Guided Response, a feature in Microsoft Defender XDR that uses Copilot to guide analysts step by step through investigations and responses, is getting a major upgrade with the introduction of TITAN recommendations.
According to Neowin, Microsoft wants to use TITAN to provide security analysts with real-time recommendations based on threat intelligence. This will enable analysts to better prepare for attacks before they occur.
TITAN is an adaptive threat intelligence graph that uses data from both internal and external sources and employs techniques such as guilt-by-association. This alerts analysts to IP addresses that may be dangerous due to their link to known malicious addresses.
TITAN complements the existing Security Copilot Guided Response and does not replace it. With this additional tool, analysts can better defend against ever-changing threats.
According to Microsoft, TITAN represents a new phase of innovation in threat intelligence. The technology introduces a real-time, adaptive threat graph that collects data from sources including Microsoft Defender for Threat Intelligence, Microsoft Defender for Experts, and user feedback.
The graph uses association techniques to flag unknown devices as threats if they are linked to known malicious entities. This gives analysts the opportunity to intervene in a timely manner and prevent damage.
To identify potential threats, Microsoft uses a method that assigns reputation scores to nodes based on the scores of their neighbors. These reputation scores enable Microsoft’s unified security platform to implement containment and remediation measures through attack disruption.
Titan in Guided Response
The new TITAN recommendations now appear in Guided Response as suggestions for triage and containment. When a suspicious IP address is detected, a recommendation is automatically generated within Guided Response. These help analysts deal with various threats such as IP addresses, IP ranges, and email senders.
Microsoft said initial tests are promising. TITAN improved triage accuracy in Guided Response by 8%, reduced the time needed for investigation and response, and the clear recommendations gave analysts more confidence in their actions.
As threats become more sophisticated, TITAN will help address them before they actually manifest.