Microsoft’s new AI-powered Secure Future Initiative aims to assist governments, businesses, and consumers in combatting cybersecurity threats.
Microsoft has announced its first-ever Secure Future Initiative to improve cybersecurity protection. This initiative aims to assist government agencies, unsuspected users and organizations in tackling cybercriminals and state-sponsored hackers with advanced response measures.
There are three pillars of this initiative- incorporating artificial intelligence (AI) into cyber defence mechanisms, enhancing fundamental software engineering, and expanding the scope of collaboration between states to devise stricter and stronger cyber defence standards.
AI-based cyber defences
According to Microsoft, the future of cybersecurity is driven by artificial intelligence (AI). Therefore, the company is now heavily investing in innovative ways to detect and respond to cyberattacks.
Microsoft is planning to improve AI-based cyber defences in three key areas. These include threat intelligence, in which the company intends to use AI to detect/analyze cyber threats. Secondly, it will use AI to encourage analytical productivity by helping cybersecurity analysts to become more responsive.
Thirdly, the company will utilize AI for endpoint protection by offering real-time protection against cyberattacks on endpoint services, including phones, laptops, and servers. Moreover, the company is committed to securing AI in its services based on Responsible AI principles and building more powerful AI-based protection for governments, countries, consumers, and organizations.
Advances in fundamental software engineering:
Through this initiative, Microsoft aims to improve its software security. In this regard, the company is developing new security technologies and incorporating security mechanisms into every phase of software development. This also entails three areas of improvement.
Firstly, the company intends to develop a dynamic Security Development Lifecycle (dSDL) to integrate cybersecurity protection uninterruptedly to counter emerging threat patterns. It will encourage using AI-powered secure code analysis and GitHub Copilot to audit/test source code against advanced threats and offer secure default settings for MFA (multi-factor authentication) out-of-the-box.
Secondly, the company aims to strengthen identity protection against sophisticated attacks by introducing/applying the most advanced features and adopting a unified and consistent process that will verify and manage the identities and access rights of users, devices, and services across all platforms/products.
Another addition will be making these capabilities freely available to non-Microsoft application developers. Microsoft also intends to migrate to a fully automated consumer/enterprise key management system to ensure that keys remain inaccessible even when underlying processes are compromised. Furthermore, the company will cut cloud vulnerability mitigation time by 50%.
According to Microsoft’s blog post, the company wants to promote international cooperation on cybersecurity. This initiative also entails advocacy for stricter norms to provide enhanced protection to innocent users against cyber threats.
To ensure this, Microsoft is calling for a new international standard that would make it illegal for governments to plant malware or create/exploit cybersecurity vulnerabilities in critical infrastructure providers’ networks. This new norm would recognize cloud services as critical infrastructure protecting against attacks under international law.
“We need governments to do more together to foster greater accountability for nation-states that cross these red lines,” the company noted.