This post has been republished via RSS; it originally appeared at: Microsoft Security Blog.
The era of AI brings unprecedented opportunities for us, and at the same time we are also facing an unprecedented surge in cyberthreats, coupled with a global shortage of security experts. Security and safety is the defining challenge of our times and protecting organizations from cybercrime has only become more challenging. A paradigm shift is required in the security industry’s approach to this challenge.
At Microsoft, this imperative guides our mission in security every day and it has shaped our research and development effort to empower security teams. Key to this effort is harnessing the power of generative AI, which, together with our end-to-end security solutions, creates an incredible force multiplier for empowering security teams everywhere and delivering security for all. Generative AI is transformative for security, and generative AI combined with Microsoft threat intelligence and our security-specific models will enable us to tip the scales in favor of security teams.
In March 2023 as a first step, we announced Microsoft Security Copilot—the first generative AI security product to help protect organizations at machine speed and scale. Security Copilot is an AI assistant for security teams that builds on the latest in large language models and harnesses Microsoft’s security expertise and global threat intelligence to help security teams outpace their adversaries. Security Copilot is already helping our preview customers save up to 40 percent of their time on core security operations tasks with capabilities such as writing complex queries based only on natural language questions and summarizing security incidents.1 Security Copilot can effectively up-skill a security team, regardless of its expertise, save them time, enable them to find what previously they might have missed, and free them to focus on the most impactful projects.
Today as we announce our Early Access Program is now open to qualified customers, we are adding important new capabilities:
- A new Security Copilot experience embedded within our industry-leading extended detection and response (XDR) platform, Microsoft 365 Defender.2 This new embedded experience helps guide analysts directly with actionable recommendations—all from within a single unified experience.
- Microsoft Defender Threat Intelligence is now included at no cost with Security Copilot. Defender Threat Intelligence enables customers to directly access, operate on, and integrate Microsoft’s finished threat intelligence, delivering a greater depth of insight to security teams.
In addition, organizations that work with Managed Security Service Providers (MSSPs) and are in the Early Access Program will be able to extend access to their Security Copilot environment, allowing MSSPs to participate with them using Security Copilot (“Bring Your Own—MSSP”).
To learn more about the new capabilities, keep reading.
Generative AI meets XDR
Delivering security in a coherent way across the broadest set of cyberthreat vectors is a fundamental promise of XDR. Today organizations struggle to manually traverse multiple disconnected tools and datasets from numerous vendors to protect email, endpoints, cloud apps, and more. Microsoft 365 Defender and Security Copilot together help analysts focus on what matters most to protect faster. With the embedded experience for Security Copilot in Microsoft 365 Defender, we are making the industry-leading XDR solution even more powerful and easy to use. The new embedded experience opens up powerful scenarios directly from within Microsoft 365 Defender, including:
- Incident summaries with a single click: Summarize an incident quickly into natural language to help security operations teams understand bad actors faster or to share with the board. A complete post-response activity report is available as shown in Figure 1.
- Guided response to incidents at machine speed: Guide security analysts of any skill level through the cyberthreat remediation and response process with the help of generative AI directly within Microsoft 365 Defender. This seamless workflow helps reduce the time to respond to threats, which is key to keeping organizations safe.
- Natural language queries to simplify hunting: Whether proactively hunting for cyberthreats or extending existing incidents, queries are a critical part of any security operations platform. Write queries in natural language and use the power of Security Copilot to automatically generate Kusto Query Language (KQL) to save time and help upskill your security analysts.
- Real-time malware analysis: Understanding and reverse-engineering malware has, to date, only been accessible to the most advanced incident responders. With Security Copilot, it becomes easier to analyze and understand complex and also obfuscated PowerShell command line scripts and document the flow—shown in Figure 2.
- Threat intelligence at your fingertips: Threat intelligence is only as effective as how easy it is to access and apply. With Security Copilot, users can inquire in natural language about emerging cyberthreats, cyberattack techniques, and whether an organization is impacted by or exposed to a specific cyberthreat.
“We liked that Security Copilot was easy to set up, offered a dedicated tenant to protect the privacy of prompts, and gave ready access to our enabled Microsoft security products, allowing us to enrich investigations with data from those products, all in one place.”
—Chris Weissert, Director, IT Security, Fidelity National Financial
To dive deeper into this new embedded experience, read more on how we’re enabling the SOC to reach new levels of efficiency and protection at the speed and scale of AI.
Figure 1: Embedded Security Copilot experience in Microsoft 365 Defender—Security Copilot-generated incident report.
Figure 2: Embedded Security Copilot experience in Microsoft 365 Defender—Complex script analysis and summary.
Threat intelligence at no additional cost
Threat intelligence is one of the cornerstones of any effective security operation. Every day at Microsoft, our 10,000 researchers and analysts receive 65 trillion security signals that we collect across clouds, devices, and workloads. When you are up against a sophisticated threat actor, we want you to have the best knowledge of who they are, how they operate, and most importantly, how you can protect against them.
Today we are pleased to announce that Microsoft Defender Threat Intelligence, and access to its API, will be available to every Security Copilot customer at no additional cost. Defender Threat Intelligence is a threat intelligence workbench with deep integrations across Microsoft Security products empowering security teams with knowledge of the cyberthreat landscape, including actors, tools, vulnerabilities, and infrastructure. It provides a mechanism to connect indicators of compromise to finished intelligence, such as vulnerability articles, enriched open-source intelligence, and Microsoft’s own articles. As Security Copilot enriches security incidents and alerts with Microsoft’s vast knowledge of cyberthreats, customers may now access Defender Threat Intelligence directly to expose and eliminate modern cyberthreats and cyberattacker infrastructure, identify cyberattackers and their tools, and accelerate cyberthreat detection and remediation.
Join the Early Access Program
- Interest in the Security Copilot Early Access Program has been high and space is still available. Reach out to your sales representative to get more details on early access program qualifications.
- If you are a security partner interested in using Microsoft Security Copilot with your solutions, please sign up to join the Security Copilot Partner Ecosystem.
- Learn more about Microsoft Security Copilot.
- Learn more about Microsoft 365 Defender.
Sign up for updates
Learn about what's next with generative AI and Microsoft Security Copilot with regular updates from Microsoft Security.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (formerly known as “Twitter”) (@MSFTSecurity) for the latest news and updates on cybersecurity.
1Security Copilot Private Preview customer survey conducted by Microsoft, October 2023.
2Microsoft achieves a Leader placement in Forrester Wave for XDR, Rob Lefferts. October 18, 2021.