Microsoft expands Incident Response Retainer service; unveils AI-driven security product

Organizations that lack the resources to build their own incident response programs can now pay Microsoft for highly specialized response and recovery services if they're hit with a cyber attack. The software giant announced March 27 that it’s expanding general availability of its Microsoft Response Retainer service, which provides prepaid blocks of hours for incident response and recovery.

The service, designed to work with cyber insurance vendors, is contracted on an annual basis and the retainer hours can be used for proactive and reactive services, Microsoft wrote on its security blog.

Microsoft is partnering with over 30 different providers, and the retainer service includes a security delivery manager to schedule services throughout the year of the contract, as well as incident response during an attack, threat investigations, recovery and employee readiness testing.

Cyber incidents cost companies that are unprepared to respond to a cyber incident an average of $4.3 million in 2022, compared with $3.05 million for organizations with incident response and AI automation, according to Microsoft. The average breach in just the U.S. is even more expensive, $9.44 million, while recovery was only $1.3 million.

Companies with proactive measures also detected breaches more quickly (249 days) than those without support (323 days). According to the FBI’s recently released 2022 Internet Crime Report, the potential loss reported to its Internet Crime Complaint Center increased to over $10.2 billion from $6.9 billion in 2021, despite a slight decrease in the number of reported complaints.

Microsoft unveils AI-driven security product
In a separate announcement at its inaugural Microsoft Secure event on March 28, the company unveiled Microsoft Security Copilot, an AI-driven security product incorporating OpenAI’s GPT-4 generative AI. The new product integrates with Microsoft’s end-to-end security products and incorporates more than 65 trillion threat signals the company receives daily.

“Microsoft Security Copilot is the first security product to enable defenders to move at the speed and scale of AI,” wrote Microsoft’s Vasu Jakkal, corporate vice president for security, compliance, identity and management, on its blog. “Security Copilot combines this advanced large language model (LLM) with a security-specific model from Microsoft.”

In a video included with the announcement, Microsoft's director of security research said a coworker asked Copilot to reverse engineer a malicious PowerShell script to explain step-by-step what it did in a way “pretty much anyone could understand,” said Holly Stewart.

“When I saw that Security Copilot could do something like this, it felt like a game-changing moment in our industry,” she continued.