News

Microsoft Extending Defender AI to Google Cloud

In announcing new Microsoft Security Copilot agents and other new protections for AI, the company revealed upcoming Defender coverage for the Google Cloud Platform.

Microsoft Defender was created for the company's Azure cloud platform, of course, but added support for the Amazon Web Services (AWS) cloud in 2021 with a connector tool. Soon, Defender will work with all three cloud giants.

"Organizations developing their own custom AI solutions will need to strengthen the security posture for AI that they source from multiple models, running in multiple AI platforms and clouds," Microsoft said in a March 24 post announcing the new agents. "To address this need, Microsoft Defender has extended AI security posture management beyond Microsoft Azure and Amazon Web Services to include Google Vertex AI and all models in the Azure AI Foundry model catalog."

Preview coverage is set for this year for Google's Gemini, Gemma, Meta Llama, Mistral, and custom models.

"With new multicloud interoperability, organizations will gain broader code-to-runtime AI security posture visibility across Microsoft Azure, Amazon Web Services, and Google Cloud," Microsoft said. "Microsoft Defender can give organizations a jumpstart to securing AI posture across multimodel and multicloud environments."

New Microsoft Security Copilot Agents
As for those new agents, they come from both Microsoft and its partners.

Microsoft Security Copilot Agents
[Click on image for larger view.] Microsoft Security Copilot Agents (source: Microsoft).

Here's a summary:

  • Six new Microsoft agents include:

    • Phishing Triage Agent in Microsoft Defender triages phishing alerts with accuracy to identify real cyberthreats and false alarms. It provides easy-to-understand explanations for its decisions and improves detection based on admin feedback.
    • Alert Triage Agents in Microsoft Purview triage data loss prevention and insider risk alerts, prioritize critical incidents, and continuously improve accuracy based on admin feedback.
    • Conditional Access Optimization Agent in Microsoft Entra monitors for new users or apps not covered by existing policies, identifies necessary updates to close security gaps, and recommends quick fixes for identity teams to apply with a single click.
    • Vulnerability Remediation Agent in Microsoft Intune monitors and prioritizes vulnerabilities and remediation tasks to address app and policy configuration issues and expedites Windows OS patches with admin approval.
    • Threat Intelligence Briefing Agent in Security Copilot automatically curates relevant and timely threat intelligence based on an organization's unique attributes and cyberthreat exposure.

  • Five new agentic solutions from Microsoft Security partners include:

    • Privacy Breach Response Agent by OneTrust analyzes data breaches to generate guidance for the privacy team on how to meet regulatory requirements.
    • Network Supervisor Agent by Aviatrix performs root cause analysis and summarizes issues related to VPN, gateway, or Site2Cloud connection outages and failures.
    • SecOps Tooling Agent by BlueVoyant assesses a security operations center (SOC) and state of controls to make recommendations that help optimize security operations and improve controls, efficacy, and compliance.
    • Alert Triage Agent by Tanium provides analysts with the necessary context to quickly and confidently make decisions on each alert.
    • Task Optimizer Agent by Fletch helps organizations forecast and prioritize the most critical cyberthreat alerts to reduce alert fatigue and improve security.

And More
Other highlights of the announcement include:

  • Security Copilot Early Access Expansion: Expanded access to Security Copilot across more customers, making it generally available in Microsoft Defender XDR and Microsoft Sentinel.
  • Copilot Embedded in Microsoft Defender for Endpoint: Users can now interact directly with Security Copilot within Defender for Endpoint to summarize alerts, generate scripts, and explain threat context.
  • Security Copilot in Microsoft Entra: Added to Entra to help identity admins investigate sign-in risks, summarize user activity, and assist with policy changes using natural language.
  • Security Copilot in Microsoft Intune: Integrated into Intune to help with device management tasks, like summarizing compliance issues and generating remediation scripts.
  • Unified Security Operations Platform: Reinforced the vision of an integrated SecOps experience through Defender XDR, Sentinel, and Security Copilot for streamlined workflows.
  • Improved AI Application Protections: Defender for Cloud now includes capabilities to protect generative AI workloads, including threat detection and attack surface management for AI apps.
  • Enhanced Phishing Protection for Microsoft Teams: Defender for Office 365 expands protection to cover malicious URLs and files shared inside Microsoft Teams chats.
  • Security Copilot Partner Integrations: Announced upcoming integrations with security data from partners like Zscaler, Recorded Future, and Proofpoint to enrich threat insights.

About the Author

David Ramel is an editor and writer at Converge 360.

Featured

Most   Popular

Subscribe on YouTube