Microsoft debuts its AI-powered Security Copilot to bolster protection for organizations

Microsoft Defender
(Image credit: Daniel Rubino)

What you need to know

  • Microsoft recently announced Security Copilot in early access.
  • It's an AI-powered tool designed to help users identify and counter security threats by leveraging global threat intelligence expertise and the latest large language models.
  • Security Copilot can provide users with rapid incident summaries, rapid guided responses, and more.
  • The tool integrates with Microsoft's 365 Defender Extended Detection and Response (XDR) platform.
  • Those who sign up for the Early Access Program for the tool will have access to Microsoft's Defender Threat Intelligence data at no additional cost.

Microsoft recently unveiled Security Copilot, and as you might have guessed, it is an AI-powered tool designed to help users identify and counter security threats. It leverages large language models, Microsoft’s security expertise, and global threat intelligence to "protect organizations at machine speed and scale."

However, the tool is rolling out to Microsoft's Early Access Program. This means only a finite number of customers will have access. According to Microsoft, the tool ships with a wide range of capabilities, including comprehensive explanations and answers to security questions based on the user's enterprise environment.

The tool also has the capability to upskill a security team regardless of its level of expertise. This way, the tool allows the team to thoroughly look into any potential issues that are easy to overlook, ultimately saving time and resources. 

Security Copilot is already helping our preview customers save up to 40 percent of their time on core security operations tasks with capabilities such as writing complex queries based only on natural language questions and summarizing security incidents.

Vasu Jakkal, Microsoft CVP for Security

What's more, Security Copilot provides an embedded experience that combines  Microsoft's 365 Defender Extended Detection and Response (XDR) platform. Microsoft explains this is important because it will provide security teams with "actionable recommendations" directly from a unified experience. Users who sign up for the Security Copilot Early Access Program will also have free access to Microsoft Defender Threat Intelligence data. 

Microsoft says organizations working with Managed Security Service Providers (MSSPs) in the Early Access Program will be able to extend access to their Security Copilot environment, thus allowing MSSPs to interact with them using the platform. 

A screenshot showcasing Security Copilot experience in Microsoft 365 Defender. (Image credit: Microsoft)

Other Security Copliot capabilities include:

  • Incident summaries with a single click: Summarize an incident quickly into natural language to help security operations teams understand bad actors faster or to share with the board.
  • Guided response to incidents at machine speed: Guide security analysts of any skill level through the cyber threat remediation and response process with the help of generative AI directly within Microsoft 365 Defender. This seamless workflow helps reduce the time to respond to threats, which is key to keeping organizations safe.
  • Natural language queries to simplify hunting: Whether proactively hunting for cyber threats or extending existing incidents, queries are a critical part of any security operations platform. Write queries in natural language and use the power of Security Copilot to automatically generate Kusto Query Language (KQL) to save time and help upskill your security analysts. 
  • Real-time malware analysis: Understanding and reverse-engineering malware has, to date, only been accessible to the most advanced incident responders. With Security Copilot, it becomes easier to analyze and understand complex and also obfuscated PowerShell command line scripts and document the flow
  • Threat intelligence at your fingertips: Threat intelligence is only as effective as how easy it is to access and apply. With Security Copilot, users can inquire in natural language about emerging cyber threats, cyberattack techniques, and whether an organization is impacted by or exposed to a specific cyber threat.

Is Security Copilot the answer to malware attacks?

While it is too early to jump the gun and indicate that Security Copilot is the answer to malicious attacks and threats, the technology seems promising. Of course, it's only available to a limited number of users, which could indicate that more improvements are likely to ship to Security Copilot. 

It's still interesting to imagine the impact it will have on security teams and how well they'll be able to handle attacks. Besides, it can upskill security teams, after all.

Will Security Copilot put security teams a step ahead of attackers? Share your thoughts with us in the comments.

Kevin Okemwa

Kevin Okemwa is a seasoned tech journalist based in Nairobi, Kenya with lots of experience covering the latest trends and developments in the industry at Windows Central. With a passion for innovation and a keen eye for detail, he has written for leading publications such as OnMSFT, MakeUseOf, and Windows Report, providing insightful analysis and breaking news on everything revolving around the Microsoft ecosystem. You'll also catch him occasionally contributing at iMore about Apple and AI. While AFK and not busy following the ever-emerging trends in tech, you can find him exploring the world or listening to music.