Today cybersecurity professionals fight an asymmetric battle against relentless, and sophisticated attackers. To protect an organization, defenders must respond to threats that are often hidden among the noise. Not to mention the #securitytalentwar global shortage of ~3.4M million openings in the security field. Security professionals are scarce, and we must empower them to disrupt attackers’ traditional advantages and drive innovation for their organizations.
In the last 3 months, the world has witnessed the disruption of Generative AI and associated use cases. We saw the CoPilot announcement for M365, Dynamics 365, and Github; I was wondering when is Security CoPilot coming. Well, I didn’t need to wait for long; Today at #MicrosoftSecure event (Microsoft Secure event), Microsoft announced #securitycopilot – shaped by the power of OpenAI’s GPT-4 generative AI.
Microsoft Security Copilot is an AI-powered security analysis tool that enables analysts to respond to threats quickly, process signals at machine speed, and assess risk exposure in minutes.
Security Copilot: Generative AI-powered, end-to-end defense at machine speed and scale
Microsoft Security Copilot is the first security product to enable defenders to move at the speed and scale of AI. Security Copilot combines this advanced large language model (#LLM) with a security-specific model from Microsoft. This security-specific model in turn incorporates a growing set of security-specific skills and is informed by Microsoft’s unique global threat intelligence and more than 65 trillion daily #signals. Security Copilot delivers an enterprise-grade security and privacy-compliant experience as it runs on Azure’s hyper-scale infrastructure. Security Copilot is not only a large language model but rather a system that learns, to enable organizations to truly defend at machine speed.
#offenssiveai and #generativeai will transform how organizations around the world interact with security technologies and develop the Security strategy and solutions. But to realize the full potential, security AI solutions needs to be delivered in a safe, secure, compliant (both regualtory and #digital ethics) and responsible way.
When Security Copilot receives a prompt from a #securityprofessional, it uses the full power of the security-specific model to deploy skills and queries that maximize the value of the latest large language model capabilities. This cyber-trained model is continuously in self-learning mode – as it creates and tunes new skills. Security Copilot can help catch what other approaches might miss and augment an analyst’s work. In a typical incident, this boost will translate into gains in the quality of detection, speed of response, and ability to strengthen #securityposture.
Well like any other Generative AI-powered capability, Security Copilot might not always get everything right. AI-generated content can contain mistakes. But Security Copilot is a closed-loop learning system, which means it’s continually learning from users and giving them the opportunity to give explicit feedback with the feedback feature that is built directly into the tool.
Microsoft committed to 3 fundamental aspects of how Security Copilot handles your data:
- Your data is your data. It’s yours to own and control, and yours to choose how you want to leverage and monetize.
- Your data is not used to train or enrich foundation AI models used by others – no one beyond your organization is benefiting from AI trained on your data or business processes.
- Your data and AI models are protected at every step by the most comprehensive enterprise compliance and security controls in the industry.
The Security Copilot integrates with the end-to-end Microsoft Security products, and over time it will expand to a growing ecosystem of third-party products.
Security is a team sport but it still needs to be played within well-defined boundaries of #privacy. The Security Copilot is developed with security teams in mind, your data stays within your control #privacybydesign. Your data is not used to train the foundation AI models and data is protected by the most comprehensive enterprise compliance and security controls. While remaining private, each #userinteraction can be easily shared with other team members to accelerate #incidentresponse, collaborate more effectively on complex problems, and develop #collectiveskills and #knowledgebase.
Security Copilot – Elevates human creativity and strengths (#compositeai)
Security Copilot can augment security professionals with machine speed and scale, with human ingenuity at the core of it. 3 Principles that Microsoft has used in delivering this experience:
- Simplify the complex – Every minute matters in the cybersecurity domain. Security Copilot delivers critical step-by-step guidance and context through a natural language-based investigation experience that accelerates incident investigation and response. The ability to quickly summarize any process or event and tune reporting to suit a desired audience frees defenders to focus on the most pressing work.
- Catch what others miss – Attackers hide behind the noise and a large number of weak signals. Defenders can now discover #maliciousbehavior and #threatsignals that could otherwise go #undetected. Security Copilot surfaces prioritized threats in real time and anticipates a threat actor’s next move with continuous reasoning based on Microsoft’s global #threatintelligence. Security Copilot also comes with skills that represent the expertise of security analysts in areas such as #threathunting, #incidentresponse, and #vulnerabilitymanagement.
- Augment the talent gap – A security team’s capacity will always be limited by the team’s size and the natural limits of human attention. Security Copilot continually learns from user interactions, adapts to enterprise preferences, and advises defenders on the best course of action to achieve more secure outcomes. This enables security teams to #domorewithless and to operate with the capabilities of a larger, more mature organization.
Security Copilot boosts defenders’ skills with its ability to answer security related questions. Security Copilot, is taking the agility advantage back to defenders by combining strenths of Microsoft Security Platform with the advancements in AI.
Key benefits of Security Copilot
- Ongoing access to the most advanced OpenAI models to support the most demanding #securitytasks and applications
- A security-specific model that benefits from continuous reinforcement, learning, and #userfeedback to meet the unique needs of security professionals;
- A growing list of unique skills and prompts to elevate the expertise of security teams and set the bar higher for #domorewithless.
- Visibility and evergreen threat intelligence powered by your organization’s security products and the 65 trillion threat signals Microsoft sees every day – thus enabling security teams with the latest knowledge of attackers, their tactics, techniques, and procedures
- Integration with Microsoft’s end-to-end security portfolio
Summary – Beginning of a new era of security
Security is a team sport and is ultimately about people. Security Copilot is the beginning of building a future where every defender is empowered with the technologies and expertise that enable them to realize their full potential. I am excited about this potential new path of #futureofsecurity but would be watching out for #privacybydesign, #falsepositives, relevance (and true impact on system behavior) of #generativeai generated scripts, remediations, etc. AI and Technology advancement will play an essential role in this journey, but successful security will continue to be a human endeavor.
Additional Reading
Views: 6.6K
