Today we are excited to announce the integration of Azure Web Application Firewall (WAF) and Azure Firewall into the Microsoft Copilot for Security standalone environment. This is the first step we are taking to bring conversational generative AI-based capabilities to Azure network security.
Copilot transforms global threat intelligence (over 78 trillion security signals), industry best practices, and your organization’s security data into personalized insights to help your teams protect at the speed and scale of AI. As the cost of security breaches increases, organizations need every advantage they can get to protect against skilled and coordinated cyber threats. To see more and move faster, you need generative AI technologies that complement human ingenuity and refocus your teams on what matters. According to recent research:
- Experienced security analysts are 22% faster using Copilot.
- When using Copilot, accuracy was 7% higher across all tasks.
- And most notably, 97% said they would like to use Copilot the next time they perform the same task.
Azure network security
Protect your applications and cloud workloads with network security services.
Generative AI for Azure network security
Azure WAF and Azure Firewall are important security services that many Microsoft Azure customers use to protect their networks and applications from threats and attacks. These services provide advanced threat protection using a basic rule set, as well as detection and protection against sophisticated attacks using rich Microsoft threat intelligence and automatic patching for zero-day vulnerabilities. These systems process huge amounts of packets, analyze signals from numerous network resources, and generate massive amounts of logs. To extrapolate and remove noise from over terabytes of data to detect threats, analysts spend hours, if not days, performing manual tasks. In addition to the sheer volume of data, there is a real lack of security expertise. Finding and training cybersecurity talent is difficult, and this talent shortage slows response to security incidents and limits proactive posture management.
The announcement of Copilot for Security’s Azure WAF and Azure Firewall integration enables organizations to enable analysts to seamlessly classify and interrogate hyperscale data sets to discover detailed, actionable insights and solutions at machine speed, using a natural language interface and without additional training. Support. Copilot automates manual tasks and upskills Tier 1 and Tier 2 analysts to perform tasks that would otherwise be assigned to skilled Tier 3 or Tier 4 experts, upskilling the entire team by redirecting expert staff to the most challenging challenges. no see. Copilot also easily transforms threat insights and investigations into natural language summaries that can be quickly communicated to colleagues or leadership. The organizational efficiencies gained through Copilot, which summarizes massive data signals to generate key insights into the threat landscape, allows analysts to outsmart attackers in minutes rather than hours or days.
Copilot’s Azure Web Application Firewall integration
Currently, Azure WAF generates detections for a variety of web application and API security attacks. These searches generate terabytes of logs that are collected into Log Analytics. Logs provide insight into Azure WAF operations, but it is a non-trivial and time-consuming activity for analysts to understand the logs and gain actionable insights.
Copilot for Security’s Azure WAF integration helps analysts perform contextual analysis of data in minutes. Specifically, we synthesize data from Azure Diagnostics logs to generate Azure WAF discovery summaries tailored to each customer’s environment. Key features include analyzing triggered WAF rules, investigating malicious IP addresses, analyzing SQL injection (SQLi) and cross-site scripting (XSS) attacks blocked by the WAF, and investigating security threats, including natural language descriptions for each detection.
By asking questions about these attacks in natural language, analysts receive a summary response with details about why the attack occurred, providing enough information to investigate the issue further. Additionally, with the help of Copilot, analysts can retrieve information about the most frequently attacking IP addresses, identify the most malicious bot attacks, and pinpoint the most frequently triggered managed and custom Azure WAF rules within your environment. there is.
Copilot’s Azure Firewall integration
Azure Firewall currently uses the Intrusion Detection and Prevention System (IDPS) feature to intercept and block malicious traffic. However, if analysts need to use this feature to perform deeper investigation into the threats that Azure Firewall catches, they will have to do this manually, which is not trivial and time-consuming. Copilot’s Azure Firewall integration helps analysts conduct these investigations at the speed and scale of AI.
The first step in your investigation is to select a specific Azure Firewall and see what threats it blocks. Today, analysts spend hours writing custom queries or navigating multiple manual steps to retrieve threat information from their Log Analytics workspace. With Copilot, analysts simply ask questions about the threats they want to see, and Copilot provides the requested information.
The next step is to better understand the nature and impact of these threats. Today, analysts must manually retrieve additional context from a variety of sources, such as the geographic location of the IP, the threat rating of the fully qualified domain name (FQDN), and details about common vulnerabilities and exposures (CVEs) associated with the IDPS signature. This process is slow and requires a lot of effort. Copilot enriches your threat data in a fraction of the time by pulling information from relevant sources.
Once a detailed investigation is performed on a single Azure Firewall and a single threat, analysts want to determine whether this threat has appeared elsewhere in the environment. Any manual work done to investigate a single Azure Firewall is work that must be repeated across the fleet. Copilot does this at machine speed and correlates this information with other security products that integrate with Copilot to help attackers better understand how to target your entire infrastructure.
It is expected
The future of technology is here, and users will increasingly expect network security products to be AI-enabled. Copilot helps organizations make the most of the opportunities presented by the new era of generative AI. The integration announced today brings together Microsoft’s expertise in security and cutting-edge generative AI into a solution built around security, privacy, and compliance, allowing organizations to more effectively protect themselves from attackers while keeping their data completely private. We help you protect yourself.
Access
We look forward to continuing to integrate Azure network security into Copilot to make it easier for our customers to increase productivity, quickly analyze threats and mitigate vulnerabilities before adversaries do. These new capabilities in Copilot for Security are already being used internally at Microsoft and a small group of customers. Today we are excited to announce our upcoming public preview. We plan to release a preview of Azure WAF and Azure Firewall for all customers at Microsoft Build on May 21, 2024. Over the coming weeks, we will continue to add new features and make improvements based on your feedback.
Stop by the Copilot for Security booth at RSA 2024 today to see demos of these features, express your interest in early access, and read additional Microsoft announcements from RSA.