I In the era of increasingly sophisticated AI-driven cyber attacks, Strengthening your organization's security posture is of paramount importance. The attack surface is expanding, threat signals are increasing exponentially, and industry-wide talent shortages are increasing the enormous cognitive load placed on individual analysts.
Microsoft Copilot for Security is the only security AI product that combines specialized large language models (LLMs) with security-specific skills informed by unique global threat intelligence to deliver machine speed and protection at scale. Realize. This technology responds to security incidents within minutes instead of days, improving detection quality, response speed, and the ability to strengthen your security posture over time. Copilot for Security levels the asymmetric battle between analysts and attackers.
Atlantic Re:Sync We spoke with Brandon Dixon, Partner Product Manager at Copilot for Security, and Rani Lofstrom, Director of Product Marketing at Security AI, about the product's capabilities and its impact on security professionals as well as the industry as a whole.
Atlantic Re:Sync
This platform is called Microsoft Copilot for Security, not Microsoft Pilot. Why is human intervention one of the important, if not essential, elements?
Brandon Dixon
It's true that our industry has a lot of monotonous work. Many of our customers are keen to identify what they should actually be spending their time on. Where am I most vulnerable? Where should I focus my efforts? ”
Copilot for Security is intended to enhance the role of security operators or IT personnel. People still need to do the work themselves. We want to make their jobs better and more efficient, and leverage where technology shines and is most useful.
Lani Lofstrom
Many senior analysts change careers due to burnout. We've just made a big change in the way we deal with security. In a controlled study, Copilot for Security increased speed and accuracy, reduced analyst fatigue, and increased job satisfaction.
Atlantic Re:Sync
Due to industry-wide talent shortages, there is a critical shortage of security professionals. In the ISC2 survey, 20% of security professionals reported that they are at “extreme risk” of attack due to the shortage. How does Copilot for Security help reduce the workload of security analysts?
Brandon Dixon
For example, if an incident had 50 alerts associated with it, an analyst in the past would have to review each one. “What does this mean?” What's going on? Copilot for Security automatically generates summaries. This will give them a stronger base of activity.
It's very common for analysts to encounter technical artifacts they don't understand that are doing complex things, such as scripts. This is something we and our customers see all the time, and it requires a special level of knowledge and expertise. Copilot for Security allows you to analyze complex technical artifacts in minutes, whereas previously you might have needed to seek help from a more senior person.
I think what's unique about us is that Microsoft has a huge amount of data and signals at its disposal. Copilot for Security takes all of these signals, examines external attack surfaces, posture management, and recommends steps to take. The CISO might ask the team, “I read about this in the news. Are we vulnerable to this?” The team can use his Copilot for Security to answer his questions.
Lani Lofstrom
Copilot for Security also helps improve communication between security operations teams. Complex incidents typically take multiple hours to resolve. When someone is working hard on an incident for his eight hours and the next shift comes in and that reasoning and decision making is happening in someone's head, some of the intellectual property is lost. But now you can easily get an incident summary of all your investigative work, so you can pick up where you left off.
Atlantic Re:Sync
There are 4 million jobs available worldwide in the cybersecurity field. How can Copilot for Security improve this situation by strengthening the skills of its analysts? Specifically, only 24% of analysts are women, 9% are Black, 4% are Hispanic, and 8% are Asian. What is the impact of increasing diversity in this industry?
Brandon Dixon
This is actually one of the biggest possibilities of Copilot for Security, allowing you to improve the skills of those without much experience in the field.
When I worked at a startup, we often brought in people with no experience. They were locals to the area who showed hunger and drive and just wanted someone to give them a chance.
Generative AI can lower the barrier to entry to technical requirements that have previously limited entry to people from diverse backgrounds simply because they lack experience. Lowering these barriers is expected to lead to more diversity.
Atlantic Re:Sync
Copilot for Security creates a space driven by natural language prompts, but the prompts themselves are separate skills. Is there a learning curve?
Brandon Dixon
We want you to understand this well: With built-in experiences in Defender XDR, Sentinel, Intune, and more, you no longer need to understand prompts. In my opinion, our existing products do not require any education at all. The synopsis appeared, the script was explained, and my life became better.
When it comes to standalone portals driven by natural language, creating prompts is a little more nuanced. To help you, we've put together so-called featured prompts and pre-created several ready-to-use prompt books.
The learning curve is less about prompting and more about understanding the idiosyncrasies of the model and system itself. It doesn't matter whether you use Copilot for Security or OpenAI directly, or Gemini or Claude. All of these different models have some idiosyncrasies in how they respond and display prompts.
I used to be an analyst, and one of the things I've seen over the years is that security people don't really care about the tools they use. However, when we surveyed our customers, 97% said they enjoyed working with this product and would use it again. I think this is a testament to aspects of natural language: that it doesn't require specialized skills, that it's approachable, and that it's different.
Atlantic Re:Sync
What if your organization relies on security solutions from multiple vendors?
Lani Lofstrom
Microsoft Copilot for Security has the ability to run custom plugins. Therefore, if a customer has a number of other security solutions, those tools can work directly with his Copilot for Security. If you have built custom line-of-business applications or other proprietary information systems, you can include them in his Copilot for Security as well.
Brandon Dixon
When I meet with customers, one of the complaints they have about security is that it's so fragmented that they have to buy a bunch of solutions and make them work together. Copilot for Security allows him to use natural language to clarify his questions in one interface and then orchestrate it across the ecosystem to get the best possible response. So they think this is a big game changer. That is a big request from us.
We have and collaborate with an extensive ecosystem of partners who are developing services, solutions, and plug-ins for our systems. Copilot for Security does more than just improve Microsoft products. It integrates the entire ecosystem.
Atlantic Re:Sync
Does Copilot for Security point the way toward eventual complete automation of cybersecurity?
Brandon Dixon
I believe in the ability to automate roles and some elements of jobs – the ability to empower users themselves and make them more efficient and productive – but not the jobs themselves. We believe that automation can help by performing steps that do not require reasoning or human intuition.
Therefore, we do not believe that analyst positions will be automated. Rather, they're automating some of the work so people can spend their time on more proactive defenses.
Lani Lofstrom
For experienced analysts, we found that Copilot for Security made their work 22% faster. Imagine if he could save 22% of his workweek. Most security teams I talk to don't have enough time to do everything they know they need to do or want to do. If you can get that 22% back then, you could be in for an extra event. Proactive threat hunting across your network may help you find zero-days before they cause significant damage. Maybe you're studying for a new certification and improving your skills. The list goes on.
