Automating Repetitive Tasks with AI Agents in Microsoft Security Copilot

ByDeepMind
Automating Repetitive Tasks with AI Agents in Microsoft Security Copilot

Enhancements to Microsoft’s Security Copilot with AI Agents

Microsoft is enhancing its Security Copilot service by integrating additional AI agents, both from Microsoft and its partners. This initiative aims to improve the efficiency and effectiveness of security professionals in managing incidents and data breaches.

Overview of Security Copilot

Security Copilot is a specialized version of Microsoft Copilot designed specifically for security experts. It allows users to retrieve critical information about security leaks using everyday language and simplifies the automation of related tasks. This powerful tool aims to streamline threat detection and response processes for organizations.

Microsoft’s AI Agents

Among the newly launched AI agents in Security Copilot, Microsoft has introduced six its own. Here are some highlights:

  • Phishing Triage Agent: This agent analyzes potential phishing alerts in a company’s security system, effectively filtering out false positives to provide accurate assessments.
  • Alert Triage Agents: Two agents from Microsoft Purview evaluate notifications to identify inappropriate use of business data by employees.
  • Conditional Access Optimization Agent: Found in Microsoft Entra, this agent monitors access rules and alerts administrators about security vulnerabilities, allowing them to address issues quickly.
  • Vulnerability Remediation Agent: Part of Microsoft Intune, it helps administrators quickly identify vulnerable endpoints and apply necessary operating system updates.
  • Threat Intelligence Briefing Agent: This agent automatically generates and delivers relevant security reports in a timely manner.

Partner AI Agents for Security Copilot

In addition to Microsoft’s offerings, five partner companies have developed their own AI agents tailored for specific needs within Security Copilot:

  • Aviatrix Systems Agent: This agent addresses network issues, providing solutions to enhance network security.
  • OneTrust Agent: Focused on regulatory compliance, this agent assists organizations in adhering to privacy laws and guidelines.
  • BlueVoyant SecOps Agent: This agent improves Security Operations Center (SOC) functions and offers suggestions for enhanced operational efficiency.
  • Tanium Alert Triage Agent: This tool gives analysts essential context for alerts to help them make informed decisions.
  • Fletch Task Optimizer Agent: This agent helps organizations predict and prioritize the most pressing cyber threats.

Additional Security Features from Microsoft

Microsoft continues to expand its AI capabilities across its entire security portfolio. One noteworthy development is in Edge for Business, which now prevents employees from inputting sensitive information into unauthorized AI chatbots. This functionality will also extend to applications integrated with Microsoft Purview and third-party Secure Access Service Edge (SASE) tools.

Moreover, Microsoft Defender is receiving upgrades aimed at enhancing the security of AI applications across platforms, particularly involving large language models (LLMs). Starting in May 2025, these improvements will include Google’s Vertex AI and various models from Azure’s Foundry LLM catalog, such as Google Gemini and Meta Llama, as well as custom AI models. This enhanced security scope will also cover environments like Google Cloud, Azure, and AWS.

Furthermore, a new iteration of Microsoft Defender for Office 365 is set to launch in April 2025, providing stronger defenses against phishing and other cyber threats, even within Microsoft Teams.

Also read: Topics regarding SUSE Security events which are now compatible with Microsoft Sentinel and Security Copilot.

Please follow and like us:
error
fb-share-icon
Tweet
fb-share-icon

Related