Microsoft Security Copilot to offer raft of “new capabilities” for 365 Defender

Microsoft Security Copilot is set to provide “new capabilities” for 365 Defender users as part of an early access program roll-out, the tech giant has announced.

The scheme, which is being rolled out to selected customers, will include deeper integration of the AI assistant within Microsoft’s extended detection and response (XDR) platform. 

Microsoft said the integration will help “guide analysts directly with actionable recommendations''. This will include automated, natural language-based incident summaries and post-response activity reports to speed up remediation efforts for security practitioners. 

The tech giant said the introduction of Copilot within 365 Defender means security analysts “of any skill level” can be guided through threat remediation and response processes. 

“This seamless workflow helps reduce the time to respond to threats,” the firm said. 

Natural language queries will also be available for users to “simplify” proactive threat hunting. Real-time malware analysis will also be available as part of the integration, Microsoft said. 

“Understanding and reverse-engineering malware has, to date, only been accessible to the most advanced incident responders,” the firm said. “With Security Copilot, it becomes easier to analyze and understand complex and also obfuscated PowerShell command line scripts and document the flow.”

In addition to the new features, Microsoft said the Copilot will now be integrated by default within its Microsoft Defender Threat Intelligence platform. 

Microsoft Security Copilot: The story so far

The announcement from Microsoft marks the latest in a string of generative AI feature rollouts for the tech giant’s product range. 

In September, Microsoft announced generative AI features will be extended to 365 Chat customers. Copilot capabilities have also been rolled out to Microsoft Teams and Windows 11 in recent weeks.  

The firm initially unveiled Microsoft Security Copilot in March 2023, marking the first major roll-out of a generative AI-powered assistant for use in cyber security operations. 

Leveraging GPT-4 generative AI, the Copilot offers users prompt-based security detection and remediation features for Windows customers. 

The Copilot is capable of providing intuitive, detailed responses to user queries, such as “how can I improve my security posture”, or “tell me about my latest incidents”.  

In the aftermath of the launch, the move from Microsoft was hailed as a watershed moment for the use of generative AI tools in cyber security, with industry stakeholders describing it as the “security release of the year”.

So far, the use of the Copilot tool has unlocked significant benefits to users, both in terms of threat response and productivity improvements, Microsoft said. Preview customers are already saving “up to 40% of their time” on core operational tasks. 

“Security Copilot can effectively up-skill a security team, regardless of its expertise, save them time, enable them to find what previously they might have missed, and free them to focus on the most impactful projects,” the firm said.