Microsoft AI-powered cyber service to go live in April

After a year being previewed by beta customers, Microsoft’s much vaunted Copilot for Security service is about to go on general release, promising time savings and improved accuracy for hard-pressed security pros

Alex Scroxton,
Security Editor

Published: 13 Mar 2024 16:00

Almost a year after its debut, Microsoft has announced it will be bringing its Copilot for Security artificial intelligence (AI)-backed cyber solution to general availability in early April.

Formed from Redmond’s multibillion-dollar partnership with OpenAI’s ChatGPT, and a companion to a number of other Copilot-branded options for organisations running Microsoft 365, Copilot for Security will supposedly bring Microsoft’s security expertise to bear to enable cyber teams to amplify their abilities, work better together and act quicker to thwart new threats.

“I am thrilled to announce the general availability of Microsoft Copilot for Security. We believe it will be a force multiplier in security, helping to tilt the scale for defenders,” said Vasu Jakkal, vice-president of security at Microsoft.

“Security and IT professionals can see threats comprehensively, respond in a fraction of the time, reduce alert fatigue, and grow their security skillset. The most consistent comment we get from early users of Copilot for Security is ‘Wow!’ and we agree. We look forward to delivering more Copilot ‘wow’ in the months to come.”

Copilot for Security is designed to collate insights from across Microsoft’s security product line-up – and products from other suppliers – to deliver natural language guidance to help security pros access, summarise and act on insights quicker and with more confidence. Microsoft said it was clear in its messaging that the service is not designed to replace such tools.

According to an internal study, it said, experienced analysts using Copilot for Security performed common security tasks a 22% quicker than before, and with a 7% improvement to accuracy.

“These gains in speed, accuracy, and sentiment mean that security and IT teams have the power to radically improve not only their work, but also their sense of job satisfaction as they find the time to work on the most critical tasks, versus being bogged down in the more mundane part of their roles,” wrote Rani Lofstrom, director of the Microsoft Security for Copilot Marketing Team.

Mario Ferket, CISO at chemicals and plastics company Dow, has been using Security for Copilot during the pilot phase. “Recently we hired a few junior analysts and what we’ve seen is, to get those folks up to speed, with Copilot, the speed is tremendous,” he said.

“If you want to create a complex KQL script, you can now use natural language. This levels the playing field because in the past, the junior analysts would have needed help from senior analysts to do that type of work.”

Four key tasks

Based on its learnings to date, Microsoft highlighted four key tasks for which it hopes Copilot for Security will prove useful. These are:

Incident summarisation, offering context around incidents and improving communication by distilling technical alerts into concise and actionable summaries;
Impact analysis, assessing the possible impact of an incident, including impacted systems and data, to enable teams to prioritise remediation and response;
Reverse engineering, figuring out what malwares do or have done, and help security teams understand what is going on;
Guided response, offering step-by-step incident response playbooks.

The product will be available on a pay-as-you-go basis, either via a standalone portal, or as an “intuitive experience” embedded within existing security products. At launch, it will accept prompts and deliver responses in a total of eight languages, and its product interface is available in 25.

Partner proposition

Besides its early-access customers, Microsoft has been working alongside its partners to incorporate Copilot for Security into their offerings. The service will launch with a library of existing plugins and work is ongoing to bring more to market.

Difenda, an Ontario, Canada-based supplier of managed extended detection and response (MXDR) services, is among those to have already incorporated the service into its offering.

“By integrating Copilot for Security with our MXDR service offering and Difenda AIRO, we continue to rapidly address routine triage and response activities,” said the firm’s vice-president of service delivery and product development, Andrew Hodges.

“Through customer testing, we have proven at least a 60% reduction in alert volume from phishing incidents and we are excited to see the drastic acceleration of cyber security programme maturity for companies of all levels.”

Read more on Data breach incident management and recovery

How does Microsoft 365 Copilot pricing and licensing work?