There has been a TON of hype around the impact of AI within the security community. One of the biggest noise makers on this topic is Microsoft’s recent announcement of Security Copilot. What is it? A simple definition is “Microsoft Security Copilot is an all-in-one virtual assistant that uses the power of AI to augment your workflow”. A simple way to understand this definition is think of Security Copilot like ChatGPT for the security operation center. You can ask questions about security needs and receive back a quick summarized answer. For example, you could ask what the risk is of some threat to your organization and get back a very clear explanation based on various resources.
There are many use cases this offering to nail but Microsoft points out the following specific use cases.
Streamline investigation with expert guidance: Security Copilot provides direct access to Microsoft’s security experts, who can guide and assist in managing security risks.
Catching what analysts may miss: Security Copilot augments the triage process so that you see cyber threats early and gives you predictive guidance on how to stop a threat actor’s next move.
Improving the quality of detections through proactive monitoring and feedback: Security Copilot proactively monitors your cloud environment. With every new detection, its model is updated, and it becomes better at recognizing when a real threat is present.
Providing rapid incident response support: The tool can assess your entire cloud environment and predict the systems an attacker will likely target so you can quickly contain and remove an adversary from your environment.
Enhance your securing posture through continuous risk assessments: Security Copilot continually assesses your cloud environment and provides unique recommendations for addressing potential risks using security best practices.
Compliance assistance: Security Copilot can conduct regular compliance audits of your cloud environment and provide recommendations about how to meet compliance standards.
A focus on addressing the cyber security talent gap: It is estimated that 3.4 million jobsneed to be filled by skilled security professionals. Microsoft claims that Security Copilot can fill some (if not all) of these vacancies by helping your current security teams augment their workflow and have the most impact.
Strong integration across Microsoft’s security solutions: According to Microsoft, the power of Security Copilot comes from its strong integration with Microsoft’s security products. This includes Azure Security Center, Microsoft Defender for Endpoint, Microsoft Cloud App Security, Microsoft Sentinel, Microsoft Identity and Access Management (IAM) Solutions, Microsoft Intune, and third-party products.
Using AI responsibly: Microsoft claims to be committed to using responsible AI practices to extend security analysts’ capabilities while innovating AI to foster a positive impact. Security Copilot uses a closed loop learning system, so the corporate data in your environment will remain in your control and will not be used to train Security Copilot or enrich foundation AI models.
Stationx posted details about Microsoft Copilot HERE. Its worth the time to better understand Security Copilot as other competitors such as Google are releasing similar technology. I believe this “ChatGPT” approach to SOC is the future and will be the standard offering for future security program management interfaces. It just makes sense to automate the tedious task of analyzing data.