top of page

Microsoft Copilot for Security: What do you need to know?



Can we give our security systems plain-language instructions, as if talking to an assistant, and they fetch comprehensive yet digestible answers from sources across a technology estate? Yes, it's already happening.

 

Large language model artificial intelligence (LLM AI), such as OpenAI's ChatGPT and Microsoft's Copilot, are changing how we interact with computers. Increasingly, we'll give software instructions in plain-spoken requests, known as prompts, which will return results in the same straightforward language.

 

For example, you can prompt an LLM AI with a question, such as "Give me a list of the biggest mammals in the world, arranged by the continents they live on," and it will produce such a list. You can ask it to write the information as a short essay, and it will produce content that you might mistake for human work.

 

This approach is revolutionary. Soon, we'll give our computers layered instructions, from planning trips to completing spreadsheets. Already, we can do so for cybersecurity, through Microsoft's Copilot for Security.

 

The security LLM

 

Currently in its pre-release phase, Microsoft Copilot for Security supports security professionals. One can instruct it to check for security issues with a specific account, tell it to check if systems need to be patched, and much more. Copilot for Security augments security analysis workflows, using the powerful GPT-4 model to create in-depth answers. It can provide support during security incidents, evaluate security postures, and help with critical tasks such as triage and containment.

 

Unlike other LLM AIs, Microsoft Copilot for Security focuses purely on security. For example, suppose you ask other LLM AIs to evaluate your security against a new vulnerability (and you supply the relevant CVE code that identifies the vulnerability); those LLM AIs may not know what to do. Microsoft Copilot for Security understands such a nuanced prompt because Microsoft continually trains it with new security and threat information. You can feed malicious scripts to the AI and it will analyse the script, telling you what the code does and what actions you can take.

 

Microsoft Copilot for Security also stands apart because it integrates with security vendors’ software. This LLM AI does not replace security systems; it interacts with them and their logs, compiling and presenting the information to a security analyst in straightforward language. Using managed plugins, Microsoft Copilot for Security integrates with other security services. To aid lengthy security investigations, Microsoft Copilot for Security remembers previous query threads so that analysts can pick up where they left off, and it offers what Microsoft calls Promptbooks; similar to security playbooks, promptbooks suggest sequences of prompts to ask the AI during particular incidents.

 

Overall, Microsoft Copilot for Security is an intelligent and responsive assistant to security teams, cutting down on the time it takes to study incident reports, and conduct audits and investigations. It's undoubtedly music to the ears of an industry where half of security professionals are considering quitting their careers due to stress and burnout.

 

Trailblazing in the LLM world

 

Microsoft Copilot for Security is very exciting. Although it isn’t publicly available yet, it’s launch is only a month away now. Performanta and other leading security partners have been working with Microsoft and learning how to deploy the technology. Microsoft is also still growing its library of managed integration plugins, which currently focus on Microsoft security services such as Entra, Defender and Sentinel, as well as other vendors’ security toolsets.

 

Microsoft Microsoft Copilot for Security is taking the first ground-breaking steps to communicate with security services in plain language, doing the heavy lifting to make sense of security alerts, reports and other variables. It is still early days for the LLM AI wave, but Microsoft are revolutionising the value we get from technology. In this respect, Microsoft Copilot for Security is trailblazing.

 

Comments


bottom of page