Dow’s 125-year legacy: Innovating with AI to secure a long future

August 12, 2025 TH Author

Founded more than 125 years ago, Dow has demonstrated a commitment to leveraging science to make the world a better place. Today, Dow’s ambition to be the most innovative, inclusive, and sustainable materials science company is supported by a global security team dedicated to keeping employees, customers, and vast volumes of data safe and secure.

Dow’s security team, led by Chief Information Security Officer Mario Ferket, proactively covers everything from governance, risk, compliance, identity and access management, and information protection to data privacy while their team continues to mature and grow. With this comes a partnership with Microsoft Security using tools including Microsoft Security Copilot.

Microsoft recently spoke with Ferket on Dow’s approach to AI in security, establishing a responsible AI team, and how Security Copilot is acting as a mentor within their apprentice program.

MICROSOFT: How has your security team evolved in the past few years to incorporate AI into your business?

FERKET: AI at Dow is being viewed as a significant business enabler to better serve our customers with innovative and sustainable products. To use AI in a responsible way, we partnered with our Enterprise Data and Analytics team, Legal, and other departments to establish a responsible AI team.

This team was tasked with defining a set of principles as well as creating an acceptable use policy for generative AI as we rolled out Microsoft Copilot in the company. Beyond that, the new cross-functional team has been looking at the new risks associated with the use of AI and how to protect ourselves, our data, and our customers. The team is also exploring how AI can be leveraged to enhance our security operations and use “AI to fight AI” in instances in which AI is potentially used with malicious intentions.

Pictured: Mario Ferket, Chief Information Security Officer, Dow

MICROSOFT: How is AI being integrated into Dow’s security efforts, and what specific capabilities are you leveraging?

FERKET: Our team is leveraging several AI- and machine learning-enabled capabilities to better detect and remove phishing emails, potential business email compromise (BEC) instances, and other malicious content sent to Dow through email.

For well over a year, we have been working with Microsoft in a design partnership to leverage Security Copilot as a key tool in the Dow Cyber Security Operations Center (CSOC). Given the sophistication and speed of cyberattacks, our original need was to eliminate repetitive manual tasks through automation and move to more automated interventions. This allows the team to spend more time on proactive activities. We are also using Security Copilot for threat hunting augmentation, automated incident summarization, and ticket enrichment by pulling indicators from intelligence services to provide context to the tickets being investigated, and generating queries to support threat hunting activities. We’ve found that this helps eliminate labor-intensive activities.

MICROSOFT: What impact has AI had on your team, and do you have any lessons learned from integrating AI into your security operations?

FERKET: Once the initial learning curve of Security Copilot was passed, the Dow CSOC quickly identified quick wins for leveraging the tool. It is now common in any investigation to hear the phrase “Have you asked Copilot?” for a wide variety of situations.

In the past, our Dow CSOC relied on extensive institutional knowledge within the team to know what “good” and “bad” looked like. Being able to query Security Copilot in natural language helps the team to quickly identify relevant information and act on it. The ability to leverage Security Copilot helps analysts to focus more on investigations and less on sifting through data. Before this level of automation, a member of my security team would have to manually source data from several sources to draw correlations and conclusions during an investigation. Now, when an alert trips, Security Copilot enriches alerts with contextualized data to support investigations. By using Security Copilot for incident summarization and enrichment, natural language search, and automation, the CSOC can decrease the time between when an alert fires and when action is taken.

Both Microsoft 365 Copilot and Security Copilot have become integral to the day-to-day operations of the CSOC, with analysts querying the tool several times a day for many reasons, ranging from data interpretation to ticket enrichment. Security Copilot enriches tickets with relevant data, cutting down the amount of time spent collating data. It has helped the Dow CSOC to automate the menial tasks of security investigations, allowing our more senior analysts to focus on proactive defensive measures. Our team has been surprised by how quickly we adopted the new capabilities and integrated them into our standard processes.

Within Dow, we also have an apprentice program with individuals from diverse backgrounds who are very often non-IT trained. Traditionally, it would take upwards of up a year of on-the-job training and job-shadowing of senior analysts for one of these apprentices to become “full” members of the team. Now, these apprentices can use Security Copilot as a “virtual mentor” for topics such as query building or learning the cyberthreat landscape, drastically decreasing the ramp time required for the apprentice to be productive and ensuring that senior analysts are able to focus on proactive defense.

MICROSOFT: What are the future directions and innovations you are considering in the field of AI and security, and how do you plan to implement them?

FERKET: Looking ahead, we’re exploring the use of advanced AI-powered capabilities to enhance detection of anomalies and patterns across large-scale telemetry. We’re also evaluating ways to streamline rule management through intelligent automation, aiming to reduce the manual overhead for our analysts. Another area of interest is dynamic prioritization of alerts, where contextual signals and threat intelligence can help refine response urgency. As always, we remain vigilant about the evolving use of AI by malicious actors and continue to assess its broader implications on the threat landscape.

MICROSOFT: What advice would you give to other security teams starting their AI journey?

FERKET: Be agile, but focused. AI is undoubtedly changing the cyber defense landscape, with many emergent tools being released regularly. It is easy to get lost in the “art of the possible” when it comes to AI tooling. Organizations starting their AI journey should be mindful of their core business objectives, the limitations of current AI capabilities, and be ready to pivot as things change rapidly. For the Dow CSOC, AI is seen as a great augmentation to help analysts be more effective and spend time on what really matters.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.