Join our daily and weekly newsletters for the latest updates and exclusive content covering cutting-edge AI. Learn more
VentureBeat recently spoke (virtually) with Vasu JakkalVice President of Security, Compliance, Identity, Management and Privacy at Microsoft, to better understand how AI, machine learning (ML), generative AI and emerging technologies are redefining cybersecurity.
Jakkal leads Microsoft Securityone of Microsoft’s fastest growing divisions, which has reached 20 billion dollars of turnover at the beginning of last year. She previously served as executive vice president and chief marketing officer at FireEye and vice president of corporate marketing at Brocade.
One of the key takeaways from her interview with VentureBeat is that AI is at the heart of Microsoft’s security DNA and that she and the leadership team see the AI generation as an indispensable technology to reduce obstacles to a more inclusive, productive and diverse industry. For their last financial year, Microsoft generated record annual revenue of more than $245 billion, up 16% year-over-year, and operating profit of more than $109 billion, up 24%.
CEO Nadella: Security is Microsoft’s top priority
During Microsoft Q1 FY25 Earnings Callpresident and Satya Nadella, CEO said that “we continue to prioritize safety above all else. Nadella continues: “Security Copilot, for example, is used by companies across industries, including Clifford Chance, Intesa Sanpaolo and Shell, to perform SecOps tasks faster and more accurately. And we also help our customers protect their AI deployments. Customers have used Defender to discover and secure more than 750,000 build AI application instances; and used Purview to audit over a billion Copilot interactions to meet their compliance obligations.
Write your letter this year annual reportNadella emphasized how security is critical to Microsoft’s future, stating that “security underpins every layer of our technology stack.” Nadella emphatically writes: “We are doubling down on our Secure Future initiative as we implement our principles of Security by Design, Security by Default, and Secure Operations. And we are working to make continued progress across the six pillars of the initiative: protecting tenants and insulating production systems; protect identities and secrets; protect networks; protect engineering systems; monitor and detect threats; and expedite response and corrective action.
Nadella says, “As part of this commitment, all Microsoft employees now make security a “core priority,” holding each of us accountable for creating secure products and services.
The following is an excerpt from VentureBeat’s interview with Jakkal.
VentureBeat: Can you start by explaining how Microsoft’s Secure Future Initiative (SFI) has reshaped the company’s approach to cybersecurity and culture?
Djakkal: THE Secure Future Initiative is not just about technology: it is also about transformation. With more than 34,000 equivalent engineers dedicated to this effort, it is one of the largest technical advancements in cybersecurity. We focus on security by design, security by default, and security of operations. But it’s also about changing our way of thinking: security is now the responsibility of everyone at Microsoft, and no longer just a specialized team. This is how we progress.
I think it’s our job and our duty to provide these platforms. I came to Microsoft because of our mission and empowering everyone, and I love the security because I think it’s a great place where everyone can make an impact. When we launched our Secure Future Initiative last November, it was certainly about protecting Microsoft and making Microsoft resilient, but it’s much more than that. It’s about making the world safe in the age of AI, creating fairness, equality and opportunity so everyone can participate. Because when I go everywhere and I meet not only women, men, women, all people, all facets, and they say to me: “Listen, you can have a career that is meaningful and linked to a goal. You can have a great career.
VB: How does generative AI empower defenders and what role does Security Copilot play?
Djakkal: I feel like the AI generation is going to be a game changer in this industry. I will share some statistics with you. Three years ago, in 2021, we saw 567 identity-related attacks, which were password-related attacks; that’s a lot of attacks per second. Today, that figure stands at 7,000 password attacks per second and more than 1,500 bad actors tracked. Security Copilot helps level the playing field. It uses security data from Microsoft and GPT models from OpenAI to simplify tasks, whether it’s analyzing incidents or automating reports. For early career defenders, this improved speed by 26% and accuracy by 35%. For seasoned professionals, it’s 22% faster and 7% more accurate. But the most significant statistic for me? More than 90% of users said they would use it again. This is what we call the “joy statistic.” This is why I love Generation AI because I think this tool is going to make it easy for everyone to become an advocate. And for me, that’s a game changer.
VB: Could you explain to us how exposure management and how the combination of AI, human collaboration and orchestrated threat management in your new exposure management directorate will streamline security operations center performance (SOC)?
Djakkal: We have been moving for several years towards what we call a unified SOC or a unified SecOps. This is one of our visions: it is difficult for defenders when there are too many alerts. I mean the noise to signal ratio is quite high. So the idea behind our SOC was to take extended detection and response, our XDR capabilities, which is actually Defender, that’s our tool, and take our SIEM capabilities, which are Sentinel, and bring them together . So we have a unified control panel and exposure management fits into that because alongside our extended detection response, we’re not just looking at endpoints, but also at endpoints and identities , as well as data security and cloud security, all of those things, exposure management. is just built into that. So you can access Defender and your SOC teams have our exposure management capabilities, which helps your teams just as your threat protection tools help you detect and respond. Our exposure management tools help you map out all the potential paths that attackers take, because I think defense is great, but prevention, I’d like to think, is the best defense.
VB: Why has Microsoft made exposure management a cornerstone of its proactive defense strategy?
Djakkal: Attackers think in graphs, defenders think in lists or silos. Defenders must think graphically. For the AI generation, this is extremely critical and that’s what exposure management is. We are actively integrating graphics capabilities into our security products. Exhibition management is our first product with of course the AI generation, which uses these graphics capabilities. And this allows you for the first time to bring attack surface management, attack path analysis, like seeing your digital assets the same way an attacker would see your digital assets and start looking at all potential paths and how an attacker could enter them. there’s also this cool thing where you can find choke points. Are there many attack routes passing through a point and what does that look like? And that uses those graphics capabilities. We already have 70,000 tenants with exposure management enabled. And we work with the third-party ecosystem because security is a team sport.
VB: How does exposure management improve defender capabilities within a unified SOC?
Djakkal: Exposure management fits perfectly into our vision of a unified Security Operations Center (SOC). It brings together tools like Defender for detection and Sentinel for response into one cohesive system. By integrating exposure information, defenders gain a clear map of attack paths and risks. It’s about making prevention as seamless as detection and response, giving defenders a single, actionable view.
VB: What role does diversity play in Microsoft’s vision for cybersecurity?
Djakkal: We talk about mission-critical graphics and AI generation, but ultimately cybersecurity is about people and empowering them to use these technologies so we can change culture. The Secure Future Initiative, graph-based capabilities, Generation AI and all other initiatives are driving a massive cultural transformation that includes everyone. I think you’ve heard me say that security should be for one and all. And this is the objective that we are pursuing. Cybersecurity thrives on diverse perspectives because attackers are diverse, and our defenders should be too. It’s about creating opportunities and empowering everyone to be part of the solution.
VB: How does Microsoft ensure AI tools are accessible and fair to defenders?
Djakkal: Accessibility is essential. We design tools like Security Copilot to be intuitive so defenders of all levels can use them effectively. By democratizing advanced features, we ensure that even small organizations can access the same powerful tools as large enterprises.
Because imagine how many people will have access to all these tools, no matter who you are, no matter where you are, you can get started. And our attackers are quite diverse. Our world is quite diverse. So if our advocates don’t reflect the diversity of our world, how can we hope to stay ahead of the curve? So I think these tools, whether it’s the generative AI or the graph that we’re building or the platform, are all going to help us do that as well.
VB: What is your ultimate vision for Microsoft’s cybersecurity initiatives?
Djakkal: Our goal is to empower defenders and build a safer digital world. With tools like Security Copilot and Exposure Management, we are transforming the way organizations approach cybersecurity, ensuring they stay ahead of evolving threats. It’s about making cybersecurity accessible to everyone and creating a resilient and inclusive future.