How AI-powered security in combination with an MSSP can help you defend your organisation faster and more effectively

MSSPs and Microsoft Security CoPilot

Microsoft Security CoPilot is an AI-powered security solution that helps security professionals defend their organisations at machine speed and scale. It uses natural language to generate tailored insights and guidance for various scenarios such as incident response, threat hunting, intelligence gathering, and posture management. It leverages the OpenAI architecture and security-specific plugins to access organisation-specific information, authoritative sources, and global threat intelligence.

Security Copilot is the only security AI product that combines a specialized language model with security-specific capabilities from Microsoft. These capabilities incorporate a growing set of security-specific skills informed by Microsoft’s unique global threat intelligence and more than 65 trillion daily signals. Security Copilot works with other Microsoft Security products—including but not limited to Microsoft Defender XDR, Microsoft Sentinel, Microsoft Intune, Microsoft Entra, Microsoft Purview, Microsoft Defender for Cloud, and Microsoft Defender for External Attack Surface Management.

Security Copilot uses the data and signals from these products to generate customized guidance.

Security Copilot aims to augment the existing skills and capabilities of security professionals by providing them with (but not limited to) the following:

? Incident response: It can help MSSP analysts to quickly summarize, assess, and remediate incidents, by providing them with effective search, critical guidance, and context. It can improve the mean time to detect and respond, and enable security teams to handle incidents in minutes rather than hours or days.

? Staff empowerment: It can support and advance the work of junior staff, by offering them step-by-step guidance. It can also reduce the workload and complexity of senior staff, by automating tasks and workflows. It can help security professionals to focus on strategic priorities and enhance their skills and capabilities.

? Customer satisfaction: It can deliver faster and better security outcomes for MSSP customers, by processing signals at machine speed and assessing risk exposure in minutes. It can also improve security posture and resilience, and enhance security awareness and education, by providing prescriptive guidance and ready-to-share reports and summaries.

Sounds Great! What’s the catch?

Microsoft Security Co-pilot is an innovative AI-powered security solution that can help security professionals defend their organizations at machine speed and scale. However, like any other technology, it also comes with some potential concerns that potential adopters need to be aware of.

? Data exposure: Microsoft Security Copilot has the same level of data access as the user who uses it, which may be more than necessary. According to a study, about one-tenth of an organization’s data stored in Microsoft 365 is accessible to every employee . This creates a potential danger of exposing, abusing, or stealing sensitive data by people who are not authorized to view or use it. With this careful considerations will need to be put into place regarding Access Control Policies before the implementation of Microsoft Security Copilot.

? Data protection: Microsoft Security Copilot can also quickly create new sensitive data that needs to be safeguarded. Before the advent of AI, human beings were producing and distributing data faster than they could secure it. The increasing number of data breaches is a clear evidence of this.

? Data quality: Microsoft Security Copilot can incorporate public web content in its responses, which may not be trustworthy, correct, or current. Users need to check the sources and credibility of the information generated by Microsoft Security Copilot before using it for making decisions or sharing it with others.

Microsoft has stated that it is committed to using AI responsibly and that Microsoft Security Copilot is compliant with its existing privacy, security, and compliance commitments to Microsoft 365 commercial customers, including the General Data Protection Regulation (GDPR) and European Union (EU) Data Boundary2. Users can also control the access and usage of Microsoft Security Copilot through various settings and policies.

AI that boosts, not replaces, human security skills

Microsoft Security Copilot is an AI-powered security solution that can augment the skills of security professionals, but it cannot replace them. It can generate tailored insights and guidance for various scenarios using natural language, but it still relies on the input and feedback of the user. It cannot replace valuable functions such as proactive threat hunting, which requires human analysts who can think creatively, critically, strategically and confirm the validity of the information it returns back. Microsoft Security Copilot will need professionals who have both technical and security expertise to make sure that they are asking the right questions, to interpret the data that it returns, and to take appropriate actions based on the insights and guidance that it provides.

Security CoPilot is currently an invitation only Early Access Program. To which CSA are working on access for.