Microsoft Security Copilot: A GPT-4 AI assistant for Cybersecurity

Microsoft is quickly expanding its Copilot capabilities beyond Office 365 applications with the announcement of Security Copilot. Security Copilot is designed to empower defenders with the speed of artificial intelligence with native integrations across Microsoft Azure, Sentinel, Defender, and InTune. The tool aims to automate threat detection and response, allowing security teams to investigate and remediate incidents faster and more accurately.

The announcement comes as Microsoft is increasingly doubling-down on AI technologies and its extended $11 billion investment in OpenAI. The AI race is significantly heating up across big tech, with Google on Microsoft’s heels to compete with Microsoft’s investment in OpenAI tech.

Security Copilot uses machine learning and natural language processing to analyze large volumes of security data from various sources, including endpoint devices, servers, and cloud services. The tool creates a unified view of the security landscape and identifies potential threats, anomalies, and suspicious activities. It also suggests remediation actions and provides contextual information to help analysts understand the severity and scope of the incident.

Microsoft Security Copilot demonstrates the ability to analyze a cyber incident after a Copilot user issues requests and prompts to the interface. (Source: Microsoft)
Microsoft Security Copilot demonstrates the ability to analyze a cyber incident after a Copilot user issues requests and prompts to the interface. (Source: Microsoft)

Security Copilot support for Azure, Sentinel, Defender, and InTune at launch

At the time of release, Microsoft states that Security Copilot will integrate natively with existing Microsoft security products, including Microsoft Defender for Endpoint, InTune, and Azure Sentinel. Third-party security solutions will be supported “over time”, according to the announcement.

One of the key features of Security Copilot is its ability to automate incident response. When an incident is detected, the tool can automatically quarantine affected devices, block malicious domains, and even initiate investigations. This can significantly reduce the time it takes to contain and remediate security incidents, allowing security teams to focus on more critical tasks.

Customers of Microsoft Copilot will be able to leverage “65 trillion threat signals Microsoft sees every day to ensure that security teams are operating with the latest knowledge of attackers, their tactics, techniques, and procedures.”

Introducing Microsoft Copilot for Security
Introducing Microsoft Security Copilot. (Source: YouTube / Microsoft)

Security Copilot also includes a range of collaboration features, allowing security teams to work together more effectively. The tool provides a unified workspace where analysts can share notes, collaborate on investigations, and track progress. It also includes built-in chat and video conferencing capabilities, making it easy to communicate with team members in real time.

Understandably, Microsoft emphasizes the security and data privacy of customers who would utilize Copilot in their environment. Microsoft states that “no one beyond your organization is benefiting from AI trained on your data or business processes.”

Indeed, companies have been (rightfully so) on guard for employees accidentally feeding commercially available OpenAI ChatGPT proprietary, sensitive information. This could inadvertently provide OpenAI with data it should not obtain, and even be used to train its models.

How much Microsoft Security Copilot will be able to assist with the 3 million cybersecurity worker shortage is yet to be seen. Hiring for cybersecurity remains expensive, difficult to match required skills with available candidates, and budget-constrained. Perhaps AI tools like Security Copilot can assist, but likely in Microsoft-dominant organizational IT stacks.

Nevertheless, the AI race between big tech continues and we’re here for it.

Disclaimer: The author of this article is a current employee of Google. This article does not represent the views or opinions of his employer and is not meant to be an official statement for Google, or Google Cloud.


Discover more from Cybersecurity Careers Blog

Subscribe to get the latest posts sent to your email.