“We needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.”
What is Microsoft Security Copilot?
Not long after impressing Microsoft 365 customers with the recent Microsoft 365 Copilot announcement, Microsoft have launched another AI-powered Copilot product. This time with a whole new set of possibilities – introducing Microsoft Security Copilot.
This development comes as great news to cyber security community, who will now have an extensive list of additional capabilities to utilise within the Microsoft security eco-system, as well as now having the power to gain a deeper understanding of the ever-evolving threat landscape and make sense of those 65 trillion signals captured daily by Microsoft for threat intelligence…
What are the key Microsoft Security CoPilot features?
Microsoft Security Copilot is built on Microsoft Security specific model and Open-AI’s GBT-4 generative AI , and will include a range of key features. All with the intention of helping analysts make sense of the mass of information sent their way by popular security apps like Microsoft Defender for cloud, Microsoft Sentinel and Intune.
Key Microsoft Security Copilot features include:
- AI-powered Search Bar
- Shared Team Pinboard
- Workspace Prompt Book
The AI-powered Search Bar
A useful feature of this new product is the search bar that enables users to ask simple but critical questions such as “which alerts are being triggered in [insert name] tenant because of recorded Log4j threats?” – crazy right?
The ability to collect and analyse security data through natural language prompts will save incredible time and resources. In addition, Microsoft Security Copilot saves all responses and prompts, which means a full audit trail is always available.
This solution also provides contextualised guidance, in depth security reports and can even carry out threat-hunting tasks, transforming the day-to-day tasks of cyber security analysts.
The Shared Team Pinboard
Microsoft Security Copilot has also been designed to optimise the collaboration between various security roles and teams, helping to bridge the gap between security engineering, projects and operations.
Ultimately this feature shares key findings and useful prompts, to help analysts gain a better, faster understanding of incidents, as well as work with simplified reports.
Crucially, developments in live investigations can be accessed by members of the security team, stakeholders and senior executives to ensure full visibility of current operations.
Finally, the pinboard also has the power to automatically produce a summary of ongoing investigations, which are updated when tasks are added or completed.
“This is like having individual workspaces for investigators and a shared notebook with the ability to promote things you’re working on,”
– Chang Kawaguchi, AI security architect at Microsoft.
The Workspace Prompt Book
The Prompt Book is practically a collection of steps or “a playbook” that can be used by anyone in the team to carry out incident investigations and response.
The playbook ultimately contains a series of pre-defined actions that businesses can take in response to specific security incidents. These actions can include alerts, notifications, and automated remediation.
Completely customisable, an organisation’s prompt book is built to their unique security needs and can help to define their own set of incident types and the corresponding actions. This will allow incidents to not only be tackled with greater speed, but also align with organisations specific security strategy.
An exciting prospect of this feature is its ability to reverse engineer a script, outline the capabilities of said script and then produce a visual summary of how it works. This feature essentially enables users to fully reverse-engineer code… A capability that will save vast amounts of time within many security operation roles.
How accurate is Microsoft Security Copilot?
At the moment, it’s a work in progress. Microsoft has emphasised that Security Copilot occasionally won’t get things right:
“We know sometimes these models get things wrong, so we’re offering the ability to make sure we have feedback,”. Microsoft actively encourages users to give detailed feedback on where the AI is mistaken, ensuring that the technology is grounded in the context of your data, learning faster and more accurately. In incidents where there is no correct answer, Microsoft Security Copilot will provide a probabilistic answer which aids the security team in their next steps.
When is the Microsoft Security Copilot release date?
To ensure this technology is as useful and accurate as possible when available to the wider userbase, Microsoft Security Copilot is currently being tested with a small batch of customers, to help establishing early mistakes, discrepancies and hallucinations that can be resolved and integrated into the machine learning.
“Microsoft has created a revolutionary tool for organisations and cyber security professionals alike. Combining first-class cybersecurity intelligence with the latest generative, responsible AI, will evolve incident response, threat hunting and security reporting. Technological developments such as Microsoft Security Copilot will change the face of modern day cyber security for good.”
– Joe. F, Cyber Security Analyst
Microsoft Security Copilot is now the latest development from the tech powerhouse, further fuelling Microsoft’s mission to advance responsible, innovative AI. The unveiling of Microsoft Security Copilot comes shortly after the announcement of Microsoft 365 Copilot, hailed as ‘the future of work’ and a productivity game changer. With Microsoft leading the way in AI-powered productivity and security, there is no doubt that the future of business is evolving with it too.
Want to know more about Microsoft’s Copilot suite? You can also read more about the Microsoft 365, AI-powered productivity solution.