Microsoft has announced its AI security assistant, Copilot for Security, will be generally available from 1 April 2024, promising to streamline work streams for cyber professionals.
The assistant will support security analysts in triaging, classifying, and remediating cyber incidents, and is embedded across Microsoft’s entire security portfolio.
Copilot for Security offers incident summarization features that saves analysts from getting bogged down in time-consuming documentation steps.
During a briefing call, Andrew Conway, VP of security marketing at Microsoft, said much like developers, security analysts tend not to enjoy mundane tasks like generating summaries and reports as it takes them away from more stimulating investigative work.
Microsoft claims Copilot for Security can carry out these documentation tasks 46% faster than its human counterparts, with better accuracy too.
Another pain point for security analysts, particularly those who are less-experienced, is manually reverse engineering malicious scripts. Threat actors often obfuscate the scripts used in their attacks in order to conceal their tactics, techniques, and intentions.
Usually, threat analysts would manually reverse engineer the obfuscated script to understand how the attack works, but with talent shortages plaguing security teams across the world, finding staff who can do this effectively and efficiently is difficult, the company said.
Copilot for Security, meanwhile, can translate the code and provide a natural language explanation for the entire script, breaking down what each individual piece of code is doing.
Microsoft hopes the tool can help businesses address their skills shortage problems by providing less experienced junior analysts with actionable insights on an individual script, without the arduous manual reverse engineering process.
Mario Ferket, CISO at chemicals company Dow, said he has seen improvements in the time it takes junior analysts to ‘get up to speed’ when trialing the security copilot.
“Recently we hired a few junior analysts and what we’ve seen is, to get those folks up to speed, with Copilot, the speed is tremendous”, he explained.
“If you want to create a complex KQL script, you can now use natural language. This levels the playing field because, in the past, the junior analysts would have needed help from senior analysts to do that type of work.”
Copilot for Security will help seize the initiative from threat actors
The assistant also uses AI-driven analytics to assess the potential scope of security incidents. The system will offer holistic impact analysis with insights on the specific systems affected by an attack.
Security professionals will be able to generate impact analyses for each individual incident, as well as receive actionable, step-by-step guidance on how they should respond to an attack, including support on triage, containment, and remediation.
Moreover, Microsoft will also allow customers to create and save their own natural language prompts for their most frequent work streams.
In its testing, Microsoft found experienced security analysts using Copilot were 22% faster at common security tasks, while also increasing their accuracy by 7%.
RELATED WHITEPAPER
Moreover, 97% of experienced security analysts said they wanted to use Copilot again, with Microsoft highlighting the fact that AI has the potential to not only improve an individual’s work, but also their job satisfaction by taking care of many of the mundane tasks that might typically frustrate them.
With Copilot for Security, Microsoft has signaled its belief in AI’s ability to bring measurable improvements to security ops in enterprises across the globe.
Conway said he believes AI is beginning to turn the tables on threat actors, allowing them to seize the initiative from attackers in the digital arms race.
“Security has emerged as the most serious use case for AI right now… "organizations have traditionally faced a disadvantage against threat actors, but can now use AI to gain the upper hand”.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
So long, Defender VPN: Microsoft is scrapping the free-to-use privacy tool over low uptakeNews Defender VPN, Microsoft's free virtual private network, is set for the scrapheap, so you might want to think about alternative services.
-
Hackers are on a huge Microsoft 365 password spraying spree – here’s what you need to knowNews A botnet made up of 130,000 compromised devices has been conducting a huge password spraying campaign targeting Microsoft 365 accounts.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Microsoft is increasing payouts for its Copilot bug bounty programNews Microsoft has expanded the bug bounty program for its Copilot lineup, boosting payouts and adding coverage of WhatsApp and Telegram tools.
-
Hackers are using this new phishing technique to bypass MFA
News Microsoft has warned that a threat group known as Storm-2372 has altered its tactics using a specific ‘device code phishing’ technique to bypass MFA and steal access tokens.
-
A new phishing campaign is exploiting Microsoft’s legacy ADFS identity solution to steal credentials and bypass MFANews Researchers at Abnormal Security have warned of a new phishing campaign targeting Microsoft's Active Directory Federation Services (ADFS) secure access system.
-
Hackers are using Microsoft Teams to conduct “email bombing” attacksNews Experts told ITPro that tactics like this are on the rise, and employees must be trained effectively
-
Microsoft files suit against threat actors abusing AI services
News Cyber criminals are accused of using stolen credentials for an illegal hacking as a service operation
