The News: Microsoft announces the upcoming general availability of Copilot for Security on April 1 at Microsoft Secure. Additional details are available on the Microsoft website.
Microsoft Copilot for Security Increases the Efficacy of Security
Analyst Take: Microsoft Copilot for Security is a generative AI security solution designed to support both security and IT professionals from the standpoints of efficiency and efficacy. The solution augments machine learning (ML) with large language models (LLMs) for deep learning, with user interaction occurring via a natural language interface. It benefits from Microsoft’s vast threat intelligence data, including the more than 78 trillion security signals that Microsoft processes per day.
From the standpoint of efficiency, Microsoft Copilot for Security can automate repetitive tasks such as threat hunting and incident response, as a result freeing up security professionals to focus on more strategic work. It also can augment security teams’ existing areas of expertise, even providing security and threat intelligence that is specific to the user’s particular organization. The tool focuses on a key challenge that I hear from security teams—the ability to keep pace with how threat actors are continuously adapting their approaches to become more effective and impactful, especially with the new fuel that they have in AI. Limitations pertaining to headcount and skills adaptations are real.
Notably, Microsoft executed an economic study on the tool that indicated that experienced security analysts were 22% faster and 7% more accurate with Copilot. In an interview with Six Five Media, Vasu Jakkal, Corporate Vice President of Microsoft’s security business, expressed visions of the tool going so far as to attract new talent to the security field. In a subsequent Six Five interview, Sherrod DeGrippo, the director of Microsoft’s threat intelligence strategy, painted an exciting vision of the tool helping organizations to better match their existing skill sets to needs such as shoring up their key areas of vulnerability.
As discussed in our interview conversations, users that have worked with Microsoft Copilot for Security as part of the company’s early adopter program have generally expanded their usage of the tool over time. Part of the adoption curve is opening their mind to the potential use cases, as well as the tool’s accuracy and effectiveness. Note this trend across technology sectors, as AI contributes to a reshaping of workflows and responsibilities. Promptbooks, which are a series of natural language prompts for tasks and workstreams, can help; Microsoft offers pre-built promptbooks and the ability for customers to create their own.
Microsoft Copilot for Security can be accessed through a standalone portal or embedded into Microsoft security products that customers are already using, which can make it easier for IT and security professionals to utilize the capabilities while making the Copilot capabilities more specific to particular use cases. In a powerful example, I saw a demo of the tool with Microsoft Purview, a tool for data visibility, compliance, governance, and security, and Microsoft Word. In the demo, the user was able to create a data privacy policy and have that policy applied automatically not only to existing files but also to Word documents as they are being created. Through Purview, security and compliance administrators can then obtain insights into sensitive data, alert summaries that are summarized to prioritize the most critical ones, and investigation workflows.
Another example is the integration of Copilot for Security with Microsoft Entra, an identity and access management tool that provides audit logs and diagnostic logs, which is now in preview. Copilot for Security can support risk and threat investigation, for example, recommending access policies to improve the security posture. This use case will be critical for security and IT teams, as identity-related attacks are materially on the rise.
Also coming will be a unified security operations platform with embedded Copilot for Security within the Microsoft Defender portal for security information and event management (SIEM) and extended detection and response (XDR) that will prompt analysts as they investigate and respond to threats. The Copilot AI technology will help to guide the investigation and response process, expediting these processes with the additional benefit of utilizing the most up-to-date Microsoft threat intelligence. Along a similar vein, also in preview is Copilot for Intune, Microsoft’s Unified Endpoint Management (UEM) solution, which will help administrators and analysts to detect and remediate issues more quickly.
A final – and critical – note is that Microsoft is including controls for customers when it comes to facilitating secure usage of Microsoft and third-party AI applications. For example, in the demo of Copilot for Security’s integration with Microsoft Purview, I witnessed the ability to identify high-risk AI applications, as well as to control and oversee the users that are accessing these applications.
In summary, Copilot for Security can help struggling security and IT professionals by streamlining day-to-day tasks while improving threat detection and accelerating incident response. Examples include incident summarization and analysis and guidance on proactive measures and response. At the same time, it can unlock additional value, for example in the form of skills prioritization and amplification. Microsoft’s promptbooks and insights into how teams are using the tool will help to make it accessible, as will its integration with both Microsoft and third-party tools from partners such as Netskope, Valene Security, Tanium, Cyware, and SGNL, and its consumption-based pricing model.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other Insights from The Futurum Group:
The Intersection of AI and Threat Intelligence – The Six Five On the Road
Microsoft and the Future of Security – The Six Five On The Road
Image Credit: Microsoft
Author Information
With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately a decade of experience providing research and advisory services and creating thought leadership content, with a focus on IT infrastructure and data management and protection. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
Prior to joining The Futurum Group, Krista led the data center practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.
Krista holds a Bachelor of Arts in English Journalism with a minor in Business Administration from the University of New Hampshire.