Teaching Cyber Blog

Microsoft Security Copilot Overview for Cybersecurity Professionals

Microsoft Security Copilot is an AI assistant to help in the development of your security workflows.  It is designed with SOC analysts in mind particularly with detecting and responding to potential security incidents.

Does it replace people?  No, don’t panic, AI is nowhere near replacing security professionals as AI itself is nowhere near the level of general artificial intelligence that humans are capable of.  Current AI can be trained to play chess, but it does not understand what a chess board is. This understanding gap is what makes AI vulnerable to be fully depended upon, and not able to replace a person.

What can it be used for?  Copilot could be useful as a reference point, particularly small teams, and it can be used to ask questions and return responses back to people to aid with incidents and other general security tasks.  This can be advantageous as a way to verify information quicker than using traditional internet searches.

What about the other Copilot features? There is certainly an opportunity to integrate into other Microsoft products, however given that previous products, Graph API for example, contain many gaps since release.  Features such as fully fledged integrations consistent across all Microsoft services of value in a cyber security context is unlikely in the near future.

Microsoft is a commercial company and has to advertise its products where heavy investment has been made, therefore not a surprise marketing is aimed at generating sales.  Some other features mentioned are bold and I would recommend verifying before buying are:

  • Providing rapid incident response support
  • Enhance your securing posture through continuous risk assessments
  • Focus on addressing the cyber security talent gap
  • Using AI responsibly

Where else can Copilot be used?

Incident response it can guide actions and response steps across the different stages of incidents.

Threat Intelligence can provide enrichment information based on Microsoft threat feeds and indicators of compromise.

Compliance monitoring as industry regulations and standards take greater priority the number of compliance checks will grow exponentially, there is potential for AI based support.

Malware analysis providing support based on indicators and samples for analysis.

General anything else that is general

If you are already a Microsoft customer, it would be foolish not to consider reviewing this feature when available.

Some caveats to think about with Copilot. There is a potential for teams to and members of teams to break into silos, opting to use online resources over communicating with colleagues. This could be detrimental to a healthy working environment especially when combined with working from home. There could also be an overconfidence with tools over process & knowledge. Without the foundational knowledge, if a tool fails the team fails due to overdependence.