI tech, of course, comes from the Azure OpenAI service.

One of the Rubrik Security Cloud's capabilities is preventing malware reinfection by analyzing the time-series history of data for indicators of compromise to identify the initial point, scope and time of infection. Today, the company characterized time-series data as being integral to the partnership.

"Rubrik's ability to provide time-series data insights directly into Microsoft Sentinel enables organizations to address evolving cyber threats and safeguard their most sensitive information," Rubrik said in a news release. "With this integration, the platform is designed to automatically create a recommended task workstream in Microsoft Sentinel created by Rubrik by leveraging large language models and generative AI through OpenAI."

Rubrik said the joint integration with Microsoft Sentinel will help security and IT teams to:

• Streamline Incident Creation to help incident response teams prioritize alerts by automatically creating an incident in Sentinel based on anomalous activity within Rubrik Security Cloud.
• Automate Recommended Task Workstream by suggesting incident response tasks that will enable IT and security teams to investigate the incident more rapidly while preserving evidence for forensics purposes.
• Accelerate Cyber Recovery by dynamically generating code for investigating the incident in Microsoft Sentinel, allowing IT and security teams to react swiftly to maintain business resiliency.

A June 28 blog post published by Rubrik details exactly how the new scheme works, starting out: "It begins with the existing Rubrik integration with Microsoft Sentinel. Rubrik Anomaly Detection continuously monitors backups as they are ingested, feeding data through a machine learning model utilized to detect not only file activity (e.g., additions, modifications, deletions) but also encryption within the filesystem. As anomalies are identified, this information flows into Microsoft Sentinel tables, bringing Rubrik's valuable time-series analysis of data into the hands of security teams."

That, Rubrik said, is vital because time is of the essence during a ransomware attack, with the speed at which an organization responds to the attack potentially greatly impacting both the scope of the attack and the potential for a successful recovery.

"The explosion of generative AI will catapult us into a new age of cyberattacks -- attacks that go far beyond human comprehension," said Bipul Sinha, CEO and Co-founder of Rubrik. "We must fight fire with fire and use generative AI to not only understand future cyber events but to also prevent and defend against them.

"We're thrilled to collaborate with Microsoft and continue to build upon our progressive and long-standing partnership. This is an important step forward as we continue our mission of securing the world's data and helping businesses achieve cyber resilience."

Read the remainder of the blog post and news release for more information.