Microsoft Launches AI Agents for Security Copilot to Enhance Threat Response
Microsoft is launching a series of AI agents for its Security Copilot program designed to help professionals more easily protect their organizations against today’s security threats. The company has built six of the new agents, while five come from third-party partners. All will be available for preview starting in April.
Microsoft’s AI Agents
The six Microsoft-created agents aim to help security teams handle high-volume security and IT tasks, taking their cues from Microsoft’s Zero Trust framework. They will also learn from user feedback and adapt to internal workflows. The six agents are:
- Phishing Triage Agent in Microsoft Defender: Prioritizes Microsoft Defender phishing alerts to distinguish real threats from false positives, offering simple explanations for its decisions and improving its detective skills based on user feedback.
- Alert Triage Agent in Microsoft Purview: Prioritizes Microsoft Purview alerts related to data loss and insider risks, improving its behavior based on user feedback.
- Conditional Access Optimization Agent in Microsoft Entra: Looks for new users and apps in Microsoft Entra that aren’t covered by existing policies, suggesting necessary updates to patch security holes and offering quick fixes to deal with identity and authentication methods.
- Vulnerability Remediation Agent in Microsoft Intune: Prioritizes security vulnerabilities, uncovers app and policy configuration issues, and suggests the right Windows patches to apply.
- Threat Intelligence Briefing Agent in Security Copilot: Works with Security Copilot to share relevant and urgent threat intelligence based on an organization’s environment and exposure to specific risks.
Third-Party Agents
The five third-party agents will be available in Security Copilot, including:
- Privacy Breach Response Agent by OneTrust: Analyzes data breaches and offers guidelines on how an organization can meet regulatory requirements.
- Network Supervisor Agent by Aviatrix: Scans and analyzes security risks related to VPN, gateway, and Site2Cloud connection outages and failures.
- SecOps Tooling Agent by BlueVoyant: Looks at a security operations center and controls, providing advice on how to improve them.
- Alert Triage Agent by Tanium: Places security alerts within certain contexts to help decide how to handle each one.
- Task Optimizer Agent by Fletch: Prioritizes the most critical security alerts, allowing organizations to determine how to address each one.
Security Copilot
Microsoft Security Copilot, launched about a year ago, uses AI to monitor and analyze security threats that could impact an organization. The product aims to automate as much of the process as possible, freeing up IT and security staff from repetitive or time-consuming tasks. It also offers guidance to help staff determine how and where to focus their efforts, allowing them to respond to security threats more quickly and effectively.
Conclusion
The launch of these AI agents marks an important step in the evolution of Microsoft’s Security Copilot, providing organizations with more effective tools to combat the ever-growing number of security threats. While AI agents can help streamline security operations, it is crucial to remember that human intervention is still necessary to ensure the accuracy and effectiveness of these tools.
FAQs
Q: What are the six Microsoft-created AI agents for Security Copilot?
A: The six agents are the Phishing Triage Agent in Microsoft Defender, Alert Triage Agent in Microsoft Purview, Conditional Access Optimization Agent in Microsoft Entra, Vulnerability Remediation Agent in Microsoft Intune, and Threat Intelligence Briefing Agent in Security Copilot.
Q: What are the five third-party AI agents for Security Copilot?
A: The five agents are the Privacy Breach Response Agent by OneTrust, Network Supervisor Agent by Aviatrix, SecOps Tooling Agent by BlueVoyant, Alert Triage Agent by Tanium, and Task Optimizer Agent by Fletch.
Q: How does Security Copilot work?
A: Security Copilot uses AI to monitor and analyze security threats, aiming to automate as much of the process as possible and free up IT and security staff from repetitive or time-consuming tasks. It also offers guidance to help staff determine how and where to focus their efforts.
