Microsoft Security Copilot - your new best friend! - George Coldham. NDC Sydney 2024

Security Copilot is Microsoft’s first generative AI security product, announced in March 2023, using GPT-4 and Microsoft’s security-specific model

The tool helps security professionals work faster by automatically analyzing incidents, providing natural language summaries, and suggesting remediation steps

Key features include:

• Automatic incident investigation and correlation
• Natural language queries instead of complex KQL
• Contextual threat intelligence integration
• Step-by-step remediation guidance
• Post-incident report generation

Data security principles:

• Customer data is encrypted and stored in chosen region
• Data is not used to train the foundational AI model
• Access follows existing role-based permissions
• Built-in ethical framework and safety guardrails

The product integrates with Microsoft’s security stack:

• Defender
• Sentinel
• Entra (Identity)
• Purview/Priva (Compliance)
• Intune (Device Management)

Primary benefits:

• Helps junior analysts become effective faster
• Reduces mean time to investigate/respond
• Simplifies complex security tasks
• Enables natural language interaction
• Maintains context across investigations

Currently in early access program, not yet generally available

• Access through Microsoft account teams
• Expanding customer base for feedback
• Continuous feature development

Designed to augment human analysts, not replace them:

• Supports decision-making
• Requires human verification
• Acts as copilot rather than autopilot
• Maintains human accountability