On this episode of The Six Five – On the Road, hosts Krista Macomber and Will Townsend are joined by Microsoft‘s Brandon Dixon, Partner Group Product Manager, Copilot for Security at Microsoft Secure for a conversation on Microsoft Copilot for Security and how it’s revolutionizing the field of cybersecurity with the power of AI.
Their discussion covers:
- The advantages and key features of Microsoft Copilot for Security in a market flooded with AI-empowered security solutions.
- Microsoft’s strategic decision to offer Copilot for Security both as a standalone experience and embedded across its product portfolio.
- Looking ahead, what is most exciting about the future of AI in the security industry.
Learn more at Microsoft.
Watch the video below, and be sure to subscribe to our YouTube channel, so you never miss an episode.
Or listen to the audio here:
Disclaimer: The Six Five webcast is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded, and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors, and we ask that you do not treat us as such.
Transcript:
Will Townsend: So The Six Five Media continues its conversations with Microsoft. We have Brandon Dixon. Brandon, you’re the partner group product manager for Copilot for Security. Tell us a little bit about what you do on a daily basis.
Brandon Dixon: A big portion of my job is building this product that we have now, so developing Copilot for Security and identifying what it is that we’re going to ship. And so shipping a product at Microsoft takes a lot of effort. So it’s a lot of customer conversations, a lot of conversations internally to form alignment. And then of course just the organizational aspect of getting that product launched and then measuring the overall success and health of it.
Will Townsend: Awesome, awesome. Well, let’s jump into it. There’s a lot of whitewashing going on with GenAI. Everyone’s claiming it. I’m wondering from your perspective, how is Microsoft going to differentiate its Copilot for Security solution relative to the competition out there?
Brandon Dixon: Well, I think for us, one of the advantages that we have at Microsoft is the amount of data that we have. And so we see a lot of attacks, trillions of signals on a daily basis, and that helps form the knowledge that we have about threat actors, and then that informs the detections that we write to make customers more safe. And so the product itself leverages all of that information and is able to answer questions in natural language to help people do their jobs better. And what I love about the product and what we’ve done is we have a solution that’s visionary, where it’s led by natural language, and then we’ve also integrated generative AI into all of our existing product offerings.
So if you’re already familiar with them, you’ve made your investments, you’ve done your training, you’re comfortable in those interfaces, we want to meet you where you are. And we think that that in of itself is a big differentiator as well, because we have solutions across all of the different parts of security.
Will Townsend: Krista and I were just in a demo-
Krista Macomber: We were.
Will Townsend: … and we saw the integration with Microsoft Word. And you’re right. I mean that’s going to reduce the friction and make it that much easier and accessible, I believe, for customers to leverage the power of GenAI.
Krista Macomber: Yeah, yeah. And I think kind of building on that concept, I definitely agree. Being able to see an action, the integration of Microsoft Copilot for Security with some of the other products has been really powerful. And Brandon, just understanding your role and really kind of driving the product itself. Can you talk a little bit about the decision to offer Copilot for Security standalone, but also allow it to be embedded with other products? Just a little bit more context there.
Brandon Dixon: Sure. So with any new technology, there’s the adoption curve or the need to get educated on how to best use it. And one of the things that we have observed is that we don’t want to disrupt a customer’s existing workflow. So as I mentioned, we have a rich suite of security products today that people know, love and routinely use to defend their organization. And by integrating generative AI into those workflows and doing it in a purpose-driven manner, we’re able to complement the existing processes they have and make their overall experience better.
The reason why we did the separate standalone experience is because generative AI introduces a new way of working that we’ve previously not had. So when we think about specialized tools, that requires training and understanding some level of expertise. And one of the powerful aspects of generative AI is the fact that using natural language, you can query the system and you can get back responses in natural language.
And so when we thought about that, there was an opportunity to reimagine what that user interface would look like, what that experience would look like, and we could have put that inside of our existing product offerings, but we felt that that might take away from the existing process and training that people had. We didn’t want to distract them, we didn’t want to put additional cognitive load for them to figure out how to prompt in those systems. We wanted to make it as easy as possible to get value with the solutions they had today, yet form a bridge to this new way of working for people that are eager to understand what that might look like and how to start educating themselves to it that they could begin doing it that way.
Will Townsend: I think that’s super smart. It’s like you’re putting the training wheels on things to kind of ease people into it. And what’s really exciting about generative AI, and I like to refer to it as like it’s a gold rush. I think it’s a gold rush for defenders, but it can be a gold rush for bad actors as well. And being a double-edged sword, it can be used for good and not so good. But to double click on the first question I asked you around differentiation, and certainly the integration is key, from my perspective, and that really positions Microsoft for success, but if you were to think, is there one particular transformative feature that can really just sort of change the way that people manage security?
Brandon Dixon: I mean, I think from a product perspective, it is that natural language ability. When I think about the talent shortage that we have across cybersecurity, and I was once an analyst doing that work, there’s a tremendous amount of pressure of people who are in the job today to be successful, to find the true positives, to find the threat actors, to respond as quickly as possible. And with that stress just comes people leaving positions or that institutional knowledge going away. When those people leave those positions, that leaves a gap and we already have a big gap. And so I see the opportunity, the biggest feature in a way is the natural language aspect. It’s that you don’t have to be a subject matter expert per se to form a question.
And in particular, the feature that I think I love most about Copilot for Security is the fact that we take that natural language and then we stitch it together in something, called a promptbook. And that promptbook is meant to achieve a workflow. So for instance, I might have an incident that I need to triage, and as an analyst, I know that initially I want the summary, I want all the entities involved, that might involve users, devices, technical artifacts, and there’s commonly a process where analysts would go and enrich that information to understand more details about it. This is a common and repetitive task that language models can help assist with.
So what we’ve done with promptbooks is we’ve taken the power of natural language articulating the steps that we want to achieve. We stitch them together, and then we can create these automated workflows so that somebody with very little experience can plug in an incident ID and have it go and automatically triage and write the report for them at the end.
Will Townsend: Yeah, it’s sort of like when I think of a blueprint, when you look at network operators and that sort of thing, I think one of the challenges with security, you mentioned the skill shortage, when you move down market, and when I speak with a lot of small to mid-size customers, oftentimes the NetOps teams are managing the security operations. So if you can make it easier and more intuitive, I think you’re going to get better efficacy and that sort of thing from a security solution.
Brandon Dixon: For sure. And I mean, we talk about security a lot. I mentioned incidents, but the way we’ve positioned Copilot for Security, it’s also applicable to those in an IT-based role. So I mean, imagine a case where you have conditional access policies across your organization. Maybe somebody didn’t update their device and now they’re locked out of their account. This is a common thing that happens across enterprises who have these policies rolled out and that creates help desk tickets. I’m locked out of my account, can you please help me figure out how to get access? And what it ends up being is that help desk person has to go and triage, okay, they didn’t update their system and they need to apply this patch. But there’s a paradigm there where we can help.
Instead of escalating to an IT person that otherwise would have their time wasted, could we enable that help desk person to take the device ID put it into something like Copilot for Security and say, tell me the status of this device, whether it’s compliant or not compliant, and give me the reasons why it may not be compliant and explain them out in full detail. And then tell me the next steps that I would need to take as a user to solve this problem. Additionally, tell me the next steps that I would need to take as a practitioner behind the scenes to help resolve this for the user.
So there’s this incredible capability of being able to, in a way, bring a new set of skills that otherwise may have been out of reach. And it doesn’t just stop at security, it goes across compliance, identity and management. And we’re trying to service all of them.
Will Townsend: Help desk resolution, faster time to resolution, and that’s super powerful. That frees up IT, NetOps, SecOps to do more value added support for the lines of businesses.
Krista Macomber: Yeah. I think the only other comment that I would kind of just add here is it definitely contributes to that saying that the defender has to be correct every time, but the attacker only has to be right once. So I think in addition to this kind of efficiency speeding time to resolution, it’s also really just kind of empowering these teams to do their job better.
Brandon Dixon: Yeah, for sure. Yeah.
Krista Macomber: So Brandon, thank you. This has been a really exciting conversation about generative AI. I know we could probably talk for quite some time on this, but maybe just to kind of summarize the conversation or kind of put a bow on it, if you will, when you think about this space, what excites you the most when you think about that intersection point of generative AI with security?
Brandon Dixon: I think what excites me the most right now is the fact that we’ve been working with customers to get feedback on the product. And the feedback is overwhelmingly positive that people are both utilizing the embedded experiences in the existing products we have and the standalone experience for this new way of working. And we’re seeing positive results even in its early development. So we have novice or folks that are a bit more seasoned seeing up to 22% efficiency gains with 7% accuracy in tasks that they’ve historically done. And then overwhelmingly that positive sentiment is being reflected in the fact that 97% of the people that have leveraged the tool would continue using it. They actually enjoy using it.
Will Townsend: Wow. That’s powerful.
Krista Macomber: Yeah, that’s huge.
Brandon Dixon: Which is really interesting, because when I think about waking up in the morning, the first thing that comes to mind is not necessarily your SIM. That’s always a delightful product. It’s a security is a hard job. So hearing that from customers that they love using the product, that they’re getting value and it’s something tangible, has immense value.
Will Townsend: It’s powerful. I mean, that just provides another tool in the toolbox for those SOC analysts to be more effective at what they do and be able to stretch their capabilities and their resources at the same time. So, hey Brandon. Thanks. It’s been a great conversation.
Brandon Dixon: Yeah, thank you very much.
Krista Macomber: Thanks so much.
Author Information
With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.
