Microsoft announces wider availability of AI-powered Security Copilot


Microsoft Security Copilot has been made available to a larger number of enterprise customers, via an invitation-only Early Access Program.

What is Microsoft Security Copilot?

“Security Copilot is an AI assistant for security teams that builds on the latest in large language models and harnesses Microsoft’s security expertise and global threat intelligence to help security teams outpace their adversaries,” said Vasu Jakkal, corporate vice president, security, compliance, identity, and management at Microsoft.

Available in private preview since March 2023, Security Copilot allows security analysts to submit prompts in natural language, much like ChatGPT, to get actionable responses and simplify threat hunting.

It can provide a summary of specified incidents that includes details about how they happened along with a technical overview to help responders in their investigation.

It allows security teams to inspect scripts and codes without using external tools, to identify whether a script is malicious or not.

Threat hunters can used its query assistant to turn natural-language questions into ready-to-run Kusto Query Language (KQL) queries.

Finally, Security Copilot can also help with security posture management, as it helps pinpoint whether the organization is susceptible to known vulnerabilities and exploits. It then provides guidance for risk prioritization and remediation.

“Security Copilot is already helping our preview customers save up to 40 percent of their time on core security operations tasks with capabilities such as writing complex queries based only on natural language questions and summarizing security incidents,” Jakkal claims.

“[It] can effectively up-skill a security team, regardless of its expertise, save them time, enable them to find what previously they might have missed, and free them to focus on the most impactful projects.”

New capabilities and integrations

Security Copilot will integrate with the company’s XDR platform – Microsoft 365 Defender – and use provided information and insights to help analysts investigate and remediate faster.

Microsoft Defender Threat Intelligence will also be available to analysts within Security Copilot at no additional cost.

“In addition, organizations that work with Managed Security Service Providers (MSSPs) and are in the Early Access Program will be able to extend access to their Security Copilot environment, allowing MSSPs to participate with them using Security Copilot (‘Bring Your Own—MSSP’),” Jakkal noted.

Companies can check with Microsoft to find out whether they can join the Early Access Program.



Source link