8 Novembre 2023

Insights from Microsoft Security Copilot early adopters

To understand why customers are adopting generative AI solutions like Microsoft Security Copilot, we have to go back to the cyberthreat landscape—which continues to get more challenging. Organizations are facing a surge in cyberattacks while also dealing with a global shortage of security talent. In only the past 12 months, Microsoft has seen password attacks more than triple to more than 4,000 per second.1 And, if an organization falls victim to a phishing attack, it now only takes an attacker an average of 72 minutes to access private data. Add on the global shortage of 3.4 million skilled cybersecurity experts and many organizations are left feeling vulnerable and under protected.2

Generative AI: The game changer in cybersecurity

To tip the scales in favor of safety and security, we need to augment the work of our skilled security professionals. Human ingenuity and expertise will always be irreplaceable components of defense, but we need technology to expand the skill sets of our security teams with the lightning-fast processing speeds, rapid pattern recognition, and continual improvements of generative AI. By detecting hidden patterns and sharing informed responses back at machine speed—while always adhering to the latest, most advanced security practices—generative AI can help us regain an advantage against cybercriminals. AI provides near real-time visibility and context for potential threats, helping us investigate and mitigate threats faster. When we utilize solutions that incorporate generative AI, teams can become more effective and efficient, using natural language prompts rather than complex queries, and collaborate more easily with shared skills. Early preview customers of Microsoft Security Copilot agree.

Microsoft Security Copilot

Powerful new capabilities, new integrations, and industry-leading generative AI—now available in early access.

Enterprise office workers collaborating in an open work space.

Early customers report Microsoft Security Copilot saves time

Greg Peterson, Senior Director of Security, Technology, and Operations at Avanade, shares the challenges his organization faces today and how Microsoft Security Copilot can help by empowering senior analysts, junior analysts, and even interns to get ahead of potential security threats.

“For senior analysts, Security Copilot might give them a different and new way to look at a problem. But for our more junior analysts, it’s really going to help bridge the skills gap—especially as we build more curated prompt playbooks and learn how to use those tools,” Peterson explained.  

Beyond generative AI, our end-to-end security, identity, compliance, and privacy solutions allow us to cover more cyberthreat vectors and deliver more value with a coordinated, comprehensive customer experience across the entire digital estate. By embracing generative AI and simplifying otherwise complex toolsets, we help organizations gain an advantage against cyberattackers and allow them to refocus precious security resources on more important business tasks, like innovation. In our preview of Microsoft Security Copilot, customers reported saving up to 40 percent of their security analysts’ time on foundational tasks like investigation and response, threat hunting, and threat intelligence assessments.3 And on more mundane tasks like preparing reports or troubleshooting minor issues, Security Copilot delivered gains in efficiency up to and above 60 percent.3 But the most promising data coming out of our early research is not the numbers, but what customers can do with these gains in efficiency and time saved.

Upskilling with Security Copilot: Empowering junior security analysts

Our preview research data suggests that Security Copilot can enable junior security analysts, including Tier 1 and 2 team members, to take on tasks that were previously reserved for Tier 3 and 4 security professionals. To test this hypothesis, we asked our own Microsoft security operations center (SOC) analysts to evaluate the output of Security Copilot on tasks like incident summarization, script analysis, incident reporting, query assistance, and guided response. The results were impressive: experienced practitioners equated Security Copilot outputs to those of mid- to expert-level human analysts, particularly for tasks such as incident summarization, script analysis, and query assistance. This means that any analyst can use natural language prompts to initiate and perform tasks that they may not have a lot of experience or expertise in, and the outputs of Security Copilot will help them both accomplish the right results immediately and, more importantly, help them develop those critical skills for long-term use. With Security Copilot, your team can accomplish a lot more with the resources you already have.

The impact of Security Copilot on your organization

Microsoft Security Copilot is more than just an AI-powered, large language model working with your security technology. It builds on the latest innovation in large language models and uniquely goes beyond that, harnessing the foundational power of Microsoft’s security expertise, global threat intelligence, and technologies to deliver massive efficiency gains for the most vital security use cases. When you submit a prompt, Security Copilot improves it with the security-specific system built on deep Microsoft Security knowledge and continuous learning. Your prompt is enriched with the end-to-end Microsoft Security product portfolio and fresh threat intelligence informed by Microsoft’s 65 trillion signals and human intelligence.1 Finally, it translates the response according to your prompt instructions, taking the form of text or code that helps you see the full context of an incident, the impact, and the next steps you should take to deepen understanding or to take direct action for remediation and defense hardening.

Flow chart showing how Microsoft Security Copilot transforms security expertise, threat intelligence, and enterprise data from Microsoft Security solutions into guidance.

Security Copilot is an AI assistant for daily operations in security and IT that can help organizations:

  • Outpace adversaries—Security Copilot helps analysts respond to and remediate incidents faster. The increased speed and efficiency of generative AI lets analysts refocus on critical security tasks, including more time spent on proactive initiatives like implementing Zero Trust principles.
  • Strengthen team expertise—Security Copilot helps junior security analysts complete more complex tasks with skills like natural language to Kusto Query Language (KQL) translation and malicious script analysis.
  • Simplify the complex—Analysts no longer need to write complex scripts or KQL. They can simply ask questions in English and Security Copilot understands the context, sets the plan in motion, and writes the script. This saves time, exposes junior security analysts to more complex skills, and yields gains in productivity for organizations.
  • Catch what others miss—Because Security Copilot uses generative AI to analyze data from many sources—including Microsoft Security products and Microsoft’s unrivaled threat intelligence—it can also help analysts catch what they might otherwise miss.
  • Cut through the noise—Despite an extremely busy signal-to-noise ratio, Security Copilot synthesizes data and detects “important” signals better than ever before, allowing security and IT professionals to access, summarize, and act on insights from their tools faster.
  • Broaden the hiring pool—Because of the upskilling potential, Security Copilot allows Tier 1 analysts to complete more complex tasks, which means organizations can recruit and develop talent from a broader, more diverse resource pool.

Lean into the AI era

At this year’s Microsoft Ignite, from November 14 to 17, 2023, learn how to lean into the AI era and protect your people, data, devices, and apps across clouds and platforms. We plan to share more big news about Security Copilot and more innovations—including new integrations to support a broader set of use cases. Join our free digital online experience to watch Scott Guthrie’s (Microsoft Executive Vice President, Cloud and AI) keynote titled AI transformation for your organization with the Microsoft Cloud. And catch Rob Lefferts’ (Corporate Vice President, Microsoft Threat Protection) breakout session titled Unifying XDR + SIEM: A new era in SecOps to supercharge your threat detection, response, and defense. For news on what’s next with generative AI and Microsoft Security Copilot, sign up for email updates.

Learn more

Learn more about Microsoft Security Copilot.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (formerly known as Twitter) (@MSFTSecurity) for the latest news and updates on cybersecurity.


1Microsoft Digital Defense Report 2023, Microsoft.

2Cybersecurity Workforce Study, ISC2. 2022.

3Microsoft Security Copilot Private Preview customer survey conducted by Microsoft, October 2023.

The post Insights from Microsoft Security Copilot early adopters appeared first on Microsoft Security Blog.


Source: Microsoft Security

Share: