Microsoft launches AI tool Security Copilot to help cybersecurity personnel respond to threats

Recently Microsoft launched Security Copilot, a new tool designed to simplify the work of network security personnel through AI assistants and help them respond to security threats.

Cybersecurity personnel often have to manage many tools and massive amounts of data from multiple sources. Microsoft recently announced the launch of Security Copilot, a new tool designed to simplify the work of network security personnel through AI assistants and help them respond to security threats.

Copilot leverages the latest GPT-4 technology based on OpenAI to allow cybersecurity personnel to ask and get answers to current security issues affecting the environment, and even directly integrate within the company Knowledge, providing teams with useful information, learning from existing information, correlating current threat activity with data from other tools, and providing the latest information.

Microsoft has combined the power of OpenAI's large-scale language model into this tool, allowing it to understand the questions asked and summarize threat reports generated by the company's cybersecurity team and external data, as well as Microsoft's own threats. analyze. Microsoft says the model is informed by more than 100 different data sources and receives more than 65 trillion threat signals every day.

With Security Copilot, professionals can quickly investigate critical incidents by leveraging AI assistants that use natural language to drill down into data. The tool can use its ability to understand conversational language to summarize processes and events, providing quick reports to get team members up to speed faster.

For example, Prompt Assistant provides incident response reporting for a specific, ongoing investigation based on a set of tools and events. AI assistants can extract data and information from these tools and provide users with summaries, reports, and other information based on a given query and display it. Users can then refine their questions to ask the AI ​​to provide more information, change the way the report is displayed or summarized, the tools used, and the event information extracted from it.

Jakkal said the assistant can also identify anomalies by using Microsoft's own global threat intelligence to predict and spot potential threats that professionals might miss. Professionals can also use the tool to expand their skills, such as reverse engineering potentially malicious scripts and send the information to another colleague, who sees if it needs to be flagged for further research.

While this is a very useful tool for security professionals, it is not without its flaws. Since all Copilot tools integrate GPT-4, Microsoft warns that the tool doesn't "always get everything right," and the same is true for Security Copilot. To address this issue, Microsoft has added a feature that lets users report on AI-generated responses so they can better make adjustments.

Avivah Litan, vice president and renowned analyst at Gartner, said: "Security Copilot requires users to check the accuracy of the output without giving the user any score on the likelihood that the output is correct. Users rely on the output and make assumptions about these The output was correct, and given that we're talking about enterprise security, we believe this is an unsafe approach."

In Microsoft's demo, the AI's mistakes were benign, but in real-life investigations , the AI ​​may make a mistake that is harder for security experts to detect and go unnoticed. "There's still a long way to go before enterprises can feel comfortable using these services," Litan said. Microsoft has been on an acquisition spree to bolster its threat detection capabilities, including threat management company RiskIQ and Threat Analyst firm Miburo.

The AI ​​assistant is natively integrated with many Microsoft security products, including Sentinel, the enterprise cloud-based cyber threat management solution, and Defender, the anti-malware solution. The software is currently available in private preview.

The above is the detailed content of Microsoft launches AI tool Security Copilot to help cybersecurity personnel respond to threats. For more information, please follow other related articles on the PHP Chinese website!