Microsoft Promises SOC Relief with Coming Security Copilot AI
Microsoft Security Copilot is currently at the invite-only early preview stage.
The coming Security Copilot artificial intelligence implementation in Microsoft 365 Defender will ease routine tasks for Security Operations Center (SOC) personnel, Microsoft suggested, in a Thursday announcement.
SOC personnel won't have to perform investigations or compile incident reports. The Security Copilot integration in Microsoft 365 Defender will translate what the attack code does, too, the announcement indicated.
Currently, Security Copilot is at the "early access" invitation-only stage now, having been unveiled back in March. Security Copilot uses OpenAI's models, as well as "Microsoft’s security-specific model trained on the largest breadth and diversity of security signals in the industry -- over 65 trillion to be precise," the announcement explained.
Microsoft is adding Security Copilot to its Microsoft 365 Defender extended detection and response (XDR) platform, and that integration will offer "an intuitive experience" for SOC analysts, Microsoft indicated. Specifically, Security Copilot will show summaries of incidents that analysts can investigate. However, Microsoft suggested that the summary report would be good enough, as is:
By leveraging the incident summary, SOC analysts no longer need to perform an investigation to determine what is most urgent in their environment, making prioritization, understanding impact and required next steps, easy and reducing time to respond.
If wanted, though, analysts can craft a report of an incident by simply clicking a "Generate incident report button."
The hunting capability in Microsoft 365 Defender also works with Security Copilot. Users can ask Security Copilot to produce a hunting query, which gets generated in the form of the Kusto Query Language. It's also possible for analysts to use Security Copilot to analyze a PowerShell script used in an attack and "turn it into human-readable language," Microsoft indicated.
Analysts using Microsoft 365 Defender with Security Copilot will get "guided response recommendations" as well. These responses are based on "past actions taken by the organization in response to similar alerts or incidents," Microsoft explained.
It's not clear when this Security Copilot integration will be available for testing. Microsoft's announcement included a sign-up link, but it's not a download link or trial sign-up form. People signing up will just get information on Microsoft's security product announcements.
According to the Security Copilot landing page FAQ, interested organizations wanting to get involved in the Early Access Program should "contact your account representative" to see if they are eligible.
Microsoft's announcement included a list of Microsoft Learn documents at the end. Possibly, people can access them, but my attempt was blocked.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.