Microsoft brings AI to cyber security

  • April 5, 2023
  • Steve Rogerson

Microsoft is bringing artificial intelligence (AI) to cyber security with the launch of Security Copilot, giving defenders a tool to detect and respond to threats and better understand the threat landscape.

Security Copilot will combine Microsoft’s threat intelligence footprint with expertise to augment the work of security professionals through an easy-to-use AI assistant.

“Today the odds remain stacked against cyber-security professionals,” said Vasu Jakkal, corporate vice president of Microsoft Security. “Too often, they fight an asymmetric battle against relentless and sophisticated attackers. With Security Copilot, we are shifting the balance of power into our favour. Security Copilot is the first and only generative AI security product enabling defenders to move at the speed and scale of AI.”

Security Copilot is designed to work seamlessly with security teams, empowering defenders to see what is happening in their environment, learn from existing intelligence, correlate threat activity, and make more informed, efficient decisions at machine speed.

In a world where there are 1287 password attacks per second, fragmented tools and infrastructure have not been enough to stop attackers. And although attacks have increased 67% over the past five years, the security industry has not been able to hire enough cyber risk professionals to keep pace. This has led to defenders who are overwhelmed searching for well-disguised attacks within an impossibly large volume of expanding network traffic and other signals.

Security Copilot should simplify this and amplify the capabilities of security teams by summarising and making sense of threat intelligence, helping defenders see through the noise of web traffic and identify malicious activity.

It will also help security teams catch what others miss by correlating and summarising data on attacks, prioritising incidents and recommending the best course of action to remediate diverse threats swiftly and in time.

Security Copilot will also continually learn and improve to help ensure security teams are operating with the latest knowledge of attackers, their tactics, techniques and procedures. The product will provide ongoing access to the OpenAI models to support security tasks and applications. Its visibility into threats is powered by the user organisation’s security data and Microsoft’s threat analysis footprint.

These capabilities can empower security teams of any size with the skills and abilities of much larger organisations. In addition, Security Copilot helps address skills shortages in cyber security by bridging knowledge gaps and enhancing workflows, threat actor profiles and incident reporting across teams.

“Advancing the state of security requires both people and technology – human ingenuity paired with the most advanced tools that help apply human expertise at speed and scale,” said Charlie Bell, executive vice president at Microsoft Security. “With Security Copilot, we are building a future where every defender is empowered with the tools and technologies necessary to make the world a safer place.”

Microsoft Security is actively tracking more than 50 ransomware gangs as well as more than 250 unique nation-state cyber-criminal organisations, and receives 65 trillion threat signals every day. Microsoft technology blocks more than 25 billion brute-forced password theft attempts every second, and more than 8000 security professionals at Microsoft analyse more security signals than almost any other company; on average Microsoft’s security operations centre analysts use over 100 different data sources.

Acquisitions such as RiskIQ and Miburo give Microsoft breath of signal and depth intelligence on threat actors. Security Copilot also integrates natively with a growing list of Microsoft Security products, such as Sentinel and Defender, to help users create an end-to-end experience across their entire security programme.