Microsoft creates AI-driven Security Copilot service for enterprise information security needs

After previously applying its AI technology Copilot to GitHub, Dynamics 365, and Microsoft 365 services, Microsoft recently announced the launch of a new security service called Security Copilot, which will be provided in preview form and will apply AI technology to the field of cybersecurity.

By means of natural language dialogue, Microsoft claims that it can quickly detect malicious threats through AI technology and take relevant response actions, enabling enterprise security personnel to improve their threat-blocking work efficiency and execution speed, thereby enhancing the cybersecurity resilience of enterprise organizations.

Security Copilot’s design philosophy is based on seamless collaboration with security teams, enabling security personnel to immediately view events occurring in the enterprise operating environment and learn from existing intelligence to identify the correlation of threat activities, and thus make the best and most efficient cybersecurity decisions more quickly.

According to Microsoft, with 1,287 password attacks per second, enterprises are still not able to stop external attacks through scattered security tools and infrastructure. Meanwhile, in the context of a 67% increase in network attacks over the past five years, enterprises unable to hire enough cybersecurity risk professionals to keep up with the pace of attack increases will lead to companies being forced to run around in a frenzy to judge carefully disguised attacks in a vast and expanding network traffic and signal.

Security Copilot will simplify the complexity of analysis and strengthen the ability of the security team to understand the security noise of network traffic and identify malicious activity through summarizing and analyzing threat intelligence. In addition, Security Copilot can also help security teams discover other missed malicious attacks and information, and prioritize the handling order of security incidents while recommending the best actions to take to quickly repair various threats.

Furthermore, Security Copilot will also continuously learn and improve, allowing security teams to gain the latest knowledge, strategies, techniques, and attack steps of attackers for more effective defense.

The underlying technology of Security Copilot comes from RiskIQ, an old San Francisco network security company previously acquired by Microsoft, as well as Miburo, a network threat analysis company, and is continuously integrated natively with Microsoft’s security products such as Sentinel and Defender to correspond to increasingly complex attack behaviors.

Currently, Microsoft Security is actively tracking over 50 ransomware criminal groups and over 250 country-level cybercrime organizations, receiving about 65 trillion threat signals every day. Moreover, Microsoft’s technology blocks over 25 billion attempts of password brute-force theft per second, with over 8,000 cybersecurity professionals analyzing more security signals, including using over 100 different data sources for analysis.