In today’s rapidly evolving cyber threat landscape, influenced by global events and advances in AI, security must be a priority. Over the past three years, password cyberattacks have increased from 579 to more than 7,000 per second, a figure that has nearly doubled in the last year alone¹. New cyberattack methods challenge our security posture, pushing us to reimagine how the global security community defends organizations.
At Microsoft, we remain steadfast in our commitment to security, which remains our top priority. Thanks to our Secure Future Initiative (SFI), we have dedicated the equivalent of 34,000 full-time engineers to this effort, making it the largest cybersecurity engineering project in history, leading to continued improvement in our cyber resilience. In our last updatewe share our knowledge about the work we do on culture, governance and cyber standards to promote transparency and better support our customers in this new era of security. For each engineering pillar, we provide details on the steps taken to reduce risk and provide guidance so customers can do the same.
The information gained through SFI helps us continue to strengthen our security posture and product development. HAS Microsoft Ignite 2024We’re excited to unveil new security solutions, an industry-leading bug bounty program, and innovations in our AI platform.
Transform security with graph-based posture management
John Lambert, Microsoft security researcher and deputy chief information security officer (CISO), says: “Defenders think in lists, cyberattackers think in graphs. As long as this is true, the attackers win,” referring to cyberattackers’ constant focus on relationships between things like identities, files, and devices. Exploiting these relationships helps criminals and spies cause greater damage beyond the point of intrusion. Poor visibility and understanding of relationships and paths between entities can limit traditional security solutions to a siled defense, unable to detect or disrupt advanced persistent threats (APTs).
We are excited to announce the general availability of Managing Microsoft Security Exposures. This innovative solution dynamically maps the changing relationships between critical assets such as devices, data, identities and other connections. Powered by our Security Graph and now featuring third-party connectors for Rapid 7, ServiceNow, Qualys and Tenable in preview, Exposure Management provides customers with a comprehensive, dynamic view of their IT assets and potential cyberattack paths. This allows security teams to be more proactive with an end-to-end exposure management solution. In an ever-changing cyber threat landscape, defenders need tools that can quickly identify the signals from the noise and help them prioritize critical tasks.
In addition to detecting potential cyberattack paths, Exposure Management also helps security and IT teams measure the effectiveness of their cyber hygiene and security initiatives, such as zero trust, cloud security, and more. Currently, customers use Exposure Management across more than 70,000 cloud tenants to proactively protect critical entities and measure their cybersecurity effectiveness.
$4M “Zero Day Quest” Cloud and AI Security Bug Bounty Announced
Born from our commitments to the Secure Future Initiative and our belief that security is a team sport, we also announced Zero Day Questthe industry’s largest public safety research event. We have a long history of partnering across the industry to mitigate potential issues before they impact our customers, which also helps us create products that are more secure by default and by design.
Each year, our Bug Bounty program pays out millions for high-quality security research, with more than $16 million awarded last year. Zero Day Quest will build on this work with an additional $4 million in potential awards focused on cloud and AI, which are the areas of greatest impact for our customers. We are also committed to collaborating with the security community by providing access to our AI engineers and red teams. The quest begins now and will culminate with an in-person hacking event in 2025.
As part of our ongoing commitment to transparency, we will share details of critical bugs once they are fixed so that the entire industry can learn from them. After all, safety is a team sport.
New advances in securing AI and new skills for Security Copilot
AI adoption is rapidly outpacing many other technologies in the digital age. Our generative AI solution, Microsoft Security Copilotcontinues to be adopted by security teams to improve productivity and efficiency. Organizations across industries, including National Australia Bank, Intesa Sanpaolo, Oregon State University and Eastman, are able to perform security tasks faster and more accurately.² A recent study found that three months after adopting Security Copilot, organizations saw a 30% reduction in their average time to resolve security incidents. More than 100 partners have integrated Security Copilot to enrich insights with ecosystem data. New co-pilot skills are now available to IT administrators in Microsoft Entra and Microsoft Intune, data security and compliance teams in Microsoft Purview, and security operations teams in the Microsoft Defender product family.
According to the new “ ” from our Security for AI teamAccelerate AI transformation with enhanced security“, we found that more than 95% of organizations surveyed are already using or developing generative AI, or considering doing so in the future, with two-thirds (66%) choosing to develop their own generative AI applications. This rapid adoption has led to the passage of 37 new AI-related bills around the world in 2023, reflecting a growing international effort to address the security, safety, compliance and transparency challenges posed by the technologies. of AI.³ This highlights the critical importance of securing and governing the data that powers AI. Microsoft Defenderour customers have discovered and secured more than 750,000 instances of generative AI applications and Microsoft Purview has audited more than a billion Copilot interactions.⁴
Microsoft Purview already helps thousands of organizations, such as Cummins, KPMG and Auburn University, with their AI transformation by providing data security and compliance capabilities in Microsoft and third-party applications. We are now announcing new capabilities in Microsoft Competency to discover, protect and govern data in generative AI applications. Available in preview, new Purview features include Data Loss Prevention (DLP) for Microsoft 365 Copilotpreventing excessive data sharing in AI applications and detecting risky uses of AI such as malicious intent, rapid injections and misuse of protected materials. Additionally, Microsoft Purview now includes Data Security Posture Management (DSPM) which provides customers with a single interface to proactively discover data risks, such as sensitive data in user prompts, and receive recommended actions and insights for rapid incident responses. For more details, read the blog at Technology Community.
Microsoft continues to innovate across its end-to-end security platform to help defenders simplify, while staying ahead of cyberthreats and enabling their AI transformation. At the same time, we are continually improving the safety and security of our cloud services and other technologies, including these recent measures to make Windows 11 more secure.
Next steps with Microsoft Security
From announced advances to our daily defense of customers, to the unwavering dedication of CEO Satya Nadella and every employee, security remains our top priority at Microsoft as we uphold our principles of Security by Design, Secure by Default, and secure operations. To learn more about our vision for the future of security, log on to Microsoft Ignite opening speech.
Microsoft Ignite 2024
Gain insights to keep your organizations secure with an end-to-end AI-driven cybersecurity approach.
Are you a regular user of Microsoft security products? Review your experience on Gartner Peer Insights™ and get a $25 gift card. To learn more about Microsoft security solutions, visit our website.Add theSecurity Blogto follow our expert security coverage. Also follow us on LinkedIn (Microsoft Security) and@MSFTSecurity) for the latest cybersecurity news and updates.
¹ Microsoft Digital Defense Report 2024.
² Microsoft customer testimonials:
³ How countries around the world are trying to regulate artificial intelligenceTheara Coleman, The Week US. July 4, 2023.
⁴ Publication of FY25, First Quarter ResultsMicrosoft. October 30, 2024.