UPDATED 14:48 EDT / JUNE 19 2024

On the latest episode of SecurityANGLE, the discussion centered around Microsoft Copilot for Security. SECURITY

Unpacking the nuances of Microsoft Copilot for Security with Ramsac

At the beginning of April, Microsoft Corp. launched a public preview of its new unified security operations platform and general availability of Microsoft Copilot for Security.

Copilot for Security is a generative AI solution that uses natural language inputs to help guide IT teams and integrates with other Microsoft cybersecurity products and platformsMicrosoft is not the first company to use AI in cybersecurity, but it has the advantage of being integrated with existing enterprise ecosystems, including Azure and Office 365, according to Rob May, founder and executive chairman of Ramsac Ltd., which provides managed IT solutions and IT support, as well as specialist cloud and cyber security projects, to organizations in the United Kingdom.

“That existing connection makes it easier for organizations to adopt Copilot for Security without disrupting any current workflow,” May said. “What sets Microsoft apart is not just its advanced technology, but its strong presence in the enterprise sector.”

May spoke with Shelly Kramer, managing director and principal analyst at theCUBE Research, and research analyst Jo Peterson in a recent SecurityANGLE podcast interview. They discussed the features and benefits of Microsoft Copilot for Security and its impact on the cybersecurity landscape.

Copilot for Security’s integration with existing tools seen as key

Microsoft’s AI solution is supported by its partnership with OpenAI LP. That gives Copilot for Security access to massive data sources and sophisticated machine learning models, according to May.

“Businesses that already use Microsoft’s products can really easily incorporate Copilot for Security, leading to faster adoption than the rivals like Zscaler and CrowdStrike, who almost certainly don’t have the same level of integration within most enterprises,” May said. “I think Microsoft’s success is a result of both how good the tech is, but also that strategic market positioning.”

As a standalone application, Copilot for Security can draw data from multiple sources — it’s not just limited to Microsoft’s ecosystem. There’s a versatility that comes with that, May pointed out.

“[That] allows businesses to integrate various security feeds, enhancing threat detection response capabilities,” he said. “Users, therefore, benefit from a consolidated view of security insights, the so-called single pane of glass, making it easier to manage diverse environments.”

As an embedded application within other Microsoft security services, including Microsoft Defender and Microsoft Sentinel, Copilot for Security provides seamless integration, but also a unified interface. That’s where the leveraging of existing Microsoft infrastructure comes into play.

“Users can interact with Copilot for Security directly within familiar tools, facilitating quick access to insights and security recommendations,” May said. “This is the key thing for security professionals, without needing to switch environments.”

Guided security actions, deeper integrations expected

One thing to note about Copilot for Security is that it won’t take action on its own. It won’t, for instance, delete suspicious files, Kramer noted.

“It will suggest and guide and explain to folks using the platform, suggested actions. And it’s also prompt-based,” Kramer said. “When I see that, I feel like there’s also a need here for users to up their query game, because that’s not always an intuitive thing.”

Over the course of the next year, analysts will be watching to see how Copilot for Security integrates and how the overall ecosystem for the product unfolds. It’s likely to see deeper integrations within the Microsoft ecosystem and within third-party security tools, according to May. 

“It will be integral within Sentinel and Defender and Azure Security Center and so on. That will all provide a better user experience and streamline security operations,” he said. “I think partnerships with other cybersecurity platforms, too, could expand its data sources. Enhancing that threat intelligence and detection capabilities. It’ll be interesting to see what joint ventures and partnerships happen there.”

Significant advancements in both its AI and its automation features can also be expected, according to May. It is likely to offer improved threat analysis, real-time incident response and suggested actions, as well as automated remediation.

“Those enhancements will further reduce that manual workload … on security teams, allowing them to focus more on the strategic tasks and addressing the human in the loop needs of cyber response,” May said. “I think the overall ecosystem will expand and that could include new APIs for easier integration with other tools and platforms, and that will promote a more collaborative and comprehensive cybersecurity environment.” 

Here’s theCUBE’s complete SecurityANGLE conversation:

Image: JanBaby / Canva

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy