It is raining again here in Northern California (but we are not complaining!). And in the technology world, it continues to rain about all things AI. Artificial Intelligence for those of you who have been living under a rock of late. In the land of Microsoft AI, the company has just announced its Security Copilot.
(Before I continue, though, enjoy this classic copilot conversation.)
What is Security Copilot?
Security Copilot is like a personal assistant for anyone working on cybersecurity. This video from Microsoft helps explain things. You pose questions and Security Copilot provides answers. It is built on OpenAI’s GPT-4 generative AI model, as well a Microsoft-developed security model.
This security model provides the “secret sauce,” as it accesses the trillions of security “signals” Microsoft sees every day across all its services. Talk about a large dataset.
What can you do with Security Copilot? Here are some examples.
- You can ask it to show you all the alerts that are associated with an attack. The copilot can show you what systems the malware has queried and help you predict where the malware is going next.
- Ask Security Copilot to reverse engineer a piece of malware code and the copilot will produce a diagram that describes the code’s functions and attack targets.
- Submit a snippet of code, such as node4js, and ask Security Copilot to identify all the systems where that code exists. The copilot can then evaluate the potential vulnerability of each network element based on presence of node4js code and other mitigating security settings.
Is it Ready for Prime Time?
Security Copilot shows a lot of promise. But it, like other recently announced AI products, is long on aspiration and short on delivery. Tech companies appear to be bent on being the first to announce AI capabilities. We used to call these announcements chart ware. Here are some reasons to pump the brakes on this and other AI-related product announcements.
First, the copilot is not commercially available yet. We cannot go hands on with Security Copilot to see what it does and how easy or hard it is to make it work. I’m sure we will get our hands on the product soon enough. Until then, we are left to parse the blog posts, demos, and presentations to decide what the product can do out-of-the-box.
We must also wait to see which other security vendors sign on to integrate with Security Copilot. Organizational cybersecurity programs are comprised of products from multiple vendors. Security Copilot will be far less valuable if it does not integrate with all the elements of your security infrastructure. So, who supports Security Copilot, with what, and how well are all vital questions.
Should You Care About It?
If Security Copilot is still maturing, should you care about it?
Yes. If not now, then soon.
- Like other AI announcements, this copilot is as much about what it could do as what it does do. OpenAI will continue to iterate and improve its GPT-4 service. Microsoft will continue to invest in rolling out new functions. Independent Software Vendors will develop Copilot-driven apps that meet the needs of specific industry vertical segments.
- If you have a Security Operations Center (SOC), you can use Security Copilot right now to help you investigate cybersecurity threats.
- Most of you do not run a SOC. However, you are using various Microsoft security products. You can expect that those products will “talk” to Security Copilot and respond to commands. Since you also use security products from other vendors, you will want to see how rapidly Microsoft can grow its Copilot ecosystem.
- This copilot addresses the talent gap that exists in cybersecurity. It extends the speed and reach of your security staff.
I still favor cybersecurity automation over staff augmentation. However, it will be a while before we trust cybersecurity automation to correctly interpret security signals and take appropriate action. Until then (and even after that time), we will continue pursuing a human-centered approach to cybersecurity.
Security Copilot as a finished product is underwhelming. As a capability, it shows promise. It is a tool that can operate at machine scale to find and make sense out of all the cybersecurity “needles” in our network “haystack.”
Exciting times lay ahead!