The Security Copilot team unveiled groundbreaking advancements at the recent Microsoft Ignite 2024 conference that redefine the threat intelligence experience for organizations worldwide.
With a focus on enhanced capabilities, Security Copilot now empowers users with a comprehensive ‘360-degree’ view of threats, consolidating various threat intelligence (TI) sources for an enriched understanding of attacker tooling and methodologies.
A significant feature of this update is the availability of ten new indicators skills. These skills allow Security Copilot users to harness an extensive dataset of raw and finished threat intelligence in Microsoft Defender Threat Intelligence (MDTI).
This connection enables analysts to link indicators of compromise (IoCs) to all relevant data, providing critical context for attacks.
Microsoft analysts identified that the automated infrastructure chaining this feature supports is vital for threat hunters, allowing them to efficiently investigate connections between data sets and expand their inquiries into potential incidents.
Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar
Microsoft Ignite 2024
Security Copilot’s enhanced capabilities include two primary categories of threat intelligence:
- In-depth Indicators data: This feature automatically ties any IoC to all linked threat intelligence in MDTI, including intel profiles, articles, and detonation information. Such instant context aids in incident response by quickly revealing the associated threat actors and their tactics.
- Indicators metadata: Analysts can now link any IoC to the associated internet infrastructure through advanced MDTI data sets. This includes a wealth of information from WHOIS data, SSL certificates, and more, creating critical connections to preemptively identify emerging threats.
Alongside TI innovations, Security Copilot has also expanded its unified vulnerability intelligence capabilities.
.webp)
It now integrates vulnerability and asset intelligence from multiple Microsoft services, allowing for a consolidated view of vulnerabilities within an organization. Users can understand the full scope of vulnerabilities and their implications, thereby informing risk-based prioritization and remediation strategies.
Microsoft’s commitment to optimizing threat intelligence continues to evolve, enhanced by the processing of trillions of security signals daily.
This ensures customers have access to robust threat detection and response mechanisms, reinforcing security across their enterprise environments.
These advancements in Security Copilot underscore Microsoft’s dedication to providing comprehensive, AI-driven security solutions that empower organizations to stay ahead of evolving cyber threats in an increasingly complex digital landscape.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free