Icertis cuts SOC incidents by 50% with Defender for Cloud

Icertis supports customers in regulated industries and needed to further scale security resources to help protect sensitive contract data and generative AI workloads.

It deployed Microsoft Defender for Cloud, Microsoft Sentinel, Microsoft Purview, and Microsoft Entra to help protect generative AI applications, fueled by Azure OpenAI in Foundry Models, and enforce compliance.

Icertis saw a 50% drop in SOC incident volume, 80% faster alert triage, and scalable security operations that passed audits.

Meeting the challenge of sensitive contract data in an AI-driven future

Contracts form the backbone of business, connecting organizations with trust and accountability. Almost every customer, supplier, and partner relationship worldwide is captured in a contract. Icertis, a global leader in contract intelligence, reimagines how businesses manage these relationships to grow revenue, help control costs, mitigate risk, and help ensure compliance.

Icertis recognized that using AI for contract intelligence would require new approaches to security and compliance. The company launched the industry’s first generative AI applications for enterprise contracting with a suite of applications built on Microsoft Azure OpenAI in Foundry Models. These applications help customers extract clauses, assess risk, and automate contract workflows. The company soon launched Vera, a next-generation AI technology that includes Copilot agents and analytics tailored for contract intelligence.

“Contracts contain highly sensitive business rules and arrangements. As a longtime Microsoft partner, Icertis uses Microsoft technology to help ensure our use of generative AI maintains the highest level of data security and trust for our customers.”

Rajan Venkitachalam, CVP of Public Sector and CISO, Icertis

Rajan Venkitachalam, CVP of Public Sector and Chief Information Security Officer at Icertis, says, “Contracts contain highly sensitive business rules and arrangements. As a longtime Microsoft partner, Icertis uses Microsoft technology to help ensure our use of generative AI maintains the highest level of data security and trust for our customers.”

Innovation brought complexity. Generative AI introduced new risks such as prompt injection and jailbreak attacks, hallucinations, and governance gaps. Icertis required a solution to help secure AI workloads, enforce compliance, and scale efficiently, without increasing headcount.

“We operate in multiple regulated industries and undergo frequent audits,” says Subodh Patil, Principal Security Architect at Icertis. “Our challenge was to maintain continuous compliance across more than 300 Azure subscriptions, while supporting rapid deployments and AI experimentation.”

Icertis turned to Defender for Cloud, a cloud-native application protection platform (CNAPP) that aligned with its architectural model and operated seamlessly with its existing Microsoft ecosystem. Defender for Cloud offers comprehensive AI posture visibility with risk reduction recommendations and attack paths, along with greater threat protection for AI applications with contextual evidence. These safeguards are critical for preserving generative AI applications.

“We use Defender for Cloud to monitor Azure OpenAI deployments, detect malicious prompts, and enforce security policies. It’s our first line of defense against AI-related threats.”

Subodh Patil, Principal Security Architect, Icertis

“We use Defender for Cloud to monitor Azure OpenAI deployments, detect malicious prompts, and enforce security policies. It’s our first line of defense against AI-related threats,” explains Patil.

Built-in regulatory frameworks like ISO 27001, SOC 2, and NIST 853 help to ensure compliance across all subscriptions. Azure policies block public endpoints and fix policy drift, while multicloud connectors provide visibility into AWS.

Accelerating security operations with AI agents

Security Copilot agents have transformed Icertis’s security operations center (SOC). Custom agents summarize high-priority alerts, reducing manual triage time from 60 minutes to just 15 minutes, a 75% reduction.

Tarun Singh, Information Security Analyst at Icertis, notes, “Security Copilot compresses our investigation workflow by correlating signals across a comprehensive suite of Microsoft security and compliance tools, presenting a unified timeline and recommended actions.”

In one real-world phishing incident, Security Copilot helped the team identify a malicious domain, revoke sessions, enforce multifactor authentication, and reset passwords—all within minutes. The impact was clear: faster response, fewer errors, and stronger security posture across the environment.

Developers also benefit from the ability of Security Copilot to generate KQL queries from natural language. This feature helps them learn query syntax and more effectively navigate security information and event management (SIEM) and extended detection and response (XDR) environments. As a result, onboarding accelerates and engineers gain the confidence to investigate threats independently.

“Security Copilot compresses our investigation workflow by correlating signals across a comprehensive suite of Microsoft security and compliance tools, presenting a unified timeline and recommended actions.”

Tarun Singh, Information Security Analyst, Icertis

Scaling more securely with 50% fewer incidents

The results speak for themselves. Icertis’s SOC incident volume dropped by 50%. Mean time to resolution fell from 40 to 25 minutes, and alert triage time was cut by up to 80%. These efficiencies help the company scale its regulated business while strengthening security protocols.

“Success for us means no security incidents and more time for engineering,” says Singh. “Automation lets us focus on longstanding priorities instead of manual alert review.”

At Icertis, securing sensitive contract data is business-critical. With Microsoft Purview, the company seamlessly governs data across regions and environments, automatically classifying and encrypting files. It also enforces conditional access and blocks unauthorized activity from unmanaged devices. This consistent, automated coverage helps ensure compliance without slowing down the pace of innovation.

To proactively detect threats across its software as a service (SaaS) and generative AI ecosystem, Icertis relies on Microsoft Sentinel. By correlating insights from Microsoft Defender for Cloud Apps (formerly Cloud App Security) and other sources, Microsoft Sentinel gives Icertis’s security teams a unified view of threats. This view delivers high-fidelity alerts and actionable insights that strengthen response across Icertis’s digital estate.

Icertis governs access control through Microsoft Entra, where Zero Trust is a daily reality. No user is granted default access. Instead, roles must be explicitly requested, justified, and approved before being provisioned in production. Risk-based identity monitoring flags anomalies like impossible travel or token misuse, triggering automated remediation that helps protect the integrity of Icertis’s identity perimeter.

Governing generative AI and SaaS applications

As generative AI applications proliferate, Icertis uses Defender for Cloud Apps to discover, classify, and help control web apps. The solution assigns security scores, blocks low-scoring apps, and interoperates with Microsoft Sentinel and Defender Threat Intelligence to enhance detection and response. Combining it with Microsoft Purview and Entra, Icertis gains more granular control over data movement and user behavior.

Patil explains, “Defender for Cloud Apps helps us evaluate shadow IT GenAI apps and decide whether to sanction their use. It’s essential for maintaining governance and compliance.”

Embedding security into the Icertis DNA

Security at Icertis is a core feature, not an afterthought. The company embeds Secure by Design principles into its product lifecycle, with early threat modeling, risk assessments, and architectural reviews. This approach supports long-term resilience and accelerates delivery.

“We treat security and quality as core features. Our approach builds protection into every layer, supporting what matters most: lasting customer trust,” says Venkitachalam.

Internal training programs and AI literacy initiatives help employees use generative AI tools more securely. The Icertis AI Policy encompasses a set of principles grounded in the company’s FORTE values, coupled with a governance process, to ensure employees follow these principles as Icertis designs and deploys AI.

“Defender for Cloud helps us be more proactive, identify attack paths, and harden workloads before they’re exploited.”

Subodh Patil, Principal Security Architect, Icertis

Technology roadmap: What’s next for Icertis

Icertis continues to invest in AI-powered contract intelligence, with plans to extend Defender for Cloud capabilities across the Vera suite. The company is exploring malware scanning as a service, helping customers detect threats in uploaded documents before they reach production.

To support these forward-looking initiatives, Icertis is strengthening its development practices. Developers configure Microsoft Defender for Containers into continuous interoperation and continuous delivery (CI/CD) workflows. As a result, they can scan Python-based container images for vulnerabilities before deployment. This helps ensure secure code delivery and reduces the risk of run-time exploits.

Patil says, “Defender for Cloud helps us be more proactive, identify attack paths, and harden workloads before they’re exploited.”

By continuously evolving its security strategy and investing in new technologies, Icertis is redefining more secure AI innovation, driven by the Microsoft unified security stack. It is leading the industry beyond contract protection toward a new standard of digital trust.

Discover more about Icertis on LinkedIn and YouTube.