The Bulletin


.

Introducing Microsoft Security Copilot: Empowering defenders at the speed of AI

  • Written by The Bulletin

The odds are against today's defenders

SINGAPORE - Media OutReach - 6 April 2023 - Today the odds remain stacked against cybersecurity professionals. Too often, they fight an asymmetric battle against prolific, relentless and sophisticated attackers.

To protect their organizations, defenders must respond to threats that are often hidden among noise. Compounding this challenge is a global shortage of skilled security professionals, leading to an estimated 3.4 million openings in the field.

To overcome these challenges, new technologies must be continually developed to tip the scales in favor of defenders. With the rapid advancements in AI, organizations are applying the technology to various use cases, empowering security professionals to drive innovation and disrupt attackers' traditional advantages.

As the world welcomes a new era of security, Microsoft is taking a significant step forward by combining its leading security technologies with the latest advancements in AI. At the inaugural Microsoft Secure event on 28 March, Microsoft introduced the Microsoft Security Copilot – shaped by the power of OpenAI's GPT-4 generative AI to revolutionize the field of cybersecurity.

Security Copilot — end-to-end defense at machine speed and scale
Microsoft Security Copilot is the first security product to enable defenders to move at the speed and scale of AI. Security Copilot combines this advanced large language model (LLM) with a security-specific model from Microsoft.

Dennis Chung, Chief Technology Officer, Microsoft Singapore, shared, "The rapidly evolving cybersecurity landscape demands that organizations continuously strengthen and maintain their security measures to effectively combat increasingly sophisticated threats and ensure the safety of their people and business. Our Microsoft Security Copilot brings the power of AI to individuals to drive innovation and scale at pace, as they create a secure digital environment for all. "

This security-specific model in turn incorporates a growing set of security-specific skills and is informed by Microsoft's unique global threat intelligence and more than 65 trillion daily signals. Security Copilot also delivers an enterprise-grade security and privacy-compliant experience as it runs on Azure's hyperscale infrastructure.

When Security Copilot receives a prompt from a security professional, it uses the full power of the security-specific model to deploy skills and queries that maximize the value of the latest large language model capabilities. And this is unique to a security use-case. Microsoft's cyber-trained model adds a learning system to create and tune new skills. Security Copilot then can help catch what other approaches might miss and augment an analyst's work. In a typical incident, this boost translates into gains in the quality of detection, speed of response and ability to strengthen security posture.

Security Copilot doesn't always get everything right. AI-generated content can contain mistakes. But Security Copilot is a closed-loop learning system, which means it's continually learning from users and giving them the opportunity to give explicit feedback with the feedback feature that is built directly into the tool. As we continue to learn from these interactions, we are adjusting its responses to create more coherent, relevant and useful answers.

Security Copilot also integrates with the end-to-end Microsoft Security products, and over time it will expand to a growing ecosystem of third-party products. So, in short, Security Copilot is not only a large language model, but rather a system that learns, to enable organizations to truly defend at machine speed.

Microsoft believes that security is a team sport, and that security should be built with privacy at the core. With security teams in mind, Microsoft built the Security Copilot to ensure that data stays with the control of each user. It is not used to train the foundation AI models, and in fact, it is protected by the most comprehensive enterprise compliance and security controls. While remaining private, each user interaction can be easily shared with other team members to accelerate incident response, collaborate more effectively on complex problems and develop collective skills.

Technology that elevates human strengths
Human creativity and knowledge will always be imperative for defense. Security Copilot can augment security professionals with machine speed and scale, so human ingenuity is deployed where it matters most. In delivering this experience, the following principles guide Microsoft in driving innovation that empowers everyone:

  1. Simplify the complex.
    In security, minutes count. With Security Copilot, defenders can respond to security incidents within minutes instead of hours or days. Security Copilot delivers critical step-by-step guidance and context through a natural language-based investigation experience that accelerates incident investigation and response. The ability to quickly summarize any process or event and tune reporting to suit a desired audience frees defenders to focus on the most pressing work.
  2. Catch what others miss.
    Attackers hide behind noise and weak signals. Defenders can now discover malicious behavior and threat signals that could otherwise go undetected. Security Copilot surfaces prioritized threats in real time and anticipates a threat actor's next move with continuous reasoning based on Microsoft's global threat intelligence. Security Copilot also comes with skills that represent the expertise of security analysts in areas such as threat hunting, incident response and vulnerability management.
  3. Address the talent gap.
    A security team's capacity will always be limited by the team's size and the natural limits of human attention. Security Copilot boosts your defenders' skills with its ability to answer security-related questions – from the basic to the complex. Security Copilot continually learns from user interactions, adapts to enterprise preferences, and advises defenders on the best course of action to achieve more secure outcomes. It also supports learning for new team members as it exposes them to new skills and approaches as they develop. This enables security teams to do more with less, and to operate with the capabilities of a larger, more mature organization.

Unrivaled security capabilities

With Security Copilot, the agility advantage is being restored to defenders by combining Microsoft's leading security technologies with the latest advancements in AI. By working with Security Copilot, organizations get access to an unrivaled depth and breadth of security AI capabilities, including:

  1. Ongoing access to the most advanced OpenAI models to support the most demanding security tasks and applications
  2. A security-specific model that benefits from continuous reinforcement, learning and user feedback to meet the unique needs of security professionals;
  3. Visibility and evergreen threat intelligence powered by your organization's security products and the 65 trillion threat signals Microsoft sees every day to ensure that security teams are operating with the latest knowledge of attackers, their tactics, techniques, and procedures;
  4. Integration with Microsoft's end-to-end security portfolio for a highly efficient experience that builds on the security signals;
  5. A growing list of unique skills and prompts that elevate the expertise of security teams and set the bar higher for what is possible even under limited resources.

Delivering security AI in a responsible way
Without a doubt, AI will transform how organizations around the world interact with security technologies. To achieve their highest potential, security AI solutions must be delivered in a safe, secure and responsible way. With Security Copilot, Microsoft reinforces its commitment to impactful and responsible AI practices by innovating responsibly, empowering others, and fostering positive impact.

The cornerstone of this work is Microsoft's commitment to how Security Copilot handles user data:

  1. Your data is your data. It's yours to own and control, and yours to choose how you want to leverage and monetize.
  2. Your data is not used to train or enrich foundation AI models used by others – no one beyond your organization is benefiting from AI trained on your data or business processes.
  3. Your data and AI models are protected at every step by the most comprehensive enterprise compliance and security controls in the industry.

The new era of security
At Microsoft, we believe that security is ultimately about people. With Security Copilot, Microsoft is building a future where every defender is empowered with the technologies and expertise that enable them to reach their full potential. Technology will play an essential role on this journey, but successful security is, and will continue to be, a human endeavor.

Hashtag: #Microsoft

The issuer is solely responsible for the content of this announcement.