At Ignite 2023, Microsoft is introducing a brand new security offering. Security Copilot joins Microsoft’s other AI Copilot offerings, which bring considerable new capabilities to existing key Microsoft offerings.
Tools like Microsoft Sentinel, which monitors and analyzes data across an organization, and Microsoft Defender XDR, which currently provides a wide range of threat detection and responses across an organization’s network and end points, have long provided solid security defense mitigation for Microsoft customers.
Also: What is Microsoft Copilot? Here’s everything you need to know
While Microsoft AI offerings will provide functional boosts to these existing tools, the real innovation is Security Copilot, a major new offering in Microsoft’s security kit bag.
The key idea is the merging of two very important technologies: Cybersecurity and artificial intelligence. By integrating these two foundational technologies, Microsoft’s intent is to not only filter and process enormous amounts of data, both in real time and at rest, but to also find patterns of illicit behavior and identify and mitigate potential threats at a far greater speed, and with far greater accuracy than has been possible before.
Microsoft’s Security Copilot announcements do not specify the actual AI technology they’re putting to use, but by looking at their offerings, it’s fair to guess that some or all of the following are being utilized under the hood:
Machine learning algorithms: These learning models, trained on vast data sets, are able to recognize patterns and problems that may indicate security threats. They may also include a combination of supervised and unsupervised learning to develop approaches for searching for, detecting, qualifying, and mitigating new and Zero-Day threats.
Neural networks and deep learning: These allow for the processing of unstructured data, which is often a key component of cybersecurity issues and traffic. In addition, deep learning can help figure out what normal behavior looks like, and identify patterns of traffic that deviate from what would otherwise be considered safe behavior.
Data fusion and integration: This is a big part of where AI can help, because it’s necessary to bring in a wide range of disparate data (network blogs, system logs, details about user activity, and any externally acquired threat intelligence) and then integrate all of that into insights and operational behavior.
Automated response mechanisms: When bad actors are using AI technology to generate attacks, it becomes impossible for humans to respond as quickly as the machines that are doing the attacking. Building up AI-driven automated response mechanisms might have a Forbin Project feel to it but might also be the only way to defend against attackers operating at advanced processor speeds.
Continuous learning and adaption: Cybersecurity is an arms race in which both attackers and defenders are racing to develop new technologies before their opponents have developed countermeasures. One area where AI excels is in the ability to increase its warning model, and take into account new information and new behaviors on a constant basis.
So what does all this mean for Microsoft’s Security Copilot offerings? At a fairly high level, Microsoft is showing that Security Copilot taps into AI technology to provide the following fundamental benefits:
Identifying patterns of illicit behavior: Throughout the network, and throughout all of Microsoft’s solutions, Security Copilot can process and analyze normal data sets. Once what’s normal has been established, those data sets can be used to detect patterns that are nonstandard, unusual, unexpected, or in other ways deviate from normal network behavior. This can help recognize cyberattacks, new worm infections, and data breaches that might not otherwise surface using non-AI-assisted resources.
Substantially increases in speed and accuracy: We talked about human speed and computer speed earlier. The benefit of active real time response cannot be overstated. If there are good automated response mechanisms built into Security Copilot, that will likely give Microsoft’s customers a tactical advantage.
Microsoft is clearly hoping customers view and use Security Copilot as an extremely intelligent security professional that can help in responding to cyber threats.
Also: How to lock down your Microsoft account and guard it from attackers
Microsoft is also reinforcing the idea of a unified security operations platform that brings together some of the existing security services that we discussed earlier. This is a much more streamlined approach for businesses that allows them to operate what is essentially a central command center across operations.
In addition, Microsoft is also embedding Security Copilot into its other non-security services, so you can even expect to find the technology in services like Microsoft 365 and Azure.
The bottom line for businesses and managers is not just enhanced security that covers the ongoing onslaught of new and, frankly terrifying, security threats. It’s also a substantial increase in efficiency, which reduces costs and increases speed. It’s a hefty boon for integration, reducing security silos across the enterprise. The support capability provided by the AI will allow enterprise IT managers to have a much bigger, better, and more accurate picture of the threat landscape facing their organizations, and provide those managers with the tools to ensure their organizations’ safety from those threats.
You can follow my day-to-day project updates on social media. Be sure to subscribe to my weekly update newsletter on Substack, and follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.