Microsoft has announced that it will expand access to its Security Copilot service, an artificial intelligence (AI) assistant for security operations centers (SoCs) based on GPT-4. The company will open up the service to a larger number of customers and some technology partners, entering its official “early-access preview” window in the fall.
The current version of Security Copilot has already incorporated user feedback and added new functionality. One of the key additions is the inclusion of “promptbooks,” which are sequences of commonly used AI prompts. These promptbooks will provide security professionals with a starting point for their analyses and streamline their operations. Additionally, the service will integrate with common cybersecurity tools, further simplifying complex security activities.
According to Chang Kawaguchi, the Vice President and AI Security Architect at Microsoft, the goal of Security Copilot is to make security teams more efficient and alleviate the pressure caused by the shortage of workers with security skills. The service aims to simplify typically complex security tasks and enhance the creativity in interacting with automation.
With the expansion of the early-access preview, Microsoft intends to create a broader ecosystem by allowing its cybersecurity partners to connect to Security Copilot and integrate the service into their own tools. This integration will enable data exchange between partners and the service, providing a centralized platform for analyzing security-related data.
The company did not disclose the timeline for when Security Copilot would be generally available to the public, nor did it reveal the list of partners with access to the service or the number of overall users in the early-access preview. However, Microsoft plans to be guided by customer and partner feedback in determining its future steps.
Microsoft’s move to develop Security Copilot aligns with a growing trend in the cybersecurity industry. The company is following the footsteps of other tech giants like Google Cloud and CrowdStrike, which have also introduced AI-enabled cybersecurity assistants. These assistants, powered by large language models (LLMs), aid in analyzing threats and providing intelligence for incident response.
The use of LLM-based security assistants allows more IT and security professionals to optimize their workflows and effectively respond to cyber threats. These systems provide advanced threat intelligence capabilities and enable analysts to make quicker and more informed decisions. The adoption of AI assistants like Security Copilot is expected to enhance the performance of security analysts while standardizing common tasks through promptbooks.
Microsoft estimates that the incident response and threat intelligence analyses that usually take hours will now be completed within minutes using Security Copilot. The collaboration facilitated by promptbooks will standardize common analyses, allowing novice security analysts to perform their roles effectively and enabling more experienced analysts to focus on higher-value work.
The introduction of Security Copilot and the broader expansion of AI-enabled cybersecurity assistants demonstrate the industry’s commitment to leveraging advanced technologies to address the evolving threat landscape. As cyberattacks become more sophisticated and prevalent, organizations are turning to AI to enhance their security operations and protect valuable assets.