Microsoft's Security Copilot is helping cyber responders be 73% more accurate

Generated by ChatGPT | Security Copilot will enable cybersecurity defenders to protect more efficiently.
Microsoft believes Copilot will enable cybersecurity defenders to protect more efficiently. (Image credit: ChatGPT)

What you need to know

  • "New" analysts using Security Copilot demonstrated 44% more accurate responses and were 26% faster across all tasks.
  • Microsoft Sentinel, Microsoft Defender XDR (previously Microsoft 365 Defender), and Microsoft Security Copilot combine for the first Unified Security Operations Platform.
  • Learn more at the “The Future of Security with AI” presented by Charlie Bell on Thursday, November 16th at 10:15 am PT.

Microsoft is aiming to fix a real issue facing the world today. The exponential increase in cybercrime and cyberattacks is outpacing the ability of blue teams throughout the globe to train, supply, and equip their analysts and defenders with the tools necessary to fight the overwhelming threat. 

Microsoft recently announced its decision to go all in on security using AI to improve its capabilities. Some of the numbers coming out of Ignite 2023 are quite shocking. Here are a couple of comments from Microsoft.

  • In just two years, the number of password attacks detected by Microsoft has risen from 579 per second to over 4,000 per second. 
  • Per CybersecurityVentures.com, The global cost of cybercrime is expected to reach $10.5 trillion by 2025, up from $3 trillion in 2015. 
  • Security teams face an asymmetric challenge: they must protect everything, while attackers only need to find one weak point—while regulatory complexity, a global talent shortage, and rampant fragmentation add to the challenge.

How can Security Copilot help with cybersecurity?

One of the biggest announcements that has come out of Ignite today is that Microsoft will be combining all of its many security offerings into a single Unified Security Operations Platform. This has been a huge shortcoming of Microsoft Defender and its many subsets for a while now. 

You might be looking for a high-risk user in Azure Entra, see they had a file accessed in Sharepoint, have to pivot to Microsoft Defender for Cloud, then realize there are other files being accessed and have to look in Microsoft Purview for possible data protection remediation. All of this should be integrated and unified and if Microsoft can link these all together, with the power of AI no less could be a game changer. 

By bringing together Microsoft Sentinel, Microsoft Defender XDR (previously Microsoft 365 Defender), and Microsoft Security Copilot, security analysts now have a unified incident experience that streamlines triage and provides a complete, end-to-end view of threats across the digital estate.

Microsoft

Microsoft has some interesting statistics about the usefulness of Security Copilot in a cybersecurity setting. Microsoft held a randomized controlled trial (RCT) to measure the productivity impact for “new in career” analysts, participants using Security Copilot demonstrated 44% more accurate responses and were 26% faster across all tasks. They were also 11% more accurate on incident reports, and 73% more accurate about appropriate remediation steps. These are some pretty impressive performance and accuracy gains. 

A lot of analysts in any profession can do very well with the technical aspect of their role, but many struggle with communication, report writing, and having proper voice for the correct audience. Security Copilot can help with these shortcomings. 

Complex tasks, such as analyzing malicious scripts or crafting KQL queries to hunt across data in Microsoft Sentinel and Defender XDR, can be accomplished simply by asking a question in natural language or accepting a suggestion from Security Copilot. And if you need to report back to your CISO, you can now instantly generate a polished incident report that summarizes an investigation and the remediation actions that were taken.

Microsoft

As an incident responder, this sounds like a dream come true. The upside to integrating AI solutions into cybersecurity detection and response is hard to pass up, but many companies are still worried about trusting such a new technology with their security back-end. 

Microsoft also has plans to integrate Defender for Cloud signals into Microsoft XDR to make it the most comprehensive and native XDR on the market. Microsoft is also adding new detection capabilities in Defender for Endpoint to generate decoys and lures for better honeypots and traps for threat-actors. 

If your company is interested in testing out Security Copilot or staying up to date with the newest information, think about joining the Microsoft Security Copilot Partner community or signing up for the Early Access Program.

Some big updates coming to Microsoft Intune

Microsoft announced three new features coming to Microsoft Intune in February 2024. Microsoft is hoping these new offerings can provide "simplification, security, and satisfaction." 

  • Microsoft Cloud PKI offers a comprehensive, cloud-based public key infrastructure and certificate management solution to simply create, deploy, and manage certificates for authentication, Wi-Fi, and VPN endpoint scenarios.
  • Microsoft Intune Enterprise Application Management streamlines third-party app discovery, packaging, deployment, and updates via a secure enterprise catalog to help all workers stay current.
  • Microsoft Intune Advanced Analytics extends the Intune Suite anomaly detection capabilities and provides deep device data insights as well as battery health scoring for administrators to proactively power better, more secure user experiences and productivity improvements.

We will need to see these new features in action, see how they coalesce together, and if there is actual high-fidelity actionable data coming from them. All in all these additions should be great changes that put more options in the hands of engineers and analysts to better secure endpoints. Interested in Cybersecurity? Check out our guide for getting started in the Cybersecurity field.

What do you think about these announcements from Ignite? Do you think companies should jump on the Security Copilot bandwagon? Let us know in the comments.

Colton Stradling
Contributor

Colton is a seasoned cybersecurity professional that wants to share his love of technology with the Windows Central audience. When he isn’t assisting in defending companies from the newest zero-days or sharing his thoughts through his articles, he loves to spend time with his family and play video games on PC and Xbox. Colton focuses on buying guides, PCs, and devices and is always happy to have a conversation about emerging tech and gaming news.