Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. More information
VentureBeat recently sat down (virtually). Vasu Jakkalcorporate vice president of security, compliance, identity, management and privacy at Microsoft, to gain her insights into how AI, machine learning (ML), generative AI and emerging technologies are redefining cybersecurity.
Jakkal leads Microsoft securityone of Microsoft’s fastest growing divisions to achieve it $20 billion in turnover at the beginning of last year. She previously served as Executive Vice President and Chief Marketing Officer at FireEye and as Vice President of Corporate Marketing at Brocade.
A key takeaway from her interview with VentureBeat is that AI is at the core of Microsoft security DNA and she and the senior management team see gen AI as an indispensable technology to break down the barriers to a more inclusive, productive and diverse industry. For them last financial year, Microsoft achieved record annual revenue of more than $245 billion, an increase of 16 percent year-on-year, and an operating profit of more than $109 billion, an increase of 24 percent.
CEO Nadella: Security is Microsoft’s top priority
During the day Microsoft’s first quarter earnings of 25 yearschairman and CEO Satya Nadella stated that “we continue to prioritize safety above all else. Nadella continues: “For example, Security Copilot is used by companies in every industry, including Clifford Chance, Intesa Sanpaolo and Shell, to perform SecOps tasks faster and more accurately. And we also help customers protect their AI deployments. Customers have used Defender to discover and protect more than 750,000 generation AI app instances; and used Purview to monitor more than a billion Copilot interactions to meet their compliance obligations.”
Writing his letter in this year annual reportNadella emphasized how critical security is to Microsoft’s future, stating that “security underpins every layer of our tech stack.” Nadella emphatically writes: “We are doubling down on our Secure Future Initiative as we implement our principles of ‘secure by design’, ‘secure by default’ and ‘secure operations’. And we are focused on making continued progress on the initiative’s six pillars: protecting tenants and insulating production systems; protect identities and secrets; protect networks; protect technical systems; monitor and detect threats; and accelerate response and recovery.
Nadella says: “As part of this commitment, all Microsoft employees now have security as a “core priority,” holding each of us accountable for building secure products and services.”
The following is an excerpt from VentureBeat’s interview with Jakkal.
VentureBeat: Can you start by talking about how Microsoft’s Secure Future Initiative (SFI) has reshaped the company’s approach to cybersecurity and culture?
Jakkal: The Safe future initiative is about more than just technology; it’s about transformation. With more than 34,000 equivalent engineers committed to this effort, this is one of the largest technical developments in cybersecurity. We focus on Secure by Design, Secure by Default and Secure in Operations. But it’s also about changing the way we think: security is now the responsibility of everyone at Microsoft, not just a specialized team. This is how we make progress.
I think it is our job and our duty to provide these platforms. I joined Microsoft because of our mission and empowering everyone, and I love security because I think it’s a great place for everyone to make an impact. When we launched our Secure Future Initiative last November, it was indeed about protecting Microsoft and creating a resilient Microsoft, but it is so much more than that. It’s about securing the world in this age of AI, creating equity and equality and opportunity so that everyone can participate. Because if I go around and meet not just women, men, women, all people, all facets and they say, look, you can have a great, meaningful career that’s connected to a purpose. You can have a great career.
VB: How does generative AI strengthen defenders, and what role does Security Copilot play?
Jakkal: I feel like generation AI will be a game changer in this industry. Let me share some statistics with you. Three years ago, in 2021, we saw 567 identity-related attacks, which were password-related attacks; that’s a lot of attacks per second. Today, that number stands at 7,000 password attacks per second and there are more than 1,500 tracked threat actors. Security Copilot ensures a level playing field. It uses Microsoft’s security data and OpenAI’s GPT models to simplify tasks, whether analyzing incidents or automating reports. For early career defenders, it improved speed by 26% and accuracy by 35%. For seasoned professionals, it’s 22% faster and 7% more accurate. But the most meaningful statistic to me? More than 90% of users said they wanted to use it again. That’s what we call the “joy statistic.” That’s why I love gen AI, because I think this tool will make it easy for anyone to become a defender. And that is a game changer for me.
VB: Can you explain how exposure management and how the combination of AI, human collaboration and threat management, orchestrated in your new exposure management direction, will streamline Security Operations Center (SOC) performance?
Jakkal: We have been marching towards what we call unified SOC or unified SecOps for a few years now. That is one of our views: it is difficult for defenders if there are too many warnings. I mean, the noise to signal ratio is quite high. And so the idea behind our SOC was to take extended detection and response, our XDR capabilities, which is basically Defender, which is our tool, and take our SIEM capabilities, which is Sentinel, and bring them together. So we have a unified view and exposure management actually fits right into that because along with our comprehensive detection response, so not just looking at endpoints, but also looking at endpoints and identities and data security and cloud security, all of these things, exposure management is just integrated into that. So you can go to Defender and your SOC teams have our exposure management capabilities and it helps your teams just like your threat protection tools help you detect and respond. Our exposure management tools help you map out all those potential paths that attackers are taking, because I think defense is great, but prevention, I think, is the best defense.
VB: Why has Microsoft made Exposure Management a cornerstone of its proactive defense strategy?
Jakkal: Attackers think in graphs, defenders think in lists or silos. Defenders have to think in graphs. For generation AI, this is super critical and that’s what exposure management is. We actively build graphics capabilities into our security products. Exposure management is our first product together with natural gen AI, which uses these graphics capabilities. And now for the first time, you can apply attack surface management and attack path analysis, which is like looking at your digital assets the way an attacker would view your digital assets and starting to look at all the potential paths and how an attacker could get in. We also have this cool thing where you can find bottlenecks. Are there many attack paths through one point and what does that look like? And that uses these graphic options. We already have 70,000 tenants with exposure management enabled. And we work with the third-party ecosystem because security is a team sport.
VB: How does Exposure Management improve defender capabilities within a unified SOC?
Jakkal: Exposure Management fits perfectly into our vision for a unified Security Operations Center (SOC). It brings together tools such as Defender for detection and Sentinel for response into one cohesive system. By integrating exposure insights, defenders gain a clear overview of attack routes and risks. It’s about making prevention as seamless as detection and response, so defenders get a single, actionable view.
VB: What role does diversity play in Microsoft’s cybersecurity vision?
Jakkal: We talk about graphs being critical and generational AI, but at the end of the day, cybersecurity is about people and about empowering people to use these technologies so we can change cultures. The Secure Future Initiative, graph-based capabilities, gen AI, and all the other initiatives are driving a massive cultural transformation that includes everyone. I think you’ve heard me say: safety should be for everyone and for everyone. And that is the purpose we live for. Cybersecurity thrives on diverse perspectives because attackers are diverse, and our defenders should be, too. It’s about creating opportunities and empowering everyone to be part of the solution.
VB: How does Microsoft ensure AI tools are accessible and fair to defenders?
Jakkal: Accessibility is essential. We design tools like Security Copilot to be intuitive so defenders of all skill levels can use them effectively. By democratizing advanced capabilities, we ensure that even smaller organizations have access to the same powerful tools as large enterprises.
Because imagine how many people have access to all these tools, no matter who you are, no matter where you are, you can get started. And our attackers are quite diverse. Our world is quite diverse. So if our defenders don’t reflect the diversity in our world, how can we expect to stay ahead? So I think these tools, whether it’s generative AI or the graph that we build or the platform, will help us all do that as well.
VB: What is your ultimate vision for Microsoft’s cybersecurity initiatives?
Jakkal: Our goal is to empower defenders and build a more secure digital world. With tools like Security Copilot and Exposure Management, we’re transforming the way organizations approach cybersecurity to stay ahead of evolving threats. It’s about making cybersecurity accessible to all and creating a resilient, inclusive future.
Source link
