Celonis, Uniper & Microsoft drive AI-powered energy overhaul
The arrangement will support Uniper in achieving greater transparency in its business processes and facilitate AI-driven automation and end-to-end process orchestration across the company.
Leveraging Microsoft Copilot Studio and Power Automate, in conjunction with Celonis Process Intelligence, Uniper intends to implement artificial intelligence solutions company-wide, enabling the adoption of new technology-driven processes for broader operational gains.
Damian Bunyan, Chief Information Officer at Uniper, commented, "The energy industry is facing major challenges, and we want to be a pioneer in digital transformation. The powerful combination of Microsoft's AI technologies with Celonis' process intelligence lets us identify value-driving AI use cases, intelligently automate workflows, and track performance gains. Thanks to this strategic collaboration, we can optimise our operations, empower our employees, and deliver greater value to our customers."
Bastian Nominacher, co-founder and co-CEO of Celonis, stated, "AI is only as effective as the data and context it feeds on. Celonis provides the process data and business context that gives AI the understanding it needs to drive meaningful business transformation and real value. Together with Microsoft, we're enabling Uniper to drive tangible results."
Celonis will deliver its system-agnostic process intelligence platform as part of the collaboration. This platform creates a process-centric data foundation, which is key for developing agents using AI platforms such as Microsoft Copilot Studio and is now integrated with Microsoft Fabric to enhance interoperability and data availability.
Microsoft will contribute its AI technology and its ability to scale AI deployment rapidly, supported by its productivity suite that includes Microsoft Teams, Microsoft Power BI, and Power Automate. Uniper has been recognised as an early adopter, applying the joint capabilities of Celonis and Microsoft in real-world, high-impact AI use cases with results intended to act as an example within the global energy industry.
Charles Lamanna, Corporate Vice President for Business and Industry Copilot at Microsoft, said, "The next generation of AI requires deep reasoning grounded in enterprise data and business processes. By combining Celonis Process Intelligence with Microsoft Copilot Studio and Microsoft AI, we are enabling companies to build intelligent solutions that deeply understand and optimise business operations. Uniper is a great example of how this powerful combination can accelerate transformation, unlock significant value, and help companies lead their industries forward."
Uniper's involvement with Celonis began five years ago, focusing on operational excellence within its global energy operations. To date, Uniper has deployed Celonis across 27 business processes, connecting to eight source systems, and involving over 350 active users throughout the company.
Reported operational improvements from Uniper's use of Celonis technology cover areas such as plant maintenance, human resources, hydro power operations, IT service management, energy sales and technology, financial services, and internal audit. Among key achievements, Uniper has optimised its plant maintenance processes to ensure workplace safety and compliance, thereby reducing risk and supplier waiting times.
Within HR, Uniper has improved the recruiting process for managers by reducing the time to hire and optimised the candidate experience through the deployment of automated notifications. Business reporting in the hydro power segment was made more timely, decreasing operational costs and improving supplier steering.
IT service management was enhanced to allow more efficient supplier steering and faster incident response. In energy sales and technology operations, Uniper shortened proposal management cycles, while automating daily and timely reporting in financial services and optimising opportunities for cash discounts. Meanwhile, the internal audit department benefited from support for its "Trusted Advisor" and data-driven eAudit approach.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
5 hours ago
- Techday NZ
Major rise in global email impersonation threats
Barracuda Networks threat analysts have identified a new wave of sophisticated email-based threats targeting organisations globally, with a range of phishing campaigns leveraging phishing-as-a-service (PhaaS) kits to evade detection. Among the key threats observed in July are credential phishing attacks impersonating well-known business services, including Autodesk Construction Cloud, Zix Secure Message Centre, and RingCentral. These campaigns are increasingly designed to bypass standard security controls and target a wide range of sectors, from healthcare and finance to legal, government, and corporate environments. Autodesk Construction Cloud impersonation The Autodesk Construction Cloud, widely used for collaboration within the construction industry, has been used as a vector for phishing attacks involving the Tycoon PhaaS kit. In these incidents, attackers impersonate trusted executives and send official-seeming project notifications, directing recipients to Autodesk-hosted pages with links to download ZIP files. The contained HTML file launches what appears to be a standard CAPTCHA screen, followed by a spoofed Microsoft login page designed to harvest credentials. Toll violation phishing scam targets US drivers Another scam identified involves fraudulent notifications about unpaid tolls, aimed at drivers in the United States. Victims receive urgent messages via text, email, or phone calls, appearing to originate from legitimate toll agencies. These messages create a sense of urgency, threatening suspension or legal action if payment is not made. Recipients who respond are directed to fake websites that request sensitive information such as licence plate numbers and credit card details, exposing them to financial loss or identity theft. Zix Secure Message Centre phishing campaign This campaign mimics the Zix Secure Message Centre, an encrypted email service that is popular with organisations in healthcare, finance, legal and government sectors. Victims receive an email about a supposed secure message, with a link to click to view it. The link takes users to a fake Zix page where they are asked to enter their email. They are then redirected to a fraudulent Microsoft login page designed to steal credentials. The campaign is effective because it closely replicates Zix's real workflows and branding, making it hard for recipients to spot the deception. Organisations using email encryption services like Zix and Microsoft 365 are particularly at risk. This demonstrates attackers' ability to closely replicate the look and feel of established workflow and branding, making it challenging for recipients to discern illegitimate communications. RingCentral voicemail phishing with EvilProxy Barracuda's analysts have also uncovered a campaign where attackers impersonate RingCentral, a widely used business communication service. Victims receive apparent voicemail notifications with personalised details, encouraging them to click a playback button. The link initiates multiple redirections - first to a known newsletter provider, then onwards to legitimate cloud hosting, and finally to a verification step - before concluding at a phishing site hosted by the EvilProxy PhaaS kit. This attack is designed to bypass detection and steal Microsoft credentials, including those protected by two-factor authentication. Other notable threats Researchers identified further examples of credential theft and phishing tactics involving the Gabagool PhaaS kit, which exploits the file-sharing capabilities of the platform by delivering phishing links within harmless-seeming PDF attachments. Meanwhile, campaigns were seen combining Microsoft SharePoint and Copilot branding to create believable 'Document shared' notifications, and using LogoKit with Roundcube webmail for password expiry deception. The Tycoon PhaaS kit has also been distributed in campaigns disguised as legitimate business documents, such as 'Project Victims are led through multiple intermediate webpages to conceal the attack's intent, eventually landing on phishing sites where credentials are harvested. Mitigation and protection Barracuda advocates for multilayered security measures and employee awareness training to counter these evolving threats. The company states its Email Protection suite includes features such as Email Gateway Defence against phishing and malware, Impersonation Protection for social engineering attacks, Incident Response, and Domain Fraud Protection. It also provides Cloud-to-Cloud Backup and Security Awareness Training. According to Barracuda, the solution combines artificial intelligence and deep integration with Microsoft 365 to help guard organisations from highly targeted phishing and impersonation attacks.
Techday NZ
4 days ago
- Techday NZ
Microsoft SharePoint zero-day flaw prompts urgent global response
Organisations around the world are racing to mitigate the impact of a critical zero-day vulnerability in Microsoft's SharePoint server software, which has already been implicated in a series of significant security breaches and is being actively exploited by threat actors, including alleged Chinese nation-state groups. The flaw, catalogued as CVE-2025-53770, was revealed last week after several cyber security researchers, including Microsoft and Google's Threat Intelligence Group, published emergency advisories. Microsoft has clarified that the vulnerability affects only on-premises versions of SharePoint. SharePoint Online, the cloud-based variant included in Microsoft 365, is not impacted by this zero-day flaw. The urgency of the threat became clear after Eye Security researchers published findings that highlighted "active, large-scale exploitation" of the flaw, which they related to a set of vulnerabilities coined "ToolShell." Attackers who successfully exploit CVE-2025-53770 can access sensitive MachineKey configuration details on vulnerable servers, including the validationKey and decryptionKey. These critical parameters can then be used to craft specially designed requests that enable unauthenticated remote code execution, effectively giving attackers full control over the targeted servers. Late breaking fixes for SharePoint Server 2019 and SharePoint Subscription Edition have been made available, with a patch for SharePoint Server 2016 expected to follow. Organisations are being urged to conduct incident response investigations, apply available patches, and closely review Microsoft's temporary mitigation instructions to limit exposure. In recent reports, the scope and impact of the exploit have become clearer. More than 100 servers across at least 60 global organisations, including critical infrastructure such as the US National Nuclear Security Administration, have reportedly been breached via the vulnerability. Cyber security analysts have attributed the campaign to Chinese state-linked groups, among them Linen Typhoon, Violet Typhoon, and Storm-2603. These groups are said to have used stolen credentials to establish persistent access, potentially enabling ongoing espionage even after patches are applied. According to Charles Carmakal, CTO of Mandiant Consulting at Google Cloud, attackers are using the vulnerability to install webshells - malicious scripts that provide ongoing unauthorised access - and to exfiltrate cryptographic secrets from compromised servers. This presents a substantial risk to organisations, as it allows persistent, unauthenticated access by malicious actors. "If your organisation has on-premises Microsoft SharePoint exposed to the internet, you have an immediate action to take," Carmakal said. He stressed that mitigation steps must be implemented without delay, as well as the application of patches as they become available. "This isn't an 'apply the patch and you're done' situation. Organisations need to assume compromise, investigate for any evidence of prior intrusion, and take appropriate remediation actions." Satnam Narang, Senior Staff Research Engineer at Tenable, warned of the widespread consequences, stating: "The active exploitation of the SharePoint zero-day vulnerability over the weekend will have far-reaching consequences for those organisations that were affected. Attackers were able to exploit the flaw to steal MachineKey configuration details, which could be used to gain unauthenticated remote code execution." Narang added that early signs of compromise could include the presence of a file named although it might carry a different extension in some cases. Bob Huber, Chief Security Officer and President of Public Sector at Tenable, commented: "The recent breach of multiple governments' systems […] is yet another urgent reminder of the stakes we're facing. This isn't just about a single flaw, but how sophisticated actors exploit these openings for long-term gain." Huber noted that because Microsoft's identity stack is so deeply embedded in government and corporate environments, a breach in SharePoint can create "a massive single point of failure." He argued for a more proactive, preventative approach to cyber security, emphasising the need for exposure management platforms that provide unified oversight across complex infrastructures. For now, the coordinated response by vendors, security firms, and government agencies continues, as organisations track for signs of compromise and await further guidance on long-term remediation. The incident serves as a stark reminder of the intricate cyber threats faced by modern institutions, and the pressing need for rigorous, ongoing defence strategies against ever-evolving adversaries.
Techday NZ
5 days ago
- Techday NZ
Microsoft launches Sentinel data lake to cut storage costs
Microsoft has unveiled an expansion of its security information and event management solution, Microsoft Sentinel, introducing a new security data lake designed to address both the cost and capability challenges faced by cybersecurity teams. The newly-launched Sentinel data lake aims to reduce costs associated with security data retention, claiming storage fees at less than 10% of those found with traditional analytics log storage options. According to Microsoft, this move is intended to help security teams retain all relevant data affordably, making incident detection and response faster and more accurate. Data challenges Security operations teams have long contended with the challenge of managing increasing volumes of data while controlling costs. Microsoft stated, "You can't protect what you can't see. Security operations teams have long been faced with the challenge of managing massive, fast-growing datasets, and the cost of scaling traditional data management tools to handle these data volumes has become unsustainable. We're evolving our industry-leading Security Incidents and Event Management solution (SIEM), Microsoft Sentinel, to include a modern, cost-effective data lake. By unifying all your security data, Microsoft Sentinel data lake, now in public preview, accelerates agentic AI adoption and drives unparalleled visibility, empowering teams to detect and respond faster. With Sentinel data lake, you're no longer forced to choose between retaining critical data and staying within budget." The new architecture is said to bring together security data from both Microsoft and third-party sources using over 350 native connectors. It is positioned as a foundation for artificial intelligence-powered detection, allowing security teams to hunt for threats over extended time frames and perform detailed forensic analysis without compromising on data retention due to cost constraints. Microsoft further said, "Breaking down data silos for better security... Siloed data means missed cyberthreats, delayed investigations, and underutilized tools." The aim is to unify data and enable better threat visibility and collaboration within security teams. Threat intelligence integration In addition to the data lake, Microsoft has also announced the integration of Microsoft Defender Threat Intelligence (MDTI) into both Sentinel and Defender XDR at no additional cost. This integration is pitched as an effort to provide security teams with access to a substantial repository of frontline threat intelligence, which processes signals from what Microsoft says are 84 trillion daily data points, and is supported by over 10,000 security specialists. The company stated, "To further help defenders get the most out of their data, we're democratizing threat intelligence by converging Microsoft Defender Threat Intelligence (MDTI) capabilities into Defender XDR and Sentinel at no additional cost; this means that security teams will no longer need to buy a separate SKU to access these powerful features." These changes will be rolled out over time, with all Microsoft first-party threat reports, including intelligence profiles and indicators of compromise (IoCs), expected to become available through Defender XDR. The plan is also to incorporate IoCs into Sentinel's case management, allowing customers to share threat intelligence across teams inside their organisations, with further features scheduled to follow. Industry support "Microsoft's vision for Sentinel data lake reflects what matters most in cybersecurity: clarity, scale, and real-world impact. With more than 1,200 Sentinel deployments worldwide, BlueVoyant has seen the need firsthand. Large scale data challenges are now the norm. Sentinel data lake marks a natural evolution of the SIEM and SOAR model, one that critically supports modern analytics, data science, and flexible ingestion strategy. It is a critical step forward for customers looking to modernize their security operations." - Milan Patel, Chief Revenue Officer at BlueVoyant Industry partners have responded to Microsoft's expanded offering and its intent to simplify data management while providing a robust foundation for AI-driven security operations. "For cyber teams, the massive proliferation of data can misdirect focus or delay responses to genuine [cyber]threats. Microsoft Sentinel data lake can be a valuable tool for data centralization and visibility and for historical analysis across large volumes of datasets. Together with Microsoft, Accenture can help our clients leverage the data lake to extend the power of Microsoft Sentinel to supercharge attack detection and proactive remediation." - Rex Thexton, Chief Technology Officer, Accenture Security Microsoft's approach aims to aid organisations in moving between real-time analytics and historical analysis from a single portal. The solution is designed to support custom machine learning workflows, analytics, and integration with tools familiar to security teams, all based on open data formats. "The [cyber]attack surface is expanding with every application and AI application deployed across hybrid cloud environments, and AI-powered attacks are evolving just as fast. What many organizations still lack isn't just better tools - it's real-time visibility of their IT estate, their configurations and business context. To understand their full exposure, organizations need the right asset intelligence and a shared industry effort. The new Microsoft Sentinel data lake represents a valuable step in that direction; IBM is committed to working across the ecosystem to help solve that challenge." - Srini Tummalapenta, IBM Distinguished Engineer, Chief Technology Officer for IBM Consulting Cybersecurity Services AI readiness measures Microsoft stated that centralising data enriches its AI models, such as Security Copilot, giving them full context to detect sophisticated patterns of cyberattack, correlate signals over extended time spans, and produce high-fidelity alerts. The company explained, "Centralizing your data in a threat intel-enriched data lake eliminates silos and ensures AI models like Security Copilot have the full context they need to detect subtle cyberattack patterns, correlate signals across time and space, and surface high-fidelity alerts. This creates the foundation for the future of agentic defense where AI doesn't just assist, it acts." Microsoft Sentinel data lake is now in public preview and available for customer onboarding as part of the company's continuing development of an integrated security operations platform.
