Microsoft Security Copilot is here, as the company announced its AI assistant for Security defenders (blue-teamers) is now available for early access.
Early this year (March 2023), the tech giant announced about Microsoft Security Copilot, its first generative AI security product set to assist organizations defenders team to learn about emerging cyber-attacks at high speed and scale.
Microsoft stated that:"Generative AI is transformative for security, and generative AI combined with Microsoft threat intelligence, and our security-specific models will enable us to tip the scales in favor of security teams."
Microsoft further described that the Security Copilot is an AI assistant designed exclusively for security teams, utilizing large language models. It leverages Microsoft’s security expertise and global threat intelligence to keep security teams (defenders) several steps ahead of threat advisories.
The Vice President Corporate Security Compliance Identity and Management Vasu Jakkal hinted that:
"Security Copilot is already helping our preview customers save up to 40 percent of their time on core security operations tasks with capabilities such as writing complex queries based only on natural language questions and summarizing security incidents."
The AI tool for defenders is said to be able to effectively up-skill security teams, regardless of their expertise and experience, save more time, and assist them in finding what they might have missed previously. This will give them more adequate time to focus on more impactful projects.
More information was disclosed by Microsoft indicating that:
"Today as we announce our Early Access Program is now open to qualified customers."
Additional features were also included preceding this announcement, which includes:
- Microsoft Extended Detection and Response (XDR) platform, Microsoft 365 Defender. This new embedded experience will assist analysts to take actionable recommendation directly, within the same interface.
- Microsoft Defender Threat Intelligence which is now included at no additional cost with Security Copilot. This feature will enable customers to access directly, operate on, and integrate Microsoft’s finished threat intelligence, while delivering a greater depth of insight to security teams.
Jakkal furthermore highlights that:
"In addition, organizations that work with Managed Security Service Providers (MSSP), and are in the Early Access Program will be able to extend access to their Security Copilot Environment, allowing MSSPs to participate with them using Security Copilot ("Bring Your Own-MSSP")"
The embedded experience opens up powerful scenarios such as: Incident summary with just a single click, Guidance response to incidents at machine speed, the use of natural language to simplify hunting, Analysis of malware in Real-time, and bring Threat intelligence closer to security defenders.
Chirs Weissert, Director, IT Security at Fidelity National Financial said:
"We liked that Security Copilot was easy to set up, offered a dedicated tenant to protect the privacy of prompts, and gave read access to our enabled Microsoft Security Products, allowing us to enrich investigations with data from those products all in one place."
To have more in-depth information, and Join the early Access Program visit Microsoft Blog.
At Fixitgearware Security, we believe that this tool will enhance an organization’s security defense team. Red-teamers, who specialize in pentesting and white-hat hacking, can study this tool, to further their knowledge and identify emerging threats. They can also identify vulnerabilities in less secure facilities and provide recommendations to the organization for preemptive fixes before malicious hackers exploit them.
Put your comments below in the comment section on your thoughts about this.