Surprising ways Microsoft Copilot for Security helps infosec

As the IT community clamors for ways to bolster their security posture and operations, Microsoft Copilot for Security is finally available to the masses, creating an opportunity to use generative AI to immediately drive security program improvements.

I recently joined Microsoft in New York for a pre-announcement briefing and demo lead by Microsoft's Vasu Jakkal, corporate vice president of Microsoft Security, along with Brandon Dixon, product lead for Copilot. While I was impressed by what I saw and heard from Jakkal, I also spoke with three security leaders who have utilized Copilot within their security operations teams over the past four months. It was here that I gained my most valuable insights into where and how GenAI will help security leaders transform aspects of their security programs in ways that go beyond what has been written in the recent Microsoft announcements.

While early use cases for Copilot are focused on improving security operations and threat protection, the path to value goes beyond the automation of time-intensive, tedious tasks -- although Copilot is delivering significant value here. Before I explain further, let me level set by saying that when we unpack all the challenges associated with implementing effective security programs, the conversations are overwhelmingly focused on topics associated with the scale and complexity of security systems and processes.

Many of these challenges are, of course, driven by the scale and complexity of modern IT infrastructure. Things such as lack of visibility, siloed data and processes, too many alerts, threat prioritization, too much noise, tools and vendor management complexity, complexity of operationalizing threat intelligence and cybersecurity skill shortages are all constants in the conversation.

Consequently, automation projects are highly prioritized investments in the coming months, focused on offloading many of these tasks so analysts can focus more on understanding and making decisions that lead to faster threat containment and the remediation of security gaps that enable threat progression.

Research from TechTarget's Enterprise Strategy Group revealed that many IT professionals are optimistic that GenAI solutions will positively contribute to automation objectives. With Microsoft Copilot for Security now generally available, security teams should begin to see results.

This was further validated for me as I spoke with the three security leaders who already work with Copilot, with their initial focus on leveraging Copilot for automation use cases, including data enrichment, automation of repetitive investigation tasks, incident reporting and summarization and more.

As my conversations drilled into how and where Copilot adds value, unsurprisingly, we learned that Copilot is helping junior security analysts be more productive. But equally, and maybe more importantly, Copilot enables them to learn security skills faster. And -- here's the big aha surprise value moment for me -- as security leaders bring in junior talent, Copilot helps leaders identify which junior security analysts have the aptitude to grok the complexity of their operating infrastructure, the security investigation process, and those most apt to learn and progress fastest in the development of their security skills.

Jakkal made two very bold statements when she introduced Copilot. First, "Copilot will make cybersecurity more approachable to more people." And second, "[Microsoft Copilot] is a brand-new way of doing security."

From what I saw, and from the conversations I had with security leaders who have hands-on experience using Copilot, I think she is absolutely right. Jakkal went on to say that "[Copilot] should help attract talent to security, making security more approachable to more people." That could help relieve some of the cybersecurity skills talent shortages.

I couldn't be more excited about the future of security and the impact that generative AI will make on the progression of security programs. Copilot is the first of many powerful offerings that should help every security leader accelerate their program development and strengthen security posture.

Dave Gruber is a principal analyst covering ransomware, SecOps and services for Enterprise Strategy Group, a division of TechTarget.

Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.