Microsoft Security Copilot - the Introduction
A beginning
For the longest time I’ve had a menu category on my blog here that references Security Copilot. There are already a few blog posts there, most of them around how to build a copilot including how to build one that’s super-smart on KQL. In fact, I delivered a session at MMS Miami recently, showing attendees how to build one. One of the attendees took my instructions and built their own copilot that day. This one was designed not on KQL, but on the operations flight manual for a jet. His first question was how to start the jet - which it answered with full capacity.
As we get closer and closer to GA-day for Microsoft Security Copilot (and, no…I will not supply a GA date), this Security Copilot section will become more active and more populated. Like I’ve done with other things such as KQL, Microsoft Sentinel, AI Security and others, it’s time to begin the trek to ensure all of those showing high interest in this area have the content, news, and learning available.
In addition, with Microsoft Ignite announcements just around the corner, it’s also time to start developing the community around this topic. If you’re interested today, a community group on LinkedIn has just kicked-off in preparation for an exciting period for Security Copilot. You can join the community group here: https://aka.ms/SCPCommunity
Cybersecurity is one of the most critical challenges facing organizations today. As cyberattacks become more sophisticated and frequent, security teams need to respond faster and more effectively to protect their assets and data. However, security teams often face challenges such as skill gaps, information overload, and complex tools that hinder their ability to defend against threats.
To help security teams overcome these challenges, Microsoft has introduced Microsoft Security Copilot, an AI-powered security solution that provides tailored insights and guidance to empower defenders to act at machine speed and scale. Security Copilot is a natural language, assistive copilot experience that supports security professionals in end-to-end scenarios such as incident response, threat hunting, intelligence gathering, and posture management.
Security Copilot leverages the full power of OpenAI architecture to generate a response to a user prompt by using security-specific plugins, including organization-specific information, authoritative sources, and global threat intelligence. By using plugins as data point sources, security professionals have wider visibility into threats and gain more context and have the opportunity to extend the solution’s functionalities.
Security Copilot seamlessly integrates with products in the Microsoft Security portfolio such as Microsoft 365 Defender, Microsoft Sentinel, Microsoft Intune, as well as other third-party services such as ServiceNow. Security Copilot can help security teams with tasks such as:
Summarizing information about an incident by enhancing incident details with context from data sources, assessing its impact, and providing guidance on how to take remediation steps with guided suggestions.
Providing information on events that might expose organizations to a known threat and prescriptive guidance on how to protect against those potential vulnerabilities.
Generating ready-to-share executive summaries or reports on security investigations, publicly disclosed vulnerabilities, or threat actors and their campaigns.
Security Copilot is designed with integration, security, and privacy in mind. The data provided to Security Copilot is protected by industry-leading compliance and security controls and never used to train other AI models. Security Copilot also follows responsible AI principles and provides transparency and control to users.
Security Copilot is currently available in early access for commercial customers who want to experience the benefits of AI-powered security. To learn more about Security Copilot and how to sign up for the early access program, visit the following resources:
Get started with Microsoft Security Copilot Early Access Program
Microsoft 365 Defender: Investigate and respond with Security Copilot
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Subscribe to the Weekly Azure OpenAI Newsletter]
[Learn KQL with the Must Learn KQL series and book]
[Learn AI Security with the Must Learn AI Security series and book]