Search
Close this search box.

Microsoft Unifies Security Ops with Copilot AI-Augmented Platform

Microsoft Unifies Security Ops with Copilot AI-Augmented Platform

The News: At its Ignite conference, Microsoft introduced in private preview a unified security operations (SecOps) platform that combines the company’s Sentinel cloud-native Security Information and Event Management (SIEM), Defender extended detection and response (XDR), and Security Copilot tools. The platform is expected to enter public preview next year. Additional detail is available on Microsoft’s website.

Microsoft Unifies Security Ops with Copilot AI-Augmented Platform

Analyst Take: Today’s average enterprise uses dozens of security tools in an effort to comprehensively address the variety of cyberattacks that are occurring across the broad range of applications and infrastructure resources relied upon by businesses and in an effort to meet compliance requirements. Such defense-in-depth strategies have merits, but they also have the downside of adding complexity and fragmentation that impedes the visibility and responsiveness required by SecOps teams to mitigate business downtime and data loss following an attack. Compounding this issue, attackers need to successfully exploit only one vulnerability. Simply put, traditional security tools result in blind spots and a deluge of alarms, both of which inhibit SecOps teams’ ability to keep up with the modern threat landscape and the unprecedented volume and variety of data being created.

Against this backdrop, over the past few years, SIEM tools have grown in value and the market for XDR tools has emerged. More recently, the market has started to further evolve with the integration of SIEM and XDR data to enhance aggregation and correlation of insights. As a result, the ability to identify and triage threats across the data and technology estate has also evolved.

Microsoft’s new SecOps center addresses this trend by adding a centralized plane for visibility into, and triaging of, threats spanning SIEM and XDR data. To accelerate investigative tasks such as analyzing malicious code, and to speed time to resolution, the new operations center also adds playbooks that can be executed with rules-based automation. Also notable is the solution’s incorporation of generative AI – for example, allowing users to ask Copilot in natural language to generate an incident report summarizing investigative and remedial actions. This feature addresses the staffing and skills gaps that plague security and IT operations teams alike and that have become a material threat to organizations’ cyber-resiliency.

To this point, The Futurum Group expects the new SecOps center to serve as a tailwind to the momentum that Microsoft has already been demonstrating in the security space. According to Microsoft, it counts 860,000 security customers, a figure that has more than doubled since early 2021. Sentinel specifically has accumulated more than 25,000 customers since its launch in 2019, up from 15,000 one year ago, and annual recurring revenue (ARR) of more than $1 billion.

From a portfolio perspective, CEO Satya Nadella pointed out on Tuesday in the company’s most recent earnings call that Microsoft has wide-spanning capabilities across identity, security, compliance, device management, and privacy. While robust, a point of consolidation is needed for the security team; otherwise, it only serves to perpetuate issues around solution fragmentation and limited staff resources impeding the ability to uncover and respond to breaches more quickly, and the ability to ensure compliance with security regulations across sprawling application and IT infrastructure environments (both of which are topics that come up in The Futurum Group’s conversations with security and IT operations professionals). The new SecOps center represents an important starting point; broad visibility is achieved through integrating SIEM and XDR technology, and operations for incident investigation and response can be greatly streamlined, especially with the addition of Microsoft’s Copilot AI.

This market is competitive with a lot of moving pieces, and Microsoft’s success around SecOps will be in no small way influenced by its ability to position unique value, such as its close tie-ins to Azure and Windows for shops that rely heavily on those environments, and its ability to use its visibility into over 65 trillion threat signals per day (per Microsoft) to refine its threat detection. As Microsoft drives toward an “end-to-end” security strategy, The Futurum Group will still be watching for the company’s support for third-party security tools, so as to still provide comprehensive threat visibility and remediation and its ability to keep pace with helping customers to uncover newer and emerging threats, such as zero-day attacks.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other Insights from The Futurum Group:

Under The Hood: How Microsoft Copilot Tames LLM Issues

Microsoft Ignites Teams with a Shift in Digital Collaboration

Microsoft Copilot Will Be the AI Inflection Point

Author Information

With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.

SHARE:

Latest Insights:

An Analytical Look at Lattice’s Q3 FY2024 Earnings, Strategic Cost Reductions, and the Company’s Focus on Long-Term Market Expansion
Bob Sutor, VP and Practice Lead of Emerging Technologies at The Futurum Group analyzes Lattice Semiconductor's Q3 2024 results, examining the company's strategic cost reductions, AI-PC partnerships, and leadership transition to drive long-term growth.
AMD Is Developing AI-Focused Infrastructure Solutions and Competitive AI PC Processors, Positioning Itself in the Enterprise and Personal Computing Markets
Olivier Blanchard, Research Director at The Futurum Group, analyzes AMD's Q3 2024 performance and AI advancements from the Advancing AI event, emphasizing AMD’s competitive push in data centers and AI PCs against Intel and Qualcomm.
Amazon’s Q3 FY2024 Earnings Driven by AI, Cloud Innovation, and Enhanced Retail Capabilities
Olivier Blanchard, Research Director at The Futurum Group, discusses Amazon’s Q3 2024 earnings, including the pivotal role of AI and cloud technology, AWS growth, and innovative AI shopping tools reshaping Amazon’s revenue and customer experience.
Bob Sutor, VP and Practice Lead for Emerging Technologies at The Futurum Group, summarizes his report on his talk at the Inside Quantum Technology Quantum+AI conference in New York City on October 29, 2024. The talk title was Quantum AI: A Quantum Computing Industry Perspective.