Today the odds remain stacked against cybersecurity professionals. Too often, they fight an asymmetric battle against prolific, relentless and sophisticated attackers. To protect their organizations, defenders must respond to threats that are often hidden among noise. Compounding this challenge is a global shortage of skilled security professionals, leading to an estimated 3.4 million openings in the field.
The volume and velocity of attacks requires us to continually create new technologies that can tip the scales in favor of defenders. Security professionals are scarce, and we must empower them to disrupt attackers’ traditional advantages and drive innovation for their organizations.
In the last few months, the world has witnessed a wave of innovation as organizations apply advanced AI to new technologies and use cases. We are ready for a paradigm shift and taking a massive leap forward by combining Microsoft’s leading security technologies with the latest advancements in AI.
Today, at our inaugural Microsoft Secure event, I am delighted to welcome you to the new era of security — shaped by the power of OpenAI’s GPT-4 generative AI — and thrilled to introduce to you Microsoft Security Copilot.
Security Copilot — end-to-end defense at machine speed and scale
Microsoft Security Copilot is the first security product to enable defenders to move at the speed and scale of AI. Security Copilot combines this advanced large language model (LLM) with a security-specific model from Microsoft. This security-specific model in turn incorporates a growing set of security-specific skills and is informed by Microsoft’s unique global threat intelligence and more than 65 trillion daily signals. Security Copilot also delivers an enterprise-grade security and privacy-compliant experience as it runs on Azure’s hyperscale infrastructure.
When Security Copilot receives a prompt from a security professional, it uses the full power of the security-specific model to deploy skills and queries that maximize the value of the latest large language model capabilities. And this is unique to a security use-case. Our cyber-trained model adds a learning system to create and tune new skills. Security Copilot then can help catch what other approaches might miss and augment an analyst’s work. In a typical incident, this boost translates into gains in the quality of detection, speed of response and ability to strengthen security posture.
Security Copilot doesn’t always get everything right. AI-generated content can contain mistakes. But Security Copilot is a closed-loop learning system, which means it’s continually learning from users and giving them the opportunity to give explicit feedback with the feedback feature that is built directly into the tool. As we continue to learn from these interactions, we are adjusting its responses to create more coherent, relevant and useful answers.
Security Copilot also integrates with the end-to-end Microsoft Security products, and over time it will expand to a growing ecosystem of third-party products. So, in short, Security Copilot is not only a large language model, but rather a system that learns, to enable organizations to truly defend at machine speed.
We absolutely believe that security is a team sport, and security should be built with privacy at the core. We’ve built Security Copilot with security teams in mind— your data is always your data and stays within your control. It is not used to train the foundation AI models, and in fact, it is protected by the most comprehensive enterprise compliance and security controls. While remaining private, each user interaction can be easily shared with other team members to accelerate incident response, collaborate more effectively on complex problems and develop collective skills.
Technology that elevates human strengths
Human creativity and knowledge will always be imperative for defense. Security Copilot can augment security professionals with machine speed and scale, so human ingenuity is deployed where it matters most. In delivering this experience, we are guided by three principles:
- Simplify the complex.
In security, minutes count. With Security Copilot, defenders can respond to security incidents within minutes instead of hours or days. Security Copilot delivers critical step-by-step guidance and context through a natural language-based investigation experience that accelerates incident investigation and response. The ability to quickly summarize any process or event and tune reporting to suit a desired audience frees defenders to focus on the most pressing work.
- Catch what others miss.
Attackers hide behind noise and weak signals. Defenders can now discover malicious behavior and threat signals that could otherwise go undetected. Security Copilot surfaces prioritized threats in real time and anticipates a threat actor’s next move with continuous reasoning based on Microsoft’s global threat intelligence. Security Copilot also comes with skills that represent the expertise of security analysts in areas such as threat hunting, incident response and vulnerability management.
- Address the talent gap.
A security team’s capacity will always be limited by the team’s size and the natural limits of human attention. Security Copilot boosts your defenders’ skills with its ability to answer security-related questions – from the basic to the complex. Security Copilot continually learns from user interactions, adapts to enterprise preferences, and advises defenders on the best course of action to achieve more secure outcomes. It also supports learning for new team members as it exposes them to new skills and approaches as they develop. This enables security teams to do more with less, and to operate with the capabilities of a larger, more mature organization.
Unrivaled security capabilities
With Security Copilot, we are taking the agility advantage back to defenders by combining Microsoft leading security technologies with the latest advancements in AI. By working with Security Copilot, organizations get access to an unrivaled depth and breadth of security AI capabilities, including:
- Ongoing access to the most advanced OpenAI models to support the most demanding security tasks and applications
- A security-specific model that benefits from continuous reinforcement, learning and user feedback to meet the unique needs of security professionals;
- Visibility and evergreen threat intelligence powered by your organization’s security products and the 65 trillion threat signals Microsoft sees every day to ensure that security teams are operating with the latest knowledge of attackers, their tactics, techniques, and procedures;
- Integration with Microsoft’s end-to-end security portfolio for a highly efficient experience that builds on the security signals;
- A growing list of unique skills and prompts that elevate the expertise of security teams and set the bar higher for what is possible even under limited resources.