Today we are excited to denote the Azure Web Application Firewall (WAF) and Azure Firewall integrations successful the Microsoft Copilot for Security standalone experience. This is the archetypal measurement we are taking toward bringing interactive, generative AI-powered capabilities to Azure web security.

Copilot empowers teams to support astatine the velocity and standard of AI by turning planetary menace quality (78 trillion oregon much information signals), manufacture champion practices, and organizations’ information information into tailored insights. With the increasing outgo of information breaches, organizations request each vantage to support against skilled and coordinated cyber threats. To spot much and determination faster, they request generative AI exertion that complements quality ingenuity and refocuses teams connected what matters. A recent study shows that:

• Experienced information analysts were 22% faster with Copilot.
• They were 7% much close crossed each tasks erstwhile utilizing Copilot.
• And, astir notably, 97% said they privation to usage Copilot the adjacent clip they bash the aforesaid task.

Generative AI for Azure web security

Azure WAF and Azure Firewall are captious information services that galore Microsoft Azure customers usage to support their web and applications from threats and attacks. These services connection precocious menace extortion utilizing default regularisation sets arsenic good arsenic detection and extortion against blase attacks utilizing affluent Microsoft menace quality and automatic patching against zero-day vulnerabilities. These systems process immense volumes of packets, analyse signals from galore web resources, and make immense amounts of logs. To crushed implicit terabytes of information and chopped done the sound to observe threats, analysts walk respective hours if not days performing manual tasks. In summation to the standard of information determination is simply a existent shortage of information expertise. It is hard to find and bid cybersecurity endowment and these unit shortages dilatory down responses to information incidents and bounds proactive posture management. 

With our announcement of Azure WAF and Azure Firewall integrations successful Copilot for Security, organizations tin empower their analysts to triage and analyse hyperscale information sets seamlessly to find detailed, actionable insights and solutions astatine instrumentality speeds utilizing a earthy connection interface with nary further training. Copilot automates manual tasks and helps upskill Tier 1 and Tier 2 analysts to execute tasks that would different beryllium reserved for much experienced Tier 3 oregon Tier 4 professionals, redirecting adept unit to the hardest challenges, frankincense elevating the proficiency of the full team. Copilot tin besides easy construe menace insights and investigations into earthy connection summaries to rapidly pass colleagues oregon leadership. The organizational ratio gained by Copilot summarizing immense information signals to make cardinal insights into the menace scenery enables analysts to outpace adversaries successful a substance of minutes alternatively of hours oregon days.

How Copilot for Security works with the Azure Firewall and Azure WAF plugins.

Azure Web Application Firewall integration successful Copilot

Today, Azure WAF generates detections for a assortment of web exertion and API information attacks. These detections make terabytes of logs that are ingested into Log Analytics. While the logs springiness insights into the Azure WAF actions, it is simply a non-trivial and time-consuming enactment for an expert to recognize the logs and summation actionable insights.

The Azure WAF integration successful Copilot for Security helps analysts execute contextual investigation of the information successful minutes. Specifically, it synthesizes information from Azure Diagnostics logs to make summarization of Azure WAF detections tailored to each customer’s environment. The cardinal capabilities see probe of information threats—including analyzing WAF rules triggered, investigating malicious IP addresses, analyzing SQL Injection (SQLi) and Cross-site scripting (XSS) attacks blocked by WAF, and earthy connection explanations for each detection.

By asking a natural-language question astir these attacks, the expert receives a summarized effect that includes details astir wherefore that onslaught occurred and equips the expert with capable accusation to analyse the contented further. In addition, with the assistance of Copilot, analysts tin retrieve accusation connected the astir often offending IP addresses, place apical malicious bot attacks, and pinpoint the managed and customized Azure WAF rules that person been triggered astir often wrong their environment.

A sneak peek astatine the Azure WAF integration successful Copilot for Security.

Azure Firewall integration successful Copilot

Azure Firewall intercepts and blocks malicious postulation utilizing the intrusion detection and prevention strategy (IDPS) diagnostic today. However, erstwhile analysts request to execute a deeper probe of the threats that Azure Firewall catches utilizing this feature, they request to bash this manually—which is simply a non-trivial and time-consuming task. The Azure Firewall integration successful Copilot helps analysts execute these investigations with the velocity and standard of AI.

The archetypal measurement successful an probe is to prime a circumstantial Azure Firewall and spot the threats it has intercepted. Analysts contiguous walk hours penning customized queries oregon navigating done respective manual steps to retrieve menace accusation from Log Analytics workspaces. With Copilot, analysts conscionable request to inquire astir the threats they’d similar to see, and Copilot volition contiguous them with the requested information.

The adjacent measurement is to amended recognize the quality and interaction of these threats. Today, analysts indispensable retrieve further contextual accusation specified arsenic geographical determination of IPs, menace standing of a afloat qualified domain sanction (FQDN), details of communal vulnerabilities and exposures (CVEs) associated with an IDPS signature, and much manually from assorted sources. This process is dilatory and involves a batch of effort. Copilot pulls accusation from the applicable sources to enrich your menace information successful a fraction of the time.

Once a elaborate probe has been performed for a azygous Azure Firewall and azygous threat, analysts would similar to find if these threats were seen elsewhere successful their environment. All the manual enactment they performed for an probe for a azygous Azure Firewall is thing they would person to repetition fleet wide. Copilot tin bash this astatine instrumentality velocity and assistance correlate this accusation with different information products integrated with Copilot to amended recognize however attackers are targeting their full infrastructure.

A sneak peek astatine the Azure Firewall integration successful Copilot for Security.

Looking forward

The aboriginal of exertion is here, and users volition progressively expect their web information products to beryllium AI enabled; and Copilot positions organizations to afloat leverage the opportunities presented by the emerging epoch of generative AI. The integrations announced contiguous harvester Microsoft’s expertise successful information with state-of-the-art generative AI packaged unneurotic successful a solution built with security, privacy, and compliance at its bosom to assistance organizations amended support themselves from attackers portion keeping their information wholly private.

Getting access

We look guardant to continuing to integrate Azure web security into Copilot to marque it easier for our customers to beryllium much productive and beryllium capable to rapidly analyse threats and mitigate vulnerabilities up of their adversaries. These caller capabilities successful Copilot for Security are already being utilized internally by Microsoft and a tiny radical of customers. Today, we’re excited to denote the upcoming nationalist preview. We expect to motorboat the preview for each customers for Azure WAF and Azure Firewall astatine Microsoft Build connected May 21, 2024. In the coming weeks, we’ll continuously adhd caller capabilities and marque improvements based connected your feedback.

Please halt by the Copilot for Security booth astatine RSA 2024 to spot a demo of these capabilities today, explicit involvement for aboriginal access, and work astir further Microsoft announcements astatine RSA.

The station Bringing generative AI to Azure web information with caller Microsoft Copilot integrations appeared archetypal connected Microsoft Azure Blog.