.webp "Microsoft Announced Copilot for Security TI in Defender XDR")
Microsoft has recently made an announcement regarding the general availability of Copilot for Security threat intelligence embedded experience in the Defender XDR portal. This AI-powered tool is set to transform the way organizations access, operate, and integrate Microsoft’s threat intelligence data.
The main goal of Microsoft Copilot for Security is to enable customers to easily access and utilize Microsoft’s threat intelligence through natural language prompts. These prompts allow users to ask important questions about the data and content provided by Microsoft Defender Threat Intelligence (MDTI) and Threat Analytics. The responses provided are always up-to-date and include information on indicators of compromise (IoCs), intelligence articles, intel profiles, and guidance.
The embedded experience, located on the right-hand side of the Defender XDR portal, features an open prompt bar and a guided experience with three pre-populated prompts. This allows different security personas within organizations to defend against threats at machine speed and scale.
One of the key capabilities of the Threat Intelligence Embedded Experience is that it acts as a research assistant, pulling, contextualizing, and summarizing relevant intelligence at machine speed. Customers can assess vulnerabilities, understand the scope of an attack, and correlate MDTI and Threat Analytics content with other security information from Defender XDR.
The first pre-populated prompt provides an overview of the latest threats to an organization. By clicking on this prompt, Copilot returns the latest Intel Profiles and Activity Snapshots, which highlight vulnerabilities, tactics, techniques, and procedures (TTPs) related to the organization’s infrastructure, industry, and region.
Another important aspect of Copilot is its ability to prioritize threats and help organizations understand the associated risks. By querying Threat Analytics and MDTI, Copilot delivers the most relevant intelligence based on an organization’s exposures and vulnerabilities across their attack surface. This allows customers to quickly retrieve information on indicators such as IP addresses and domains to enrich artifacts and understand the risk they pose.
Furthermore, Copilot can reason over vulnerability intelligence in MDTI and Threat Analytics to deliver a customized, prioritized list based on a customer’s unique security posture. By clicking on pre-populated prompts like “Which threat actors are targeting infrastructure in my industry?” customers can receive summaries of the top threat actors implicated in attacks involving their industry.
The launch of Copilot for Security threat intelligence in Defender XDR represents a significant advancement in Microsoft’s dedication to providing cutting-edge cybersecurity solutions. With its AI-driven capabilities and user-friendly interface, Copilot enables organizations to stay ahead of the ever-evolving threat landscape and protect their critical assets more effectively.