Introducing TITAN-Powered Recommendations in Security Copilot Guided Response
In the ever-evolving landscape of cybersecurity, speed and accuracy are paramount. At Microsoft, we’re continuously investing in ways to help analysts make informed decisions under pressure. One of the most powerful of these is Guided Response: a Security Copilot-powered capability in Microsoft Defender that walks analysts through step-by-step investigation and response flows. It provides context-aware recommendations tailored to each incident, enabling teams at all levels to respond with precision and scale. Now, with the integration of Threat Intelligence Tracking via Adaptive Networks (TITAN) recommendations, Guided Response is taking a leap forward. By bringing in real-time threat intelligence (TI) to prioritize and explain suggested actions, it enables analysts to surface, prioritize, and act on the most relevant threats with clarity and efficiency. What is TITAN? TITAN represents a new wave of innovation built on Microsoft Defender Threat Intelligence capabilities, introducing a real-time, adaptive threat intelligence (TI) graph that integrates first and third-party telemetry from the unified security operations platform, Microsoft Defender for Threat Intelligence, Microsoft Defender for Experts, and customer feedback. This graph employs guilt-by-association techniques to propagate known TI labels to unknown neighboring entities (e.g., IP, file, email) at machine scale. By analyzing relationships between entities, TITAN can identify attacker infrastructure before it's leveraged in attacks, giving defenders a critical window to proactively disrupt threats. One of TITAN’s greatest strengths is its ability to learn from indicators of compromise (IOCs) observed throughout the global threat landscape. Microsoft Defender analyzes over 24 trillion security signals every day, across identities, endpoints, apps, and beyond. When a new IOC (such as an IP address, an IP range or an email sender) is identified in one environment, Microsoft Defender rapidly leverages that intelligence to protect other environments. These live, TI-based Guided Response recommendations help identify, manage and block threats before they impact your organization, turning every detection into a defense signal for the entire Microsoft ecosystem. Why bring TITAN into Security Copilot Guided Response? Security Copilot Guided Response already provides analysts with a curated set of recommendations. TITAN enhances this by introducing a new dimension: real-time, threat-intel-driven recommendations that are grounded in global telemetry and threat actor behavior. The integration improves Guided Response by: Expanding coverage to incidents that previously lacked actionable context. Prioritizing recommendations with higher confidence. Surfacing targeted triage and remediation actions based on live threat infrastructure. How it works TITAN suggestions are now integrated into Guided Response as both triage and containment recommendations. When an incident involves an entity with known malicious threat intelligence flagged by TITAN, Security Copilot automatically generates a Guided Response recommendation. Analysts receive prioritized, natural language guidance on how to triage the incident and contain specific threat entities, including: IP addresses IP ranges Internet Message-ID Email senders Real-world impact In early testing, TITAN-powered triage recommendations have shown promising results: Increased model accuracy: TITAN’s integration has helped improve the precision of Guided Response triage recommendations. Improved analyst trust: explainable, threat-intel-backed recommendations, have helped analysts gain more confidence in their response actions. Faster decision-making: TITAN’s real-time scoring and threat attribution have accelerated incident investigation and response times. Evolving Guided Response with threat intelligence TITAN recommendations mark a significant leap in our mission to empower defenders. By combining the scale of Microsoft’s Defender Threat Intelligence with the precision of Security Copilot’s Guided Response, we’re helping analysts move from reactive to proactive— responding faster, working smarter, and acting with greater confidence. Stay tuned for more updates as we continue to evolve this capability. And if you’re already using TITAN recommendations in your environment, we’d love to hear your feedback. Join the Microsoft Customer Connection Program to share your insights and help shape future Microsoft Security products and features. Learn more Check out our resources to learn more about our new approach to AI-driven threat intelligence for Guided Response, and our recent security announcements: See TITAN in action in the session delivered at Ignite Read our blog and conference paper on the TITAN architecture, accepted to KDD 2025, the premier data-mining conference. Read the Security Copilot Guided Response paper & blogAnnouncing File Attachments for Case Management
Staying informed with the most up to date information is critical to quickly taking appropriate action on a case. File Attachments for Case Management enables you to share reports, emails, screenshots, log files, and more, all in one centralized location within a case ensuring you have all the information you need. Key Benefits of Attachments for Case Management Centralized Information: File attachments ensure that all relevant documents, images, and data are stored in one place. No more hunting through emails or disparate systems—everything you need is right at your fingertips within the case. Comprehensive Documentation: From evidence to client communications and reports, file attachments provide a complete and organized record of all case-related materials. This comprehensive documentation is invaluable for audits, reviews, and future reference. More Accurate Response: Minimize errors and increase confidence in case outcomes by leveraging all relevant information related to a case. Learn more hereMonthly news - November 2024
Microsoft Defender XDR Monthly news November 2024 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from October 2024.Monthly news - August 2024
Microsoft Defender XDR Monthly news August 2024 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from July 2024.Monthly news - May 2024
Microsoft Defender XDR Monthly news May 2024 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from April 2024.Monthly news - May 2024
Microsoft Defender XDR Monthly news May 2024 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from April 2024.
