The Security Copilot team is continuously enhancing threat intelligence (TI) capabilities in Security Copilot to provide a more comprehensive and integrated TI experience for customers. We're excited to share that the Security Copilot threat Intelligence plugin has broadened beyond just MDTI to now encapsulate data from other TI sources, including Microsoft Threat Analytics (TA) and Microsoft file and URL intelligence, with even more sources becoming available soon.
To reflect this evolution of the plugin, customers may notice a change in its name from "Microsoft Defender Threat Intelligence (MDTI) to "Microsoft Threat Intelligence," reflecting its broader scope and enhanced capabilities.
Since launch in April, Security Copilot customers have been able to access, operate on, and integrate the raw and finished threat intelligence from MDTI developed from trillions of daily security signals and the expertise of over 10 thousand multidisciplinary analysts through simple natural language prompts. Now, with the ability for Security Copilot's powerful generative AI to reason over more threat intelligence, customers have a more holistic, contextualized view of the threat landscape and its impact on their organization.
New plugin name in Security Copilot reflects broader range of capabilities
This broader range of information, delivered instantly and in-context, adds to the ability to enable different security personas to defend at machine speed and scale. For example, a customer may ask "Tell me more about the Threat actor Silk Typhoon" for the latest threat intelligence information from MDTI, including IoCs, data from mass collection and analysis, intelligence articles, Intel Profiles (vulnerabilities, threat actors, threat tooling], and guidance. Security Copilot now also shows customers the impact of threat to their organization and which assets may be vulnerable though threat analytics and reputation information from Microsoft file and URL (detonation) intelligence. for indicators associated with incidents and other threat activity.
In this example, impacted asset data from Threat Analytics is available alongside MDTI intelligence for complete context about a threat and its impact on the organization.
It's important to note that customers will only see threat intelligence associated with the products they are provisioned for. For example, a Security Copilot customer that isn't provisioned for Defender XDR will not see any threat intelligence from Threat Analytics.
Conclusion
Microsoft delivers leading threat intelligence built on visibility across the global threat landscape made possible protecting Azure and other large cloud environments, managing billions of endpoints and emails, and maintaining a continuously updated graph of the internet. By processing an astonishing 78 trillion security signals daily, Microsoft can deliver threat intelligence in Security Copilot providing an all-encompassing view of attack vectors across various platforms, ensuring customers have comprehensive threat detection and remediation.
If you are interested in learning more about MDTI and how it can help you unmask and neutralize modern adversaries and cyberthreats such as ransomware, and to explore the features and benefits of MDTI please visit the MDTI product web page. To learn more about Security Copilot, visit the Tech Community page here.
Learn more about Microsoft Security Copilot in Microsoft Defender Threat Intelligence here.
Also, be sure to contact our sales team to request a demo or a quote. Learn how you can begin using MDTI with the purchase of just one Security Copilot SCU here.
Microsoft