Login

Microsoft and the Future of Security – The Six Five On The Road

Microsoft and the Future of Security - The Six Five On The Road

On this episode of The Six Five – On the Road, hosts Krista Macomber and Will Townsend are joined by Microsoft‘s Vasu Jakkal, Corporate Vice President, Microsoft Security Business at Microsoft Secure for a conversation on the evolving landscape of cybersecurity and the official roll-out of Microsoft Copilot for Security.

Their discussion covers:

  • The customer feedback and adoption hurdles of Microsoft Copilot for Security, highlighting its year-long journey before general availability.
  • The crucial role of identity management in cybersecurity, and how Microsoft Copilot for Security aids in bolstering defenses.
  • Other security challenges voiced by customers and how Microsoft’s suite of tools, including Copilot for Security, aims to address them.
  • Insights into Microsoft’s strategies for empowering partners in the IT distribution channel to better support customer security needs.
  • The introduction of a new pricing model for Microsoft Copilot for Security intended to streamline adoption and enhance access across sectors.

Learn more at Microsoft.

Watch the video below, and be sure to subscribe to our YouTube channel, so you never miss an episode.

Or listen to the audio here:

Disclaimer: The Six Five Webcast is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we ask that you do not treat us as such.

Transcript:

Will Townsend: Hi, I am Will Townsend. I lead the Networking and Security Practices for Moor Insights and Strategy. Joining me today is Krista Macomber. She’s a Security Research Director with The Futurum Group. And together we are Six Five Media. Vasu Jakkal, you’re the corporate vice president of Microsoft Security business.

Vasu Jakkal: Yes.

Will Townsend: Welcome to the conversation.

Vasu Jakkal: Thank you. It’s great to be here with you in the Big Apple.

Will Townsend: Awesome.

Vasu Jakkal: The city never sleeps.

Will Townsend: It never sleeps, and we’re hearing all the sounds as we go along here. So I want to just kind of jump into the conversation around generative AI. And I liken it, the attention that’s being paid to it, like the Gold Rush in the United States of the mid 1800s and late 1800s. Generative AI can be a double-edged sword, right? It could be used for good and not so good. And I know that you’re announcing the general availability of Microsoft’s Copilot for Security. I did read your blog about a year ago, it’s been in preview for quite a while. But I’m wondering, from your perspective, what are you hearing from those early preview customers? Any challenges? Because we’re in the early stages of the generative AI journey, right?

Vasu Jakkal: Yeah, no, absolutely. I do believe that generative AI is going to be one of the most consequential technologies that we have seen. And as every single major industrial revolution has marked, it changes the way we live, it changes humanity, and I have a lot of hope for how it’s going to elevate all of us and create opportunities for all. And it was with that intention that we designed Copilot for Security. Because if you look at our world right now, one of the most serious and fundamental challenges facing us is cybersecurity, with the threat landscape growing more, increasing in speed, and scale, and sophistication. The talent shortages that we are seeing, the fragmentation in the tool landscape, it feels like an asymmetric war in cybersecurity.

And I do believe that using generative AI superpowers for security is going to help every single defender. So we designed it to be for all. As you said, we announced it last year, March 28th. We went into private preview with tens of customers, and then we had our early access program. And it was very deliberately intended for us to have a private preview and an early access, because we wanted to co-create and to really learn from our customers and partners throughout. This is a very powerful capability, and we wanted to understand how best can defenders use it. What we are hearing from the early access is just really great, positive feedback. There’s high interest from our customers and partners. We also are getting feedback from people and users who are early in their security journeys, as well as people who have been in security for a long time.

So for example, from people who are early in their career, the data indicates that they’re 26% faster, 35% more accurate. People who are more seasoned professional in security, they’re also 22% more faster, 7% more productive and accurate. So I feel really good about that feedback, but my favorite statistic is, I call it the statistic of joy, because it’s, do you like using this technology? And what we are hearing is 97%-plus people want to use Copilot again, and that really makes me feel like this product is special, and it is going to help us reshape the market, and we are super excited to announce general availability in April 1st, which then allows us to scale further.

Will Townsend: So that’s really exciting, Vasu. And from my perspective, generative AI is really democratizing access, and it’s making it real. No longer is AI sort of in the ether. AI has been around for quite some time, so I think it’s really kind of bringing it home. But what I’m seeing is, identity is becoming the hack du jour now, because you can use generative AI to do some pretty sophisticated things if you’re a bad actor. And that’s something that I think Krista wants to probe a little bit further on.

Krista Macomber: Yeah. And Vasu, I know we had the pleasure of spending a few minutes with you before this conversation, and that’s one thing that you mentioned as well, this concept of identity management and attackers really actually using valid credentials to gain access, as opposed to more blunt force hacking, if you will. So I would love to talk with you a little bit more specifically about how Microsoft Copilot for Security is addressing that.

Vasu Jakkal: Yeah, and you’re absolutely right. Identity continues to be the battleground for security. As I shared earlier with both of you, we are seeing 4,000 password attacks per second, which is up from 567 password attacks per second. And it’s very difficult once someone gets access to credentials, to just really look at that holistically and prevent them, because they can start moving laterally. This is one of the reasons, Krista, why when we think of security, identity is a key part of that, and zero trust foundations are how we’ve built our portfolio. Even in our end-to-end security portfolio, we have a technology called Entra.

And Entra is a full lifecycle identity management, so identity protection, identity management, identity governance, and now with SASE, because of all the reasons that you flagged. And we are going to integrate more Entra skills into Copilot. So at Ignite last year we announced Entra skills which are in private preview with Copilot. And so Copilot for Security can, as an example, flag risky user behavior. It can help with identifying policies related to identity. And that integration happens where Copilot can be in your Entra, in your identity solution, as well. So we are going to see that more end-to-end integration, and we do expect that customers and users will use Copilot for identity skills, as well.

Krista Macomber: Any other examples of key security issues you’re seeing that Microsoft Copilot for Security is being folded into the broader Microsoft portfolio to address?

Vasu Jakkal: Yeah, absolutely. So across the spectrum, in addition to just threat protection, what we are seeing, like extended detection response and integrating Copilot with that, so you’re protected across your devices, your identities, your cloud applications, all of that. That brings to bearing. We also see data security and governance emerging as a big need where, even the generative AI, more and more people want to see us use data security to secure and govern AI. And so they’re both sides of it. We are integrating data security skills into Copilot. We announced some of this, again, last year on how we are integrating those, even insider risk management, compliance comms, all of that.

And then at the same time we are also using data security to secure and govern AI. And we are seeing a big need for that. So Purview, which is our data security and governance product, a lot of customers, I think one in every three business decision makers right now, is worried about data leakage. And so we are seeing this, “Hey, how can we use your product, Purview, along with Entra, which is identity, to secure and govern our data, and make sure that people are not accessing applications that they shouldn’t be accessing and that’s posing risk to organizations.” So that’s what we are seeing, is this data security conversation and governance conversation, especially with all the regulations, is also very elevated right now.

Krista Macomber: Absolutely. I think when we look at generative AI, I think the secure usage of data and kind of the secure access to data, I think, is something that, as an industry, we’re certainly still figuring it out. And I think it’s going to be very paramount, especially as we’re talking about today, as generative AI becomes more democratized and the use cases become more established among companies of all sizes, industries, regions.

Vasu Jakkal: Absolutely. And also staying a step ahead of bad actors. You mentioned it beautifully earlier that attackers are also going to use every tool that they can to continue advancing their own agendas, whether it’s nation-state or ransomware. And so we have to make sure that we are using generative AI for good, and that we are securing and governing generative AI from the very beginning. That’s why we have responsible AI frameworks to really make sure that the way Microsoft builds technologies, and also the way the ecosystem is evolving and building technologies, we are doing it in partnership and being thoughtful.

We are also increasing our threat detection and protection capabilities. We did some work with OpenAI as an example, where we published it two weeks back, on just early signals and what we are seeing from attacker behavior. And we saw five nation-state groups using gen AI to get more productive, to do better conning, to do better recon. So I think we have to be very vigilant. And to me, AI is going to take a village. We are all in this village, and we have to look at all aspects of it. And never has been the role of security and security professionals is more important.

Will Townsend: No, it’s a great point that you make. From my perspective, I spent a lot of time in the channel before I became an analyst, and talking about that village, your channel partners are part of that village, and it’s going to be really important to train them so that they can present the solution correctly. The other challenge in the channel, there are a lot of security solutions out there. The whitewash is so high right now around generative AI, with lots of companies claiming capabilities.

Vasu Jakkal: Yeah.

Will Townsend: So I’m wondering, Vasu, how will Microsoft approach that, getting your channel partners properly trained, but more importantly, convincing your channel partners to lead with Microsoft?

Vasu Jakkal: Yeah, what a great question. So you’re right. We’ve always said security is a team sport, and our channel partners and all partners are the heart of that. There’s a high amount of interest from partners for Copilot for Security, which is great. We announced a partner community for Copilot, and we have thousand-plus partners as part of that community, which includes skilling, and enabling, and giving them the tools and resources. And then in particular, for Copilot for Security, early access, we now have more than a hundred partners who are part of that early access program.

And so we are working with them. Because one of the things that our partners can really help us is scale. And we are going to have to teach customers and organizations to deploy this tool, to use this tool, to make this a part of their everyday workflow. So I think our partners have tremendous opportunity to shape that and to work within that. And so we are working on the right programs for them. But going to the part of your question where you said there’s a lot of tools out there, and how do we make sure that we have clarity and we are thoughtful. Because what we have to realize is in security, it’s really important that we test the tools, so that we don’t have issues like hallucinations.

And for that you need lots of investment, lots of troves of data, and you need to have massive amount of security expertise. And that’s where the Microsoft Copilot for Security is different, because we took the ChatGPT 4 model, or the latest LLM models from OpenAI, and then we built a Microsoft security-specific model. This model is grounded on our signal intelligence and our human intelligence. We were processing 65 trillion signals early in the year. We have a brand new number, we are processing 78 trillion signals every day. Those signals-

Will Townsend: It’s mind blowing to think about the volume.

Vasu Jakkal: Isn’t it?

Krista Macomber: It really is.

Vasu Jakkal: We can’t even process this without AI. But it’s mind-blowing. So there is no other company that can process this amount of intelligence and the signals, or has this. And you can’t protect what you cannot see. So the fact that we have this, and this is what the Microsoft Copilot for Security is built on, is immensely differentiated. Secondly, we have an end-to-end portfolio. And many times, end-to-end, it’s a misnomer. People think of just threat protection end-to-end. It’s not truly. End-to-end means along with XDR and SIM, you need data security, and governance, and privacy, and device management, and IT management, and identity. And we have all of that. So all those skills from a security standpoint, we’ve trained Copilot.

Plus, we have a unique seat at the table. We are a cloud company, we are a productivity company. We understand how these things are built. And so we have that knowledge, which we have also built into Copilot for Security. So given this differentiation, I think it’s very hard to beat the value proposition of Copilot for Security. And for our channel partners, I would just say, be thoughtful about who you choose to partner with, and what are the investments that are going into that. Because, also, gen AI requires large amount of investments.

Just from a security standpoint, we announced $20 billion of investment in R&D two years back. That’s $4 billion a year. In addition, we have all of the gen AI investments that Microsoft is making, which also then create this force multiplier. So I feel like that is a big differentiation for Microsoft. And then talking about force multipliers, our Copilot for Security, plus our end-to-end portfolio, plus our threat intelligence, just creates this flywheel of innovation and force multipliers. I think it’s hard to beat our value proposition.

Will Townsend: Right, yeah. I know Krista wants to get into the pricing, but before we go there, can we talk about scalability?

Vasu Jakkal: Yeah.

Will Townsend: And I think I asked you this earlier today. So how do you approach the design so that you can scale it up and down market? One of the biggest challenges for small businesses is, oftentimes their IT staffs, their NetOps staffs, are having to do the SecOps work. There’s a huge skill shortage in security, as well. So have you designed Copilot for Security to be able to scale up and down market?

Vasu Jakkal: We have designed Copilot for security to extend, really, from small and medium businesses, all the way to enterprises, because we do believe that this tool has the capability, given natural language processing and the way it works to customize, to customize itself to all of these organizations and their, really, digital estates to provide value for all. In fact, we have customers with really small security teams who are using Copilot for Security. And then on the other hand of the spectrum, we have customers who have large security teams using that. We also believe both private sector and public sector gets value out of it. And from a scalability standpoint, there are a couple of things we’ve done. So one is, just the nature of gen AI itself, natural language. We started with English, we are now expanding to eight more languages.

That gives you a tremendous amount of flexibility in asking questions, in having this tool understand you in plain natural language. Also, the way the tool is built, in integrating in your workflows in your tooling system, and having this prompting capabilities and this guided response which says, “Well, this could be the next question you ask.” So it prompts you. That helps small and medium businesses who may not have the security capabilities that you need. And then from a talent perspective, as well. Many times, actually, all organizations are struggling with talent. But if you’re a small company in particular, because you have small teams, as you said, you wear multiple hats. You’re the IT person-

Will Townsend: You do a lot with less.

Vasu Jakkal: You’re security, you’re NetSecOps, you’re DevSecOps. It’s a lot. And so you do need a tool which is your ally, it’s your Copilot. So what we’ve done is, one of my favorite examples is reverse engineering of malware. We built that capability, like it’s a prompt book. So if you have to do that, now you don’t need to learn that. You can just say, “Do it for me.” So as we build these prompt books, and another thing that we announced is, we are going to have custom prompt books that our customers can develop. So if you’re a small and medium business, you could say, “Hey, Microsoft, help me get these prompt books, or I’m going to develop my own.” And so I think that’s some of the ways in which we are going to scale and help everyone get Copilot and strengthen their security posture.

Will Townsend: Yeah, exciting.

Krista Macomber: Yeah.

Will Townsend: So, Krista.

Krista Macomber: Yeah, so on that note, I know we, again, before this conversation, I know we talked a little bit about the pricing model that Microsoft has landed on for Copilot for Security, which it sounds like is very consumption-based. So that’s interesting, because I know when we look at some of these models, sometimes there can be some little bit of surprises, maybe some unexpected increases in charges over time. But can you talk about maybe some of the feedback that you’ve received from customers, and why Microsoft landed on that model as really being the most flexible and scalable to support this range of customers?

Vasu Jakkal: Yeah, I love what you said, flexible and scalable.

Krista Macomber: Yeah, yeah.

Vasu Jakkal: Because that was at the heart of the design of the model. We did a lot of research. We did market research. We worked with our customers, partners, to get feedback, because there’s so many business models out there and you can design in so many ways. The reason for going consumptive was A, going back to the question you had, you asked me early on, scaling from small and medium business to large enterprise. We want to give a tool which can be used for all, because it’s really important that security should be for all and it should be by all. I’m a big believer that you need to have a wide range of people doing security, because that’s how we get better. So it was that philosophy. We said, “What is the way in which we can design pricing which reduces the barriers to entry, so that people can start using Copilot for Security?” And a consumptive model gives us the flexibility of that.

So what we’ve designed is, we have an atomic unit, it’s called security compute unit, and you can provision that. And that security compute unit, then you can say, “Okay, I get some amount of work done, like queries, like question answers and workflows.” And you can start with one. You can then scale up to two, three, or how many ever you need, based on your environment. You can decide when you want to scale up and you can pay as you go. So those were some of the considerations that went into it. And the feedback from the customers has been very positive because I think it’s a very intuitive model to understand how to use it and how they can use it. The two things with the consumptive model are, of course, predictability and understanding, well, how much do I need?

And one of the ways that we are helping them with that is using the insights from our usage analysis for early access to give them an idea of, for an organization that the size they are or the type they are, what have we seen with customers? Because we can look at that data. And then just give some guidance. And then the customers can use that, decide their own environment, and they decide how much they need. And then secondly, from also making sure that we provide them with user insights of how much they’re using so that they can understand where they are. Because that’s the other part of consumptive is, “Well, I don’t know how much I have left and how much more I need.” So we have taken some measures to give more just clarity, transparency, and also help them with the analysis. And this is where, going back, the partners also are going to be very key to this in helping us scale.

Will Townsend: So Vasu, it sounds like you’re describing the cloud journey model, with provisioning and that sort of thing, and shadow IT, and how that sort of maybe not got out of control, but there needed to be some visibility and some transparency there, and other companies sort of stepped in to do that. So I really commend Microsoft for providing that level of flexibility. But it’s been a great conversation. We really appreciate your time, Krista and I. I’m wondering, just any final thoughts before we close our discussion?

Vasu Jakkal: Yeah. Well, first of all, thank you for the opportunities. You both are lovely, lovely people and amazing human beings, and I’m grateful to have you both in this journey and to be here.

Will Townsend: Likewise.

Vasu Jakkal: I just feel like security is such a mission-driven area. I feel passionately that we should protect our world and we should do more for that. Because if I look at cybercrime today, it’s costing us trillions of dollars. And if I look at all the challenges in the world around us, if we can just take a portion of that and do good with it, whether it’s sustainability, or, I don’t know, powerty, or more equity, gosh, wouldn’t it be a better world? And for far too long, security professionals haven’t worked with each other. This has not been a team.

Will Townsend: It’s been a wild garden.

Vasu Jakkal: It’s been like a dark, fear-based culture. So I think my parting thoughts are, we need to work together. And this is what Microsoft is going to do, is to build a more optimistic, hope-filled narrative, to make sure that we design technologies which are wonderful and are going to shape this market, are going to do good for all, and that we enable everyone to be a defender. So that’s what we are going to try our best to do. But Microsoft can’t do it alone. And so we really invite everyone to be in this journey with us, and we are grateful to have people like you in the journey. So I’m excited about our future, I’m optimistic about our future, and I think we all need to give it our best shot.

Will Townsend: I agree. Let’s win it together.

Vasu Jakkal: Let’s win it together.

Will Townsend: All right.

Author Information

Krista Case

With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.

SHARE:

Latest Insights:

Altimeter and ARK Lead $100M Round in Hammerspace to Strengthen AI Infrastructure Performance
Brad Shimmin
Brad Shimmin

Altimeter and ARK Lead $100M Round in Hammerspace to Strengthen AI Infrastructure Performance

Brad Shimmin, VP and Practice Lead at The Futurum Group, examines why investors behind NVIDIA and Meta are backing Hammerspace to remove AI data bottlenecks and improve performance at scale.
Will Tableau’s New Enhancements Drive Use of Agentic AI Across the Enterprise
Brad Shimmin
Brad Shimmin & Keith Kirkpatrick

Will Tableau’s New Enhancements Drive Use of Agentic AI Across the Enterprise?

Looking Beyond the Dashboard: Tableau Bets Big on AI Grounded in Semantic Data to Define Its Next Chapter
Futurum analysts Brad Shimmin and Keith Kirkpatrick cover the latest developments from Tableau Conference, focused on the new AI and data-management enhancements to the visualization platform.
Partnering For Success: Field Alignment, Earnings, and Readiness with Google Cloud- Six Five On the Road
Tiffani Bova
Tiffani Bova

Partnering For Success: Field Alignment, Earnings, and Readiness with Google Cloud- Six Five On the Road

Colleen Kapase, VP at Google Cloud, joins Tiffani Bova to share insights on enhancing partner opportunities and harnessing AI for growth.
Ericsson Goes Wireless-First for AI Enterprises
Ron Westfall

Ericsson Goes Wireless-First for AI Enterprises

Ericsson Introduces Wireless-First Branch Architecture for Agile, Secure Connectivity to Support AI-Driven Enterprise Innovation
The Futurum Group’s Ron Westfall shares his insights on why Ericsson’s new wireless-first architecture and the E400 fulfill key emerging enterprise trends, such as 5G Advanced, IoT proliferation, and increased reliance on wireless-first implementations.
Become a Client

The Futurum Group

(833) 722-5337

501 West Ave., Suite 2102
Austin TX 78701

Linkedin Youtube Facebook

Welcome to The Futurum Group

Login to The Futurum Group
Login to Futurum Intelligence
Login to Futurum Labs Research Library

Book a Demo

Thank you, we received your request, a member of our team will be in contact with you.