In this era of ever more sophisticated, AI-driven cyberattacks, fortifying your organization’s security posture is paramount. The attack surface is expanding, threat signals are multiplying exponentially, and—due to an industry-wide talent shortage—the enormous cognitive load borne by individual analysts is ever increasing.
The only security AI product that combines a specialized large-language model (LLM) with security-specific skills informed by its unique global threat intelligence, Microsoft Copilot for Security protects at machine speed and at scale. The technology responds to security incidents within minutes instead of days, and offers gains in quality of detection, speed of response, and ability to strengthen security posture over time. Copilot for Security is leveling the asymmetric battle between analysts and bad actors.
Atlantic Re:think spoke about the product’s capabilities—as well as its implications not just for security professionals, but for the industry at large—with Brandon Dixon, Partner Product Manager, Copilot for Security, and Rani Lofstrom, Director of Product Marketing, Security AI.
Atlantic Re:think
The platform is called Microsoft Copilot for Security, not Microsoft Pilot. Why is human intervention one of its important, if not essential, elements?
Brandon Dixon
It’s a fact that there’s a lot of drudgery in our industry. A lot of our customers are keen to identify “What should I actually spend my time on? Where am I most vulnerable? Where should I put my effort?”
Copilot for Security is meant to augment the role of a security operator or an IT practitioner. People are still needing to do the jobs themselves. We just want to make their jobs better, more efficient, and take advantage of where the technology shines and offers the most help.
Rani Lofstrom
A lot of senior analysts switch careers because they get so burnt out. We’ve just changed the game in how we’re going to be doing security response. In a controlled study, Copilot for Security increased speed and accuracy, which can reduce analyst fatigue and help with job satisfaction.
Atlantic Re:think
An industry-wide talent shortage means security professionals are spread extremely thin. In an ISC2 survey, twenty percent of security professionals reported that the shortage puts them at “extreme risk” of an attack. How can Copilot for Security help to reduce the workload of security analysts?
Brandon Dixon
If an incident has, say, 50 alerts associated with it, an analyst from the days of old would have had to go through each one: What’s the story? What’s the attack that’s going on? Copilot for Security automatically generates a summary. It gives them a much stronger foundation to operate from.
It’s very common for an analyst to come across a technical artifact, something you may not understand that’s doing something complex, like a script. We see this all the time, our customers see it, and it requires a special level of knowledge and expertise. Whereas previously you might have had to seek the help of someone more senior, Copilot for Security is able to analyze that complex technical artifact in a matter of minutes.
I think what makes us unique is that Microsoft has a significant amount of data and signals at our disposal. Copilot for Security can take all of those signals, look at your external attack surface or your posture management, and recommend the steps to take. A CISO might ask their team, “I just read about this thing in the news: Are we vulnerable to it?” The team can use Copilot for Security to answer his question.
Rani Lofstrom
Copilot for Security is also going to help foster better communication among security operations teams. Complex incidents usually take more than a shift to solve. Somebody’s been working hard on an incident for eight hours, the next shift comes in, you’ve lost some of that intellectual property when that reasoning, that decisioning is happening in someone’s head. But now you can easily get an incident summary of all of their investigation work so you can pick up where they left off.
Atlantic Re:think
There are 4 million job vacancies globally in cybersecurity. How can Copilot for Security, by augmenting the skills of analysts, help to ameliorate this situation? In particular, what are its implications for increasing diversity in an industry that is only 24% female, 9% black, 4% Hispanic, and 8% Asian?
Brandon Dixon
That’s really one of Copilot for Security’s biggest potentials, to upskill those without as much experience in the field.
When I worked at a startup, we would often bring in folks into the company who didn’t have experience. They were local to the area, they showed hunger and drive, and they just wanted someone to take a chance on them.
Generative AI can lower the barrier to entry of technical requirements that may historically have limited people with diverse backgrounds from coming in, just because they didn’t have experience. We anticipate seeing a lot more diversity occur because of those barriers being lowered.
Atlantic Re:think
Copilot for Security creates a space driven by natural-language prompts, but prompting is a distinct skill in and of itself. Is there a learning curve?
Brandon Dixon
I want to drive this home: With our embedded experiences—in Defender XDR, Sentinel, Intune, etc.—someone doesn’t have to understand prompting. Our existing products require, in my opinion, no education whatsoever. A summary showed up, a script was explained, my life is better.
When it comes to the standalone portal, which is driven by natural language, there is a little bit of nuance to writing a prompt. To aid our customers, we’ve put together what we call featured prompts and pre-created several out-of-the-box promptbooks.
The learning curve is a matter not so much of prompting but of figuring out the idiosyncrasies of the model and the system itself. It doesn’t matter if you use Copilot for Security or OpenAI directly or Gemini or Claude: All these different models have slight idiosyncrasies in how they respond and how you prompt them.
I formerly was an analyst, and one thing I’ve seen over the years is that security people don’t often get excited about the tools that they use. But when we surveyed our customers, 97% said they enjoyed working with it and would use it again. I think that’s a testament to the natural-language aspect—that it doesn’t require specialized skills, that it feels approachable and it feels different.
Atlantic Re:think
What if an organization is reliant on security solutions from multiple vendors?
Rani Lofstrom
Microsoft Copilot for Security has the ability to do custom plugins. So, if a customer has a number of other security solutions, those tools can work directly with Copilot for Security. If they built a custom line of business applications or other proprietary information systems, those can also be in Copilot for Security.
Brandon Dixon
When I meet with customers, one of the frustrations they have across security is that it’s highly fragmented, that they have to buy a whole bunch of solutions and make them work together. With Copilot for Security, I can be in one interface using natural language to articulate my question and have it go federated across my entire ecosystem to get back the best possible response. So they see that as a big game-changer. That’s a big ask from us.
We have an extensive ecosystem of partners we are working with who are developing services, solutions, and plugins for the system. Copilot for Security isn’t just making Microsoft products better; it’s bringing together the entire ecosystem.
Atlantic Re:think
Does Copilot for Security point the way to cybersecurity eventually becoming fully automated?
Brandon Dixon
I believe that there’s the capacity to automate some elements of the position or the job—augmenting the user themselves and making them more efficient and more productive—but not the job itself. We believe automation can help by taking those steps that don’t require reasoning or human intuition.
So I don’t see the analyst position being automated away. Instead it’s that they’re automating portions of the job to allow people to spend their time doing more proactive defensive measures.
Rani Lofstrom
For experienced analysts, we’re seeing Copilot for Security help them work 22% faster. Imagine if you could save 22% of your workweek. Most security teams that I’ve talked to don’t have enough time to do everything they know they should, or that they want to do. If you could get 22% back in your day, you could get to those extra incidents. You could do proactive threat-hunting across your network and maybe find a zero-day before it causes critical damage. Maybe you study for a new cert and uplevel your skills. The list goes on.