Microsoft have just announced that Microsoft Copilot for Security will hit general availability as of 01st April 2024.

Copilot for Security stands out from other security tech as it will be the worlds first generative AI solution; designed to help developers and cybersecurity specialists catch issues faster and strengthen security organisation wide.

Copilot is built using data from large scale threat intelligence and the 78 trillion security signals Microsoft processes. Every. Single. Day.
That then gets coupled with a large language model to give you tailored insights and guide your next steps… all in natural language!

The timing comes shortly after Microsoft’s second Copilot for Security economic study, which showed that even the most senior security experts became faster and more accurate when using Copilot for Security. In fact:

• Experienced security analysts were 22% faster with Copilot
• 7% more accurate across all tasks when using Copilot
• 97% said they would want to use Copilot the next time they repeated a similar or same task.

Copilot For Security Is Pay-As-You-Go

Given Microsoft’s goal of ‘security for all’ Copilot

For Security will include a provisioned pay-as-you-go licensing model that should make it much more accessible to a wider range of organisations than any other solution currently out there.

The consumption-based pricing model will let businesses get started quicker, scale up their usage as required, or scale down if it becomes necessary.

What Can Copilot For Security Do?

• Custom promptbooks allow customers to create and save their own series of natural language prompts for common security workstreams and tasks.
• Knowledge base integrations, in preview, empowers you to integrate Copilot for Security with your business context, so you can search and query over your proprietary content.
• Multi-language support now allows Copilot to process prompts and respond in eight different languages with 25 languages supported in the interface.
• Third-party integrations from global partners who are actively developing integrations and services.
• Connect to your curated external attack surface from Microsoft Defender External Attack Surface Management to identify and analyse the most up-to-date information on your organisation’s external attack surface risks.
• Microsoft Entra audit logs and diagnostic logs give additional insight for a security investigation or IT issue analysis of audit logs related to a specific user or event, summarised in natural language.
• Usage reporting provides dashboard insights on how your teams use Copilot so that you can identify even more opportunities for optimisation.

Two Flavours Of Copilot Security

Once 01^st April comes around, there’ll be two versions of Copilot Security users can, well, use.

An immersive, standalone portal or embedded into their existing security products.

Integration of Copilot with Microsoft Security products will make it simple to take advantage of speed and accuracy gains demonstrated in the MS study.

The unified security operations platform, coming soon, will deliver an embedded Copilot experience within the Microsoft Defender portal for security information and event management (SIEM) and extended detection and response (XDR) that will prompt users as they investigate and respond to threats.

Copilot automatically surfaces relevant details for summaries, drives efficiency with guided response, empowers analysts at all levels with natural language to Kusto Query Language (KQL) and script and file analysis, and now includes the ability to assess risks with the latest Microsoft threat intelligence.

  
Copilot in Microsoft Entra user risk investigation, now in preview, helps prevent identity compromise and respond to threats quickly. This embedded experience in Microsoft Entra provides a summary in natural language of the user risk indicators and tailored guidance for resolving the risk. Copilot will also recommend ways to automate prevention and resolution for future identity attacks, such as with a recommended Microsoft Entra Conditional Access policy, to increase security postures and keep help desk calls to a minimum.

Copilot in Microsoft Intune, now in preview, will also help security experts make better-informed decisions for endpoint management. It will simplify root cause determination with complete device context, error code analysis, and device configuration comparisons, making it possible to detect and remediate issues before they become problems.