Microsoft Copilot for Security Stands Up to Cyber Attacks

The digital world is not only becoming smarter as technology advances, but also more dangerous. Sophisticated cyberattacks, most recently fueled by artificial intelligence, urgently require new responses from IT security departments. With Copilot for Security, Microsoft has launched an intelligent assistant that uses an AI model specially trained for the security sector to relieve employees, detect anomalies, and drastically reduce response times in emergencies. What can the tool do?

Central Control Center for Defense

In practice, Copilot for Security acts as a hub that brings together and analyzes data and signals from programs such as Microsoft 365 Defender, Microsoft Sentinel, and Microsoft Intune. In addition to the security programs designed for Windows systems, Copilot also has a constantly expanding list of pre-installed and user-defined plug-ins that extend beyond the Microsoft ecosystem to include third-party solutions from endpoint, cloud, or mobile security providers. Comprehensive access to information from various tools and sources makes it easier and quicker for analysts to gain a holistic overview, especially in incident handling.

The intuitive interface offers a prompt bar that allows users to communicate with the model in natural language and query information. For correct and efficient reactions to suspicious actions or anomalies, users can create specific action steps in the form of predefined prompts in customizable prompt books. This feature ensures that even less experienced analysts can handle a security incident without needing to escalate it, significantly reducing response times and enabling rapid countermeasures—crucial aspects in successfully defending against attacks.

AI Meets Human Expertise

Copilot for Security also supports security analysts who do not write complex queries daily to filter out information from vast amounts of data. The smart assistant is not limited to threat intelligence but also offers real value to IT administrators, compliance officers, and risk analysts.

Microsoft Copilot’s large language model is based on a separate instance of GPT that Microsoft operates itself, ensuring that GPT developer OpenAI has no access to data or prompts. This keeps data within compliance limits and prevents it from being used to train other AI models.

The major advantage of Copilot for Security lies in providing the required information—the AI knows where data is located, and which anomalies occurred when. However, the tool cannot replace human experts. The interaction between Copilot and the experience and knowledge of the analysts creates significant added value. Although AI provides the basic knowledge with the data, it lacks the judgment and expertise to process the information in the right context. Human expertise is still required to correctly assess situations and take appropriate countermeasures. Therefore, Copilot for Security is a powerful tool that can develop its full potential when it works hand in hand with human security experts.

Article By

Theus Hossmann
Chief Technology Officer

Theus Hossmann is Chief Technology Officer for Ontinue. He is responsible for everything around data, data science and AI, and leads Ontinue’s team of expert data scientists and data engineers. Theus has published dozens of papers on applied AI and machine learning for top-tier conferences and journals such as ACM and IEEE. Theus earned his PhD in Applied Machine Learning from ETH Zürich, Switzerland.