We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Microsoft Security Copilot - your new best friend! - George Coldham. NDC Sydney 2024
Discover Microsoft Security Copilot's AI-powered capabilities for faster incident response, natural language analysis, and automated security workflows in this comprehensive overview.
-
Security Copilot is Microsoft’s first generative AI security product, announced in March 2023, using GPT-4 and Microsoft’s security-specific model
-
The tool helps security professionals work faster by automatically analyzing incidents, providing natural language summaries, and suggesting remediation steps
-
Key features include:
- Automatic incident investigation and correlation
- Natural language queries instead of complex KQL
- Contextual threat intelligence integration
- Step-by-step remediation guidance
- Post-incident report generation
-
Data security principles:
- Customer data is encrypted and stored in chosen region
- Data is not used to train the foundational AI model
- Access follows existing role-based permissions
- Built-in ethical framework and safety guardrails
-
The product integrates with Microsoft’s security stack:
- Defender
- Sentinel
- Entra (Identity)
- Purview/Priva (Compliance)
- Intune (Device Management)
-
Primary benefits:
- Helps junior analysts become effective faster
- Reduces mean time to investigate/respond
- Simplifies complex security tasks
- Enables natural language interaction
- Maintains context across investigations
-
Currently in early access program, not yet generally available
- Access through Microsoft account teams
- Expanding customer base for feedback
- Continuous feature development
-
Designed to augment human analysts, not replace them:
- Supports decision-making
- Requires human verification
- Acts as copilot rather than autopilot
- Maintains human accountability