Mark Tauschek, vice president of research organizations and a prominent analyst at Info-Tech Research Group, sees a new class of Windows computers that use Copilot as a logical next step for Microsoft, especially given the rise of AI-enabled attacks.
“The only way to defend against an AI-enabled attack is an AI-enabled defense,” he said. “Using OpenAI on Azure and now Copilot, it makes sense for Microsoft to scale this to the edge using Copilot and small task-specific language models (SLMs) paired with a host of powerful ARM, x86, and GPU processors hundreds.”
But the proof will be in Microsoft’s execution — and iteration — of its Copilot+ strategy, Tauschek said, and CISOs would be wise to introduce PCs gradually.
“IT security leaders will undoubtedly need to explore Copilot+ PCs,” he said. “They will be manageable using existing Windows management tools, but until they are deployed and tested in an enterprise environment, the extent of the benefits will not be clear. I would expect rapid iterations and improvements on the software and OS side to harness the power of the hardware. No one will be getting all these PCs out of the gate, but I expect a lot of interest in proof of concept and small-scale test deployments. Over time, it will become the standard as PC refresh cycles allow. “
Software and OS protection
Removing legacy vulnerabilities is another way Microsoft is improving security with its latest announcements. NT LAN Manager (NTLM), the 1993-vintage network authentication and security protocol that still exists within Windows, for example, will be retired later this year. In addition, transport server (TLS) authentication certificates, which verify server identity, will no longer be trusted by Microsoft’s Trusted Root Program if their root-binding RSA encryption keys are shorter than 2048 bits.
For services that require high security, reliability, and performance, Microsoft adds virtualization-based security (VBS) to create a single secure environment to protect keys; feature is now previewed. VBS is also used to decrypt Windows credentials if the device does not have built-in biometrics. VBS enclaves are now available for third-party developers.
Source link