Microsoft has answered the question of what solution providers can do with ChatGPT: Incorporate it into a tool for security analysts.

The tool is an AI assistant called Microsoft Security Copilot, a service to quickly detect and respond to threats and help analysts better understand the threat landscape overall.

Now in private preview, Security Copilot will combine the search and natural language reply capabilities of ChatGPT4 with Microsoft’s threat intelligence capabilities.

If a company gets an endpoint alert from Microsoft Defender, a threat analyst could ask Security Copilot to assemble a story on the compromise, including a graphic of the attack chain that can be shared with others on the security team. It could reverse-engineer an attack script or tell the analyst how many email messages are associated with the attack.

This Microsoft video better shows how it works:

Security Copilot will also continually learn and improve to help ensure that security teams are operating with the latest knowledge of attackers, their tactics, techniques and procedures, Microsoft said.

Security Copilot doesn’t always get everything right, the company admitted. In fact, query responses say content should be verified before sharing. But, Microsoft said, Security Copilot is a closed-loop learning system that continually learns from users’ feedback.

The company stressed that each organization’s implementation of Copilot will use only its own corporate data. There will be no sharing of security data across customers to help the platform learn.

At the moment, it only integrates with Microsoft products like Defender, Entra, Intune, Priva and Purview. But the company promises it will integrate with other companies’ products, many of whom would be Microsoft partners.

Microsoft emphasized that Security Copilot can help inexperienced members of security teams better fight attacks.

The company didn’t say when Security Copilot will be generally released, nor did it say how much it will cost.

“Today the odds remain stacked against cybersecurity professionals. Too often, they fight an asymmetric battle against relentless and sophisticated attackers,” said Vasu Jakkal, corporate vice-president of Microsoft Security. “With Security Copilot, we are shifting the balance of power into our favor. Security Copilot is the first and only generative AI security product enabling defenders to move at the speed and scale of AI.”

In a commentary, Forrester Research senior analyst Allie Mellen said Security Copilot is poised to become the connective tissue for all Microsoft security products and, importantly, will integrate with third-party products as well. This is a hard and fast requirement for an assistant that can provide comprehensive and consistent value, she said.

“This is the first time a product is poised to deliver on true improvement to investigation and response with AI,” she said. “With this announcement, we leave an era behind where AI was relegated to detection, and enter one where AI has the potential to improve one of the most important issues in security operations: analyst experience (AX).”

MORE TO COME

The post Microsoft Security Copilot leverages ChatGPT to help defenders understand attacks first appeared on IT World Canada.