March 28th, 2023 – Today, Microsoft held its inaugural Secure event, a virtual conference focused on cybersecurity.
The big announcement from Microsoft at the event was its unveiling of Microsoft Security Copilot.
Security Copilot is Microsoft’s first generative AI security product, built on GPT-4 and incorporating Microsoft threat intelligence, including 65 trillion threat signals, and a security-specific large language model developed by Microsoft.
Security Copilot, like other generative AI tools, offers professionals a prompt bar where they can ask questions of the platform around incidents and threats. According to Microsoft, the tool can quickly summarize a vulnerability and offer prompt suggestions based on query history.
Users can collaborate with others in their organization through a “pinboard” that allows the user to pin relevant information for everyone to see.
Security Copilot continuously learns from Microsoft threat intelligence and integrates data and insights from other Microsoft security products. Machine learning is used to constantly refine and improve prompts.
All previous investigations, according to Microsoft, can be accessed at any time, offering an immutable audit trail. The system also offers a “prompt book” which is a collection of pre-generated prompts to help professionals discover indicators of compromise quickly that can then be pinned to the pinboard to collaboratively share across the organization.
As an example, reverse engineering prompts can be used to understand how a script works quickly and containment prompts can help rapidly remove potential malware from the network.
Professionals can even use the tool to develop a PowerPoint deck to help explain the attack to the broader organization.
The output of the prompts can come in the form of text, code, or visuals.
Microsoft made it clear that the data of Copilot users is not used to train the larger model, as a concern of generative AI models is data privacy.
Ultimately, the goal of Security Copilot is to combine data, threat intelligence, and artificial intelligence to allow security professionals to make decisions at machine speed.
Microsoft highlights its desire to have Security Copilot help bridge the current cybersecurity knowledge gap. It hopes Copilot can help save professionals hours of investigations and reverse engineer code in seconds while making it easier for those professionals to share findings in seconds.
Microsoft hopes that Security Copilot can even be used to help narrow the communications divide between security professionals and c-suite executives by allowing security professionals to break down incidents and threat vectors into a language that non-security professionals can understand.
Microsoft wants the tool to make security analysts more productive and more valuable. “Imagine having a Tier 1 SOC where all of the HCMple do Tier 2 SOC work,” Microsoft President Brad Smith said at the conference.
The company acknowledged that it Is working to release Security Copilot in a methodical way, with guardrails. The company believes it is being thoughtful in the way it will get Security Copilot into users’ hands and iterate the technology.
At the conference, Microsoft also promoted its desire to help close the cybersecurity skills gap. The company is investing in training 250,000 cybersecurity professionals by 2025 by partnering with colleges and NGOs. It wants to use digital curriculum to help upskill users around the world to enter the cybersecurity workforce.
The company says it is also committed to building public-private partnerships to help mitigate increases in global insecurity, ransomware, nation state attacks, and cyber influence operations.
Finally, the company hopes to help secure the developer pipeline by helping developers write more secure code.
Security Copilot is currently in private preview and the company has yet to share details of its public rollout.
At the conference, Smith spoke of an analogy that he likened to today’s environment. He went back over a century to 1903, when Henry Ford released the Model A automobile. While the car was revolutionary, it was not until 1908 when Ford released the Model T that the automobile would truly begin to change the world.
Will Security Copilot change the cybersecurity world in a similar way? Only time will tell.