Today’s security professionals are fighting an asymmetric battle: They must ward off prolific and relentless attacks coming from every direction while also facing a global talent shortage, regulatory complexity, and a fragmented tool set.
One way to tip the scales in favor of the defenders is to leverage data and insights at the speed of AI, creating a force multiplier effect for staying ahead of an escalating threat landscape.The increasing speed and sophistication of attacks demands IT and security leaders rethink their security practices. According to estimates from Statista’s Market Insights, the global cost of cybercrime is expected to surge in the next four years, rising from $9.22 trillion in 2024 to $13.82 trillion by 2028.1 In two years, the number of password attacks detected by Microsoft has risen from 579 per second to more than 4,000 per second.2
Operational complexity is also growing, further complicating cybersecurity practices. Organizations now utilize an average of 80 cybersecurity tools to manage their IT estates, according to Microsoft. Improper use of AI opens the door to additional enterprise risk with 28% of business leaders concerned about data or IP loss.3
Compounding the urgency is the on-going global cybersecurity talent shortage. Enterprise organizations need a better solution.
Introducing Microsoft Copilot for Security
The marriage of generative AI with proven security solutions can augment the work of security professionals, applying accelerated processing speeds, rapid pattern detection, and continuous improvements to gain an edge over cybercriminals.
Microsoft’s new generative AI-powered unified security platform natively embeds its Copilot capabilities across the Microsoft Security tools portfolio. It capitalizes on:
- Microsoft’s large-scale data advantage of 78 trillion daily signals
- The monitoring of more than 300 cyberthreat groups
- Insights on cyber attacker behaviors from customers and partners made possible through Microsoft Threat Intelligence
This expansive visibility and increased signal landscape enables Microsoft Copilot for Security to generate insights that inform better threat detection, creating a force multiplier for cybersecurity protections. “The more we see, the more we observe, the better we can inform detection,” says Brandon Dixon, Partner Group Product Manager for Microsoft Copilot for Security. “We can drive better, more detailed detections, which provides a deeper understanding of the possible proactive actions that could improve an organization’s security posture.”
Microsoft Copilot for Security brings together signals across Microsoft Defender Threat Intelligence, Microsoft Intune, Microsoft Purview, Microsoft Defender External Attack Surface, Microsoft Defender XDR, Microsoft Sentinel, and Microsoft Entra.
Customers can opt for a standalone, general-purpose Microsoft Copilot for Security portal where they use a natural language interface to ask questions, get answers, and execute tasks. This option enriches insights across the entire Microsoft Security portfolio. Or they can tap into the generative AI capabilities embedded into their licensed Microsoft security tools which can target generative AI capabilities to a particular security solution domain.
“Customers have already made investments in existing tools, they’ve already done training, and have familiarity with how to execute a process or workflow within those systems,” Dixon explains. “The idea is to meet the customer where they are to reduce any cognitive load associated with having to deal with a new technology.”
Generative AI also presents an opportunity to transform traditionally fragmented cybersecurity insights into a holistic view. Microsoft developer frameworks and APIs can be used to create Microsoft Copilot for Security plug-ins to connect signals from third-party platforms like SAP and ServiceNow as well as organizations’ own knowledgebase and cybersecurity intelligence.
Creating a flywheel of protection
The combination of generative AI, threat intelligence, and Microsoft’s end-to-end security platform built on Zero Trust principles creates a flywheel of protection to combat the elevated threat landscape, outsmart adversaries, and shift the balance in favor of security teams.
Microsoft Security Copilot serves as an AI assistant for daily operations, allowing security teams to respond and remediate incidents faster and catch what others miss. The ability for analysts and administrators to ask questions and get fast responses in natural language changes the security equation for security analysts at every level and helps teams do more with less.
Junior analysts can complete more complex tasks with greater accuracy while gaining exposure to new skills and approaches. Seasoned security analysts become more efficient: Research shows use of Microsoft Copilot for Security helped experienced analysts perform script analysis 14% faster with 12% higher accuracy.4 Overall, security professionals using the capabilities were 22% faster and 7% more accurate.
Microsoft Copilot for security bolsters productivity in other ways. For example, unified hunting lets analysts query all SIEM and XDR data in one place using natural language queries instead of having to write complex scripts, which ensures faster detection and remediation. IT administrators and security analysts benefit from AI-based guard rails that help them understand the impact of policy changes prior to going live as well as AI recommendations for threat response to shore up endpoint security.
The true measure of success
Microsoft Security Copilot will be the nerve center for all Microsoft Security solutions at LTIMindtree. The combination of human-led managed services and generative AI will give the firm’s Security Operations Center (SOC) the best of both worlds: Improved SOC capacity and posture, while strengthening overall expertise. “Microsoft Copilot for Security can democratize security to the end user,” said Chandan Pani, the company’s CISO. “It is no longer just with the subject matter expert. The average analyst training time used to be a couple of months, and that can reduce drastically if you’re using Copilot.”
At Willis Towers Watson (WTW), Microsoft Security Copilot will accelerate how the internal threat hunting team develops and understands incidents as they unfold. The platform will also be essential to helping expand and build out its talent bench, providing an edge to aspiring threat hunters.
“The ability for our teams to ask questions in natural language in Microsoft Security Copilot rather than using KQL queries allows a different type of SOC analyst to mature,” said Paul Haywood, WTW CISO. “That’s a game-changer in an industry where security skills are scarce.”
The bottom line
Staying ahead of cybersecurity threats is mission critical to modern business. Microsoft Security Copilot brings the power of generative AI to security teams, helping them work smarter and faster to safeguard the digital enterprise.
To learn more, visit https://www.microsoft.com/en-us/security/business/ai-machine-learning/microsoft-security-copilot.
[1] Statista’s Market Insights, https://www.statista.com/chart/28878/expected-cost-of-cybercrime-until-2027/
[2] Microsoft Digital Defense Report, https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023
[3] https://news.microsoft.com/source/wp-content/uploads/2023/11/US51315823-IG-ADA.pdf
[4] Microsoft Copilot for Security randomized controlled trial (RCT) with experienced security analysts conducted by Microsoft Office of the Chief Economist, January 2024.