For those I’ve been meeting with lately, you know I represent Microsoft’s SOC focused security AI known as Security Copilot. I’ve had duct tape over my mouth the last month regarding not being allowed to speak about what is finally publicly announced at Microsoft Ignite. In short, the previous private preview version of this technology leverage XDR, EDR, and asset management tools, which is really good. You are able to ask about vulnerabilities, incidents, and other data found within that plumbing.
The new stuff makes Security Copilot even cooler. Now with support for plugging into Purview data, data security concepts can be leveraged such as asking “how does this incident impact my data”, or anything else regarding what is happening with your data. Support for identity tools now allows to understand situations like tell me which of Joey’s accounts are locked, why they are locked, and if Joey is a high-risk user. Support for cloud security allows questions regarding risk within cloud applications IE looking beyond on prem and user assets. The tech continues to get cooler with every update and its not even generally available yet.
Some 3rd party integrations were announced including support for what around 72% of SOCs use, which is ServiceNow. You should expect to see more Microsoft as well as 3rd party plugins become available between now and when Security Copilot becomes generally available.
Check out the details on these updates HERE. AI is the future of every security operation center. Have you developed your AI strategy yet?