The era of AI brings unprecedented opportunities for us, and at the same time we are also facing an unprecedented surge in cyberthreats, coupled with a global shortage of security experts. Security and safety is the defining challenge of our times and protecting organizations from cybercrime has only become more challenging. A paradigm shift is required in the security industry’s approach to this challenge.
At Microsoft, this imperative guides our mission in security every day and it has shaped our research and development effort to empower security teams. Key to this effort is harnessing the power of generative AI, which, together with our end-to-end security solutions, creates an incredible force multiplier for empowering security teams everywhere and delivering security for all. Generative AI is transformative for security, and generative AI combined with Microsoft threat intelligence and our security-specific models will enable us to tip the scales in favor of security teams.
In March 2023 as a first step, we announced Microsoft Security Copilot—the first generative AI security product to help protect organizations at machine speed and scale. Security Copilot is an AI assistant for security teams that builds on the latest in large language models and harnesses Microsoft’s security expertise and global threat intelligence to help security teams outpace their adversaries. Security Copilot is already helping our preview customers save up to 40 percent of their time on core security operations tasks with capabilities such as writing complex queries based only on natural language questions and summarizing security incidents.1 Security Copilot can effectively up-skill a security team, regardless of its expertise, save them time, enable them to find what previously they might have missed, and free them to focus on the most impactful projects.
Today as we announce our Early Access Program is now open to qualified customers, we are adding important new capabilities:
In addition, organizations that work with Managed Security Service Providers (MSSPs) and are in the Early Access Program will be able to extend access to their Security Copilot environment, allowing MSSPs to participate with them using Security Copilot (“Bring Your Own—MSSP”).
To learn more about the new capabilities, keep reading.
Delivering security in a coherent way across the broadest set of cyberthreat vectors is a fundamental promise of XDR. Today organizations struggle to manually traverse multiple disconnected tools and datasets from numerous vendors to protect email, endpoints, cloud apps, and more. Microsoft 365 Defender and Security Copilot together help analysts focus on what matters most to protect faster. With the embedded experience for Security Copilot in Microsoft 365 Defender, we are making the industry-leading XDR solution even more powerful and easy to use. The new embedded experience opens up powerful scenarios directly from within Microsoft 365 Defender, including:
“We liked that Security Copilot was easy to set up, offered a dedicated tenant to protect the privacy of prompts, and gave ready access to our enabled Microsoft security products, allowing us to enrich investigations with data from those products, all in one place.”
—Chris Weissert, Director, IT Security, Fidelity National Financial
To dive deeper into this new embedded experience, read more on how we’re enabling the SOC to reach new levels of efficiency and protection at the speed and scale of AI.
Figure 1: Embedded Security Copilot experience in Microsoft 365 Defender—Security Copilot-generated incident report.
Figure 2: Embedded Security Copilot experience in Microsoft 365 Defender—Complex script analysis and summary.
Threat intelligence is one of the cornerstones of any effective security operation. Every day at Microsoft, our 10,000 researchers and analysts receive 65 trillion security signals that we collect across clouds, devices, and workloads. When you are up against a sophisticated threat actor, we want you to have the best knowledge of who they are, how they operate, and most importantly, how you can protect against them.
Today we are pleased to announce that Microsoft Defender Threat Intelligence, and access to its API, will be available to every Security Copilot customer at no additional cost. Defender Threat Intelligence is a threat intelligence workbench with deep integrations across Microsoft Security products empowering security teams with knowledge of the cyberthreat landscape, including actors, tools, vulnerabilities, and infrastructure. It provides a mechanism to connect indicators of compromise to finished intelligence, such as vulnerability articles, enriched open-source intelligence, and Microsoft’s own articles. As Security Copilot enriches security incidents and alerts with Microsoft’s vast knowledge of cyberthreats, customers may now access Defender Threat Intelligence directly to expose and eliminate modern cyberthreats and cyberattacker infrastructure, identify cyberattackers and their tools, and accelerate cyberthreat detection and remediation.
Learn about what’s next with generative AI and Microsoft Security Copilot with regular updates from Microsoft Security.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (formerly known as “Twitter”) (@MSFTSecurity) for the latest news and updates on cybersecurity.
1Security Copilot Private Preview customer survey conducted by Microsoft, October 2023.
2Microsoft achieves a Leader placement in Forrester Wave for XDR, Rob Lefferts. October 18, 2021.
Source: Microsoft Security