Microsoft is bringing generative artificial intelligence (AI) to cybersecurity defense with a proprietary chatbot designed to give defenders the ability to speedily correlate attack data, prioritize security incidents and dole out remediation advice.
The company said its Security Copilot tool aims to:
- Simplify complexity and amplify the capabilities of security teams by summarizing and making sense of threat intelligence
- Help defenders see through the noise of web traffic and identify malicious activity
- Help security teams catch what others miss by correlating and summarizing data on attacks, prioritizing incidents and recommending the best course of action to swiftly remediate diverse threats in time
The service integrates with Microsoft’s existing security portfolio, including Sentinel and Defender, the company said. Pricing information is not available, and it is unclear when the product will become generally available.
More About Security Copilot
Security Copilot draws on GPT-4, (GPT stands for “generative pre-trained transformer), the latest edition of OpenAI’s chatbot that accepts image and text inputs and generates text outputs. Microsoft is positioning Security Copilot as a security analysis tool that enables skilled cybersecurity analysts to quickly respond to threats, analyze signals, and assess risk exposure.
The chatbot can deliver PowerPoint slides summarizing security incidents, describe exposure to an active vulnerability or specify the accounts involved in an exploit in response to a text prompt that a person inputs, Vasu Jakkal, Microsoft corporate vice president of security, told CNBC.
A user can hit a button to confirm an answer is correct or tap an “off-target” button to signal a mistake, helping the tool to learn.
“It can process 1,000 alerts and give you the two incidents that matter in seconds,” Jakkal said.
Learning Curve
GPT-4 neither understands what its responses mean, nor does it learn from experience. But Microsoft believes that Security Copilot will continually learn and improve to help ensure that security teams are operating with the latest knowledge of attackers, their tactics, techniques and procedures.
Accordingly, these capabilities will address the persistent shortage of skilled cyber personnel and give security teams of any size the capabilities of larger organizations.
As Jakkal explained:
“Today the odds remain stacked against cybersecurity professionals. Too often, they fight an asymmetric battle against relentless and sophisticated attackers. With Security Copilot, we are shifting the balance of power into our favor. Security Copilot is the first and only generative AI security product enabling defenders to move at the speed and scale of AI.”