Icertis reduced its SOC incident volume by 50% and significantly improved response times by standardizing on Microsoft’s unified security stack. Key results: - 50% drop in SOC incident volume - Mean time to resolution reduced from 40 minutes to 25 minutes - Alert triage time cut by up to 80% How they achieved this: 1. **Defender for Cloud as a CNAPP foundation** Icertis adopted Microsoft Defender for Cloud as its cloud-native application protection platform. This gave the team unified visibility into AI workloads, Azure OpenAI deployments, and broader cloud resources, along with recommendations to reduce risk and identify attack paths. 2. **Security Copilot agents in the SOC** Icertis deployed Security Copilot agents to assist analysts. Custom agents summarize high-priority alerts and correlate signals across Microsoft security and compliance tools. This reduced manual triage time from about 60 minutes to 15 minutes per incident (a 75% reduction) and helped analysts respond faster with fewer errors. 3. **Integrated SIEM and XDR with Microsoft Sentinel** By using Microsoft Sentinel as a central SIEM, Icertis correlates data from Defender for Cloud, Defender for Cloud Apps, and other sources. This produces higher-fidelity alerts and a unified view of threats across SaaS, generative AI, and cloud environments. 4. **Automation and guided investigations** Security Copilot and Sentinel provide recommended actions, automated workflows, and KQL query generation from natural language. This not only speeds investigations but also helps new engineers onboard faster and investigate threats more independently. Together, these capabilities allowed Icertis to scale its security operations without adding headcount, while maintaining the level of rigor needed for customers in regulated industries.

Icertis secures sensitive contract data and generative AI workloads by combining several Microsoft security and compliance solutions into a unified approach. Core components: 1. **Microsoft Defender for Cloud** - Acts as the primary cloud-native application protection platform (CNAPP). - Monitors Azure OpenAI deployments used in Icertis’s generative AI applications (including the Vera suite and Foundry Models). - Detects malicious prompts, prompt injection attempts, and other AI-related threats. - Enforces security policies, blocks public endpoints via Azure policies, and helps maintain compliance across more than 300 Azure subscriptions. - Provides AI posture visibility, risk reduction recommendations, and attack path analysis. 2. **Microsoft Purview** - Governs data across regions and environments. - Automatically classifies and encrypts files containing sensitive contract information. - Enforces conditional access and blocks unauthorized activity from unmanaged devices. - Helps Icertis maintain compliance without slowing down product development and AI experimentation. 3. **Microsoft Entra (Identity and Access Management)** - Implements a Zero Trust model where no user has default access. - Roles must be explicitly requested, justified, and approved before being provisioned in production. - Risk-based identity monitoring flags anomalies such as impossible travel or token misuse and triggers automated remediation. 4. **Microsoft Sentinel and Defender for Cloud Apps** - Sentinel correlates signals from Defender for Cloud, Defender for Cloud Apps, and other tools to provide a unified threat view. - Defender for Cloud Apps discovers, classifies, and controls SaaS and generative AI web apps, assigns security scores, and blocks low-scoring or unsanctioned apps. - This combination helps Icertis govern shadow IT GenAI apps and maintain governance and compliance. 5. **Secure development and container security** - Developers integrate Microsoft Defender for Containers into CI/CD workflows. - Python-based container images are scanned for vulnerabilities before deployment, reducing the risk of runtime exploits. By integrating these tools, Icertis can protect highly sensitive contract data, secure its generative AI applications, and meet the expectations of customers in regulated industries while continuing to innovate on AI-driven contract intelligence.

Icertis maintains compliance and governance at scale by combining built-in Microsoft regulatory frameworks, strong identity controls, and structured internal processes. Key elements of the approach: 1. **Built-in regulatory frameworks in Defender for Cloud** - Icertis uses Defender for Cloud’s built-in regulatory standards such as ISO 27001, SOC 2, and NIST 800-53. - These frameworks are applied across more than 300 Azure subscriptions to continuously assess compliance posture. - Azure policies help block public endpoints, correct policy drift, and maintain consistent security baselines. - Multicloud connectors extend visibility into AWS, supporting a broader compliance view. 2. **Governance of SaaS and generative AI applications** - Defender for Cloud Apps discovers and classifies web and GenAI applications in use across the organization. - It assigns security scores, blocks low-scoring or unsanctioned apps, and integrates with Sentinel and Defender Threat Intelligence for better detection and response. - This helps Icertis evaluate shadow IT GenAI apps and decide whether to sanction or restrict their use. 3. **Zero Trust identity and access control with Microsoft Entra** - No default access is granted; roles must be explicitly requested, justified, and approved. - Risk-based identity monitoring detects anomalies like impossible travel or token misuse and triggers automated remediation. - This protects the identity perimeter, which is critical for access to sensitive contract data and AI workloads. 4. **Data governance with Microsoft Purview** - Purview automatically classifies and encrypts sensitive data across regions and environments. - Conditional access policies and controls on unmanaged devices help prevent unauthorized data movement. - This supports compliance requirements without slowing innovation. 5. **Security-by-design culture and AI governance** - Icertis embeds Secure by Design principles into its product lifecycle, including early threat modeling, risk assessments, and architectural reviews. - Internal training and AI literacy programs help employees use generative AI tools securely. - The Icertis AI Policy, grounded in the company’s FORTE values, defines principles and governance processes for designing and deploying AI. By combining Microsoft’s unified security stack with disciplined internal practices, Icertis can support frequent audits, operate in multiple regulated industries, and continue to reimagine contract intelligence with generative AI while maintaining a strong compliance posture.