VentureBeat recently sat down (virtually) with Vasu JakkalCorporate Vice President of Corporate Security, Compliance, Identity, Governance and Privacy Microsoft, to realize insight into how artificial intelligence, machine learning (ML), generative AI and emerging technologies are redefining cybersecurity.
The Jackal leads the way Microsoft securityone of the fastest growing divisions Microsoft has achieved $20 billion revenues at the starting of last 12 months. Previously, she served as executive vice chairman and chief marketing officer at FireEye and vice chairman of corporate marketing at Brocade.
The key takeaway from her interview with VentureBeat is that AI is at the core of Microsoft’s security DNA, and she and the senior leadership team see Gen. AI as an essential technology to scale back barriers to a more inclusive, productive and diverse industry. For them last tax 12 months, Microsoft achieved record annual revenues of over $245 billion, up 16 percent year-over-year, and over $109 billion in operating income, up 24 percent.
CEO Nadella: Security is Microsoft’s top priority
While Microsoft’s first quarter earnings announcement for fiscal 12 months 25president i CEO Satya Nadella stated that “we continue to prioritize safety above all else. Nadella continued: “For example, Security Copilot is used by companies across every industry, including Clifford Chance, Intesa Sanpaolo and Shell, to perform SecOps tasks faster and more accurately. We also help clients protect their AI deployments. Customers have used Defender to discover and secure over 750,000 Generation AI application instances; and used Purview to audit over one billion Copilot interactions to meet its compliance obligations.”
I’m writing my letter this 12 months annual reportNadella emphasized how critical security is to Microsoft’s future, stating that “security is the foundation of every layer of our technology stack.” Nadella emphatically writes: “We are strengthening efforts under our Secure Future Initiative by implementing our principles of Secure by Design, Secure by Default and Secure Operations. We are focused on continuous progress across the six pillars of the initiative: protecting tenants and isolating production systems; protect identities and secrets; protect networks; protect engineering systems; monitor and detect threats; and speed up response and remediation.
Nadella says, “As part of this commitment, all Microsoft employees now make security a ‘top priority,’ which holds each of us accountable for building secure products and services.”
Below is an excerpt from VentureBeat’s interview with Jakkal.
VentureBeat: Can you begin by sharing how Microsoft’s Secure Future Initiative (SFI) has modified the company’s approach to cybersecurity and culture?
Jackal: The “Safe Future” initiative. it’s greater than just technology – it’s transformation. With greater than 34,000 engineers involved in this effort, it is one of the largest engineering pushes in cybersecurity. We focus on being secure by design, secure by default, and secure in operation. But it is also about changing the way we think – security is now the responsibility of everyone at Microsoft, not only a dedicated team. This is how we make progress.
I think it is our job and responsibility to offer such platforms. I got here to Microsoft because of our mission and empowering everyone. I like security because I think it’s a good spot where everyone can make an impact. When we launched our Secure Future initiative last November, it was indeed intended to guard Microsoft and create a resilient Microsoft, but it was about much greater than that. It’s about securing the world in the age of artificial intelligence, creating equality, equity and opportunity for everyone to participate. Because when I walk around and I meet not only women, men, women, all types of individuals, all different facets, and they say, look, you’ll be able to have a great, meaningful profession connected to purpose. You can have a great profession.
VB: How does generative AI empower defenders and what role does Security Copilot play?
Jackal: I feel that Gen AI can be a game changer in this industry. Let me share some statistics with you. Three years ago, in 2021, we saw 567 identity-related attacks that were password-related attacks; that is a lot of attacks per second. The figure currently stands at 7,000 password-related attacks per second and over 1,500 cybercriminals tracked. Security Copilot helps level the playing field. It leverages Microsoft security data and OpenAI GPT models to simplify tasks, whether it’s analyzing incidents or automating reports. For early profession defenders, this improved speed by 26% and accuracy by 35%. For experienced professionals, it’s 22% faster and 7% more accurate. But the most important statistic for me? Over 90% of users said they wanted to make use of it again. This is what we call the “joy statistic.” This is why I like the AI gene, because I think this tool will make it easier for anyone to turn into a defender. And this, for me, is a game-changer.
VB: Could you describe in detail how exposure management and how the combination of artificial intelligence, human collaboration, and threat management organized under your latest exposure management direction will improve security operations center (SOC) operations?
Jackal: We have been marching towards what we call unified SOC or unified SecOps for several years. One of our visions is that defenders struggle when there are too many alerts. What I mean is that the noise-to-signal ratio is quite high. The idea behind our SOC was to take our enhanced detection and response capabilities, our XDR capabilities, which is really Defender, which is our tool, and leverage our SIEM capabilities, which is Sentinel, and mix them. So we have a unified dashboard, and exposure management actually suits in there because with our expanded detection response, so not only looking at endpoints, but also endpoints and identities, data security and cloud security, all those things, exposure management after it’s just integrated with it. So you’ll be able to switch to Defender and your SOC teams will have our exposure management capabilities, which can help your teams in the same way that threat protection tools help detect and respond. Our exposure management tools enable you map out all the potential paths that attackers take because I think defense is great, but I think the best defense is prevention.
VB: Why has Microsoft made exposure management a cornerstone of its proactive defense strategy?
Jackal: Attackers think in graphs, defenders think in lists or silos. Defenders have to think in terms of graphs. In the case of generational artificial intelligence, this is extremely vital and this is what exposure management is all about. We actively incorporate graphical features into our security products. Exposure management is our first product along with the AI gene in fact that takes advantage of those graphing capabilities. It also enables attack surface management and attack path evaluation for the first time, for example, looking at your digital estate the way an attacker would see your digital estate and starting to investigate all the potential paths and how an attacker could get through. We also have this cool thing where you’ll find bottlenecks. Are there multiple attack paths through one point and what does that seem like? And it takes advantage of those graph capabilities. We already have 70,000 tenants with exhibition management enabled. We work with an ecosystem of third parties because security is a team sport.
VB: How does exposure management enhance defenders’ capabilities inside a unified SOC?
Jackal: Exposure management suits perfectly into our vision of a unified security operations center (SOC). It combines tools like Defender for detection and Sentinel for response into one coherent system. By integrating exposure statistics, defenders gain a clear map of attack paths and threats. The idea is to make prevention as seamless as detection and response, giving defenders a single, actionable view.
VB: What role does diversity play in Microsoft’s cybersecurity vision?
Jackal: We talk about graphs, which are critical, and we talk about artificial intelligence, but ultimately cybersecurity is about people and enabling them to make use of these technologies so that we will change cultures. The Secure Future initiative, graph-based capabilities, AI Gen and all other initiatives are driving a powerful cultural transformation that is inclusive for everyone. I think you’ve got heard me say that safety ought to be for everyone and ought to be provided by everyone. And this is the goal we live by. Cybersecurity thrives on different perspectives because attackers are diverse and our defenders ought to be diverse too. It’s about creating opportunities and enabling everyone to be a part of the solution.
VB: How does Microsoft ensure AI tools are accessible and fair to defenders?
Jackal: Accessibility is key. We design tools like Security Copilot to be intuitive so that defenders of all skill levels can use them effectively. By democratizing advanced capabilities, we give even smaller organizations access to the same powerful tools as large enterprises.
Imagine how many people will have access to all these tools, regardless of who you are and wherever you are, you’ll be able to get began. And our attackers are quite diverse. Our world is quite diverse. So if our defenders do not reflect the diversity of our world, how can we expect to keep up the advantage? So I think these tools, whether it’s generative AI or a graph that we create, or a platform, will help us with that as well.
VB: What is your ultimate vision for Microsoft’s cybersecurity initiatives?
Jackal: Our goal is to empower defenders and build a safer digital world. With tools like Security Copilot and Exposure Management, we’re changing the way organizations approach cybersecurity, ensuring they stay ahead of evolving threats. It’s about ensuring everyone has access to cybersecurity and creating a resilient, inclusive future.