You could call specialty materials manufacturer Eastman an idea company. It protects a trove of sensitive IP detailing formulae and processes. In an age where cybercrime constantly threatens forward-thinking companies like Eastman, fielding a top-level security team is paramount to business continuity and success. But finding the people with the right skills is one of the biggest challenges facing security managers today. Always the innovator, Eastman is discovering the potential of AI tools to bring junior security staff up-to-speed faster and save precious time for even the most senior staff members as well. Soon after rolling out Microsoft Copilot for Security, Eastman began to realize the benefits of accelerated upskilling, step-by-step guidance for response, and faster threat remediation.
Safeguarding the “tomorrow” ideas everyone envies
Eastman constantly asks, “What if…?” Chances are that you’ve enjoyed some of its everyday household items made from Eastman materials. Maybe you’ve worn clothing made from Eastman cellulose fabrics. Millions of people around the world depend on Eastman products across the agriculture, personal care, transportation, textile, and consumer goods markets.
Apart from the trove of intellectual property that underpins Eastman’s Fortune 500 ranking, the company relies on a vast global network of suppliers and other relationships. The data from that dynamic network and sizeable IP translate to a significant attack surface. The stakes are high. “As a globally distributed company, we influence the world’s economy,” explains Adam Keown, Chief Information Security Officer at Eastman. “Whether it’s transportation, supply chain, the circular economy, or our work to help make a better world, we have an impact. And our customers, employees, and shareholders rely on us to ensure that the business endures.” The exposure never stops, whether from third-party activities or law firms handling Eastman data. And cybercrime continually evolves.
The dearth of skilled cybersecurity staff and the dynamic threat landscape calls for creativity on the part of security executives like Keown. By adopting Microsoft Copilot Security as part of its Microsoft Security solutions tool set, his teams are achieving faster upskilling of junior staff and an enhanced overall security posture.
Sharing new ideas, enriching cybersecurity
Given the tremendous scope of responsibility borne by Eastman security teams, one might suppose that its Global IT Security Architecture Manager, Ahmet H. Baysal, approaches the workday with a certain amount of trepidation. He begs to differ. “I actually sleep well most nights,” he insists. Baysal knows that his highly skilled team can handle the rigors of protecting a 24-hour, seven-day-a-week operation extending across about 100 countries and a multicloud environment with extensive on-premises infrastructure. The team uses Microsoft Defender solutions to protect workloads across the productivity apps in its Microsoft 365 E5 license. The Defender suite offers comprehensive threat prevention, detection, and response capabilities.
Baysal was pleased to have the team be a Microsoft design partner for Copilot for Security in early 2023. “Our cybersecurity requirements are shared by nearly every S&P 500 company,” he says. “We were amazed at how quickly the Microsoft team provided the base solution.” Baysal details the list his team provided: a way to expand the team’s skills to avoid adding a new person for its growing workloads, upskilling junior analysts, reducing incident response times, and accelerating playbooks for phishing and other threat types. “We believe that using Copilot for Security is going to get us to the next level of cybersecurity opportunity,” Baysal adds. “We’ll be able to better serve our customers and enhance our data protection.”
Upskilling the entire security team with a dynamic AI tool
Speed is not negotiable for security teams. “We work in a world where every second matters,” says David Yates, Senior Cybersecurity Analyst at Eastman. “Attackers can move very quickly, so we need to understand how the attack is being deployed and where. Efficiency is crucial.” A multinational company’s global reach complicates mitigation. “If you focus on a single attack, you could miss the fact that there are 20 others in different geographies going on at the same time,” he adds. Keown adds the long view: “In order to keep up, we have to automate more,” he explains. “We have to get more efficient, and we have to train more people because the cybertalent gap is so wide.”
Early in the Copilot for Security design process, Yates and his team identified the critical skill of Kusto Query Language (KQL) coding as an apt activity for Copilot for Security acceleration. Writing KQL queries to cut through large amounts of security incident data from applications like Microsoft Defender for Endpoint and Microsoft Defender for Identity to quickly identify the scope and potential impact of an incident is an essential skill for security analysts. But learning KQL takes time. That’s why Yates is encouraged by the support that junior security staff get from Copilot for Security, which makes it easy for them to produce KQL code at scale from simple natural language prompts.
Eastman’s approach, Yates says, is to ensure new analysts don’t depend entirely on the tool. But Copilot for Security gives them fast insights into how the code is structured and helps them develop skills rapidly. “We’re seeing our junior analysts skill up faster in KQL and perform much closer to par with senior analysts with Copilot for Security,” he says. Yates also appreciates the time he gains for his own threat detection work and for high-level collaboration when those junior analysts learn from Copilot for Security output rather than relying on senior team members. For Baysal, the ability to shift some of the technical burden to a generative AI tool has other pluses. “Diversity is prized at Eastman,” he says. “The AI capabilities in Copilot for Security make it possible for us to benefit from a team with a wide range of backgrounds and perspectives.”
Yates enjoys the fact that no two days are alike in a security operations center (SOC). That means sometimes coloring outside the lines. “Not everything responds to a cookie cutter approach,” he says. “I’m finding that I can ask Copilot for Security about attack factors that I’ve never seen before and get answers much faster. That helps me to make a better decision and respond faster to an attacker.”
Accelerating XDR with innovative Copilot features
The Eastman security team uses the threat intelligence enrichment feature in Copilot for Security to trace security incidents to specific IP addresses, relating numerous clues that may at first seem random and unconnected to expose a larger threat. “Previously, the threat intelligence enrichment in Copilot for Security would have been very expensive for us,” declares Yates. “Having it natively integrated into Copilot for Security is invaluable. We use it to identify an attacker launching numerous threats so that we can create a larger campaign to stop that actor.”
Yates also applauds the script analyzer capability in the tool. His team uses it to analyze PowerShell commands line by line to gain a fast understanding of a particular script. If an analyst doesn’t grasp the purpose of a given script, he says, they can’t determine whether it’s malicious or not. “The script analyzer capability helps us to understand legitimate business scripts that trip alerts,” adds Yates. “It helps us to help the rest of the company stay productive by preventing us from stopping a necessary process, and it helps less experienced staff read and understand code.”
For Eastman security teams, the magic lies in speed and efficiency. “The biggest value, to me, is that everything is in a single location—Microsoft tooling covers your endpoints, identities, email, and cloud all in one place,” explains Yates. “I only sign in to one portal to do my job, not 12.”
Keown can attest to how those capabilities inspire his SOC team. “I enjoy the passion I see ignited in our teams,” he says. “That means a more productive, effective team. The speed at which we’re able to use Copilot for Security to pull threat information across time zones and extensive geographies is a huge advantage.”
“We do a lot of things right; we follow security best practices, we have good people,” concludes Yates. “I think that with Microsoft Copilot for Security, we’re just faster and better at what we were already doing well.”
“The speed at which we’re able to use Copilot for Security to pull threat information across time zones and extensive geographies is a huge advantage.”
Adam Keown, Chief Information Security Officer, Eastman
Follow Microsoft