To recap:<\/p>\n\n\n\n
- \n
- Classic\/traditional AI and ML\u200b <\/strong>detects and classifies, and can work on vast amounts of data for use in real-time applications and automation of capabilities. \u200bTraditional AI is strong when it comes to looking at a large field of data and finding patterns or continuations (like making recommendations).<\/li>\n\n\n\n
- Generative AI (GAI)<\/strong>, often powered by generative pre-trained transformers (GPT), effectively understands and creates content. It works on relatively small chunks of data \u2013 text, images, sounds, videos. Large language models (LLMs) are a kind of GAI that work on text.\u200b LLMs are good at understanding language, summarising, and translating concepts, for example from language to code or vice-versa. \u200b<\/li>\n<\/ul>\n\n\n\n
Clearly, linking these models makes for a much more powerful narrative. And, by using the compute power, scalability, and richness of the cloud, we can build entire systems of intelligence that can reason over vast amounts of information \u2013 structured and unstructured.\u200b<\/p>\n\n\n\n
Our name for this intelligence-based cognitive capability? Microsoft Copilots. These are experiences that use generative AI to help humans with complex cognitive tasks.<\/p>\n\n\n\n
Introducing Microsoft Security Copilot<\/h3>\n\n\n\n
Built specifically to augment human security expertise, Microsoft Security Copilot is a combination of the most advanced GPT4 model from OpenAI, with a Microsoft expert-driven, security-specific LLM model. <\/ins><\/p>\n\n\n\n
Most LLMs are trained on corpuses of written human language. Security Copilot is trained on security logs, attack telemetry and threat intelligence, the outcome of which is the first AI\/ML model trained specifically for security.<\/p>\n\n\n\n
But the capability is much more than just the large language model. Built into the product are specific cyber skills and promptbooks informed by our global threat intelligence, which runs on Azure\u2019s hyperscale infrastructure. This means that the models inherit Microsoft\u2019s comprehensive approach to security, compliance, and privacy. When it comes to the data Copilot is reasoning across, your data remains your <\/em>data.<\/p>\n\n\n\n
Security Copilot democratises defender skills by allowing natural language for querying rather than having to learn complex querying languages like Kusto Query Language (KQL). This lowers the barrier to entry for new analysts, which helps address the cybersecurity skills shortage. We’ve launched an Early Access program<\/a> for qualified candidates to explore the capabilities of Security Copilot. Reach out to your sales representative to get more details.<\/p>\n\n\n\n
Use cases for Microsoft Security Copilot<\/h3>\n\n\n\n
Human ingenuity and expertise will always be an irreplaceable component of defence, so we need technology that can augment these unique capabilities to improve the analyst experience all-up. For this reason, initially we are focusing on security operations centre (SOC) use cases.<\/p>\n\n\n\n
The three primary use cases are security posture management<\/strong>, incident response<\/strong>, and security reporting<\/strong>.\u200b<\/p>\n\n\n\n
- \n
- Security posture management<\/strong>: Security Copilot delivers information on anything that might expose an organisation to a known threat. It then gives prescriptive guidance on how to protect against those potential vulnerabilities.\u200b A query such as: \u2018How can I improve my security posture?’<\/em> will return evidence-based recommendations.<\/li>\n<\/ul>\n\n\n\n
- \n
- Incident response:<\/strong> Security Copilot can quickly surface an incident, enrich it with context from other data sources, assess its scale and impact, and provide information on what the source might be. Again, it will support the analyst through the response and remediation steps with guided recommendations.<\/li>\n<\/ul>\n\n\n\n
- \n
- Security reporting:<\/strong> Security Copilot can deliver customisable reports that are ready to share and easy to consume to keep managers and other stakeholders in the loop. What this means tactically is you can ask Security Copilot in natural language: \u2018Summarise this incident in a single PowerPoint slide\u2019<\/em>, and it will do just that.<\/li>\n<\/ul>\n\n\n\n
Preparing for cognitive cyber defence: 3 steps<\/h3>\n\n\n\n
In the future, our vision with Security Copilot is to support use cases across security, identity, management, compliance and more, leveraging skillsets across Microsoft and third-party products. In the meantime, and whilst Security Copilot is not yet publicly available, there are things organisations can do to prepare for these cognitive cyber defence capabilities:<\/p>\n\n\n\n
Step 1:<\/strong> Secure your identities, especially privileged identities, and SOC members. Attackers will frequently target these individuals to gain access to critical information and systems to elevate the impact of a successful compromise.<\/p>\n\n\n\n
Step 2:<\/strong> The age of AI is also referred to as the age of platforms. Integrating your security signals into an observability platform brings huge security gains in terms of visibility and automation. <\/p>\n\n\n\n
Step 3:<\/strong> Initially,<\/ins> Security Copilot is integrated with Microsoft Defender for Endpoint, and for an even better experience, deploy Microsoft Sentinel and Intune. Going forward, Security Copilot will integrate with third-party products. <\/p>\n\n\n\n
Finally, prepare for the risks. As with any new technology, there are both risks and rewards. To help organisations navigate the risk\/reward balance, we\u2019ve released guidance, frameworks, and tooling. <\/p>\n\n\n\n
More information,<\/ins> including links to the risk assessment framework, the Counterfit tool and the Adversarial Threat Matrix (MITRE ATLAS) can be found in our Security blog post Best practices for AI security risk management<\/a>. <\/p>\n\n\n\n
For information on our commitment to build trustworthy and responsible AI, please read Responsible and trusted AI<\/a> and Building AI responsibly from research to practice<\/a>.<\/p>\n\n\n\n
Cognitive and AIML technologies are here to stay. While they have the power to bring immense potential for improving our defenders\u2019 experience, securing our organisations, and protecting society, we must also be mindful of potential vulnerabilities on an equally large scale and defend against that risk.<\/p>\n\n\n\n
Find out more<\/h3>\n\n\n\n
Introducing Microsoft Security Copilot<\/a><\/p>\n\n\n\n
Microsoft Security Copilot Early Access Program<\/a><\/p>\n\n\n\n
News Center: Microsoft brings the power of AI to cyberdefense<\/a><\/p>\n\n\n\n
- Security reporting:<\/strong> Security Copilot can deliver customisable reports that are ready to share and easy to consume to keep managers and other stakeholders in the loop. What this means tactically is you can ask Security Copilot in natural language: \u2018Summarise this incident in a single PowerPoint slide\u2019<\/em>, and it will do just that.<\/li>\n<\/ul>\n\n\n\n
- Incident response:<\/strong> Security Copilot can quickly surface an incident, enrich it with context from other data sources, assess its scale and impact, and provide information on what the source might be. Again, it will support the analyst through the response and remediation steps with guided recommendations.<\/li>\n<\/ul>\n\n\n\n
- Generative AI (GAI)<\/strong>, often powered by generative pre-trained transformers (GPT), effectively understands and creates content. It works on relatively small chunks of data \u2013 text, images, sounds, videos. Large language models (LLMs) are a kind of GAI that work on text.\u200b LLMs are good at understanding language, summarising, and translating concepts, for example from language to code or vice-versa. \u200b<\/li>\n<\/ul>\n\n\n\n
![\"Lesley](\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2023\/10\/Lesley-Kipling-300x300.jpg\")
Previously lead investigator for Microsoft\u2019s detection and response team (DART), Lesley Kipling has spent more than 17 years responding to our customers\u2019 largest and most impactful cybersecurity incidents. As Chief Cybersecurity Advisor, she now provides customers, partners and agencies around the globe with deep insights into how and why security incidents happen, how to harden defences and more importantly, how to automate response and contain attacks with the power of the cloud and machine learning. She holds a Master of Science in Forensic Computing from Cranfield University in the United Kingdom.<\/p>\n