Every organization with modern technology is looking for an AI strategy. The technology is moving at a rapid pace and its hard to understand the results thus far. Everybody speaks about the potential but what impact is happening now? Microsoft provided its Security focused AI solution to earlier adopters via a private preview and found very positive results. This considers the technology isn’t public / generally available and being built as its being used. You can find a article about how early adopters used the technology and its impact HERE.
The key findings thus far can be summarized as the following value.
- Time saved: Tasks that require tons of clicking around in dashboards, research, and passing data around are reduced dramatically with AI. For example, discovered if your organization is vulnerable to a specific CVE, understanding which threat actors are using that vulnerability, what specific resources you own are impacted, and what steps to take can be time consuming without this type of technology.
- Skill gap reduction: The average security operation center is made of different services that require specific skills. An incident responder may not malware code. A vulnerability manager may not understand exploitation tactics. AI allows somebody to ask questions about what they don’t know and learn on the fly. For example, explain this threat, convert this code into a language I understand, explain how this impacts this thing, etc.
- Reporting: Very few people take joy in reporting things. AI in general has been a huge game changer for summarizing things. Imagine asking the AI to summarize for a non technical leader some technical event in a power point presentation.
- Better results: Most SOCs have a lot of data to shuffle through. It should be expected that manually working with that will lead to missed things. AI reduces the complexity and improves outcomes by using large amounts of data better than humans.
The blog post summarized specific Microsoft Security Copilot findings as the following:
Security Copilot is an AI assistant for daily operations in security and IT that can help organizations:
- Outpace adversaries—Security Copilot helps analysts respond to and remediate incidents faster. The increased speed and efficiency of generative AI lets analysts refocus on critical security tasks, including more time spent on proactive initiatives like implementing Zero Trust principles.
- Strengthen team expertise—Security Copilot helps junior security analysts complete more complex tasks with skills like natural language to Kusto Query Language (KQL) translation and malicious script analysis.
- Simplify the complex—Analysts no longer need to write complex scripts or KQL. They can simply ask questions in English and Security Copilot understands the context, sets the plan in motion, and writes the script. This saves time, exposes junior security analysts to more complex skills, and yields gains in productivity for organizations.
- Catch what others miss—Because Security Copilot uses generative AI to analyze data from many sources—including Microsoft Security products and Microsoft’s unrivaled threat intelligence—it can also help analysts catch what they might otherwise miss.
- Cut through the noise—Despite an extremely busy signal-to-noise ratio, Security Copilot synthesizes data and detects “important” signals better than ever before, allowing security and IT professionals to access, summarize, and act on insights from their tools faster.
- Broaden the hiring pool—Because of the upskilling potential, Security Copilot allows Tier 1 analysts to complete more complex tasks, which means organizations can recruit and develop talent from a broader, more diverse resource pool.
Check out the blog post HERE to learn more. Also, expect new things to be announced next week at Microsoft ignite.