RESEARCH NOTE: Microsoft Copilot for Security Harnesses Generative AI at Scale

By Will Townsend - March 13, 2024

Microsoft recently announced general availability for its Copilot for Security coming in April 2024. Ahead of the announcement, I had the opportunity to spend time with executives from the company in New York City at the Microsoft Experience Center, a stone’s throw from beautiful Central Park. In this research note, I will highlight what I find compelling about this offering, especially given the attention and hype being paid today to generative AI.

The Value of Generative AI for Security

Microsoft has been in customer preview with Copilot for Security for nearly a year. That’s a considerable amount of time, especially in the tech industry. However, from my perspective it’s a wise move. Rather than succumbing to the Gold Rush-like hype around generative AI, the company has taken a measured approach to ensure that customer feedback has been incorporated into the final version of the solution.

For bad actors, generative AI can be used in increasingly sophisticated identity hacks and phishing schemes, and through deep fakes, as documented in a Department of Homeland Security report. However, generative AI can also be leveraged by defenders to fortify security posture and dramatically simplify and speed the deployment and management of security operations.

Copilot for Security — General Availability Details

Microsoft is in a unique position to infuse the power of generative AI into security, given the vast install base of its security, productivity, and collaboration applications. At a high level, Microsoft Copilot for Security delivers four operational functions that directly address some of the top needs of security professionals:

  • Incident summarization that uses generative AI to quickly and accurately summarize alerts into actionable insights designed to decrease mean time to resolution (MTTR).
  • Impact analysis that offers AI-driven analytics to quickly assess impact, identify systems at risk, and make prioritization recommendations.
  • Elimination of reverse engineering of scripts, freeing SOC analysts to spend more valuable time in determining root cause through a natural language interface.
  • Guided response that delivers prescriptive incident response recommendations for triage, investigation, containment, and remediation that have the potential to improve security operational efficiency.

To provide added deployment flexibility, Microsoft is offering Copilot for Security in both standalone and embedded versions. I like the company’s approach, offering a dual path that I believe can scale the solution from small to midmarket to large enterprise customers to drive wider adoption. Microsoft has also created custom promptbooks in multiple languages that guide customers in the creation of natural language prompts for security workstreams. That’s an important consideration in eliminating any intimidation factor in using generative AI tools.

What I also find refreshing about Microsoft Copilot for Security is that it is not a walled-garden offering designed merely to strengthen the company’s other security solutions, including Defender and Entra. Instead, Microsoft is embracing the broader security ecosystem to scale its deployment with a growing library of plugins from Netskope, Valence Security, Tanium, and others. Pricing is also consumptive, allowing customers to pay as they grow. This applies to both the standalone version and embedded versions accessed through an Azure subscription, democratizing access to Copilot for Security.

Final Thoughts

From my perspective, Microsoft has put a lot of thought into Copilot for Security. The company could have easily rushed the GA version to market. Instead, it gathered considerable customer feedback, delivering a generative AI solution that has the potential to tip the scales of an ever-increasing cybersecurity fight to the advantage of defenders. The company’s decisions to provide deployment flexibility, price the solution consumptively, and collaborate with other security solution providers will also broaden access. That’s a solid strategy to build Copilot for Security’s long-term potential and success in thwarting the onslaught of malicious cyber activity.

For further insights, Moor Insights & Strategy and the Futurum Group conducted three video recordings with Microsoft security executives discussing Copilot for Security.

+ posts
Will Townsend manages the networking and security practices for Moor Insights & Strategy focused on carrier infrastructure providers, carrier services, enterprise networking and security. He brings over 30 years of technology industry experience in a variety of product, marketing, channel, business development and sales roles to his advisory position.