AI has become a hot topic among cyber security professionals in 2023. This conversation has largely been driven by OpenAI’s ChatGPT, which has gained a lot of attention in the tech world for its broad capabilities. The platforms uses natural language processing and OpenAI models to respond to user queries and coding questions instantaneously and in plain English, which has several interesting and noteworthy applications for the world of cyber security (we’ll speak more on these later).
ChatGPT 3 was released in late 2022. Fast forward to late March 2023 and we’ve seen Microsoft announce details of how OpenAI models can enhance cyber security investigations and the launch of their own AI assistant: ‘Microsoft 365 Copilot’. The M365 Copilot service intends to support incident response, threat hunting and security reporting.
For a broader view of how AI and Microsoft Copilot will potentially be changing the future of cyber security, a number of security professionals from Bridewell have come together to share their thoughts in this blog.
What is Microsoft Security Copilot?
Microsoft Security Copilot is a recently launched Artificial Intelligence-based security product that combines an advanced large language model (LLM) with a security-specific model. This security-specific makes use of an increasing range of security-specific skills that leverages Microsoft’s unique global threat intelligence to provide an enterprise-grade security and privacy-compliant experience.
Running on Azure’s hyperscale infrastructure, Copilot integrates with end-to-end Microsoft Security products. Some of the applications for Copilot include incident response, threat detection and augmenting the capabilities of security teams.
It is also worth noting that within Copilot “…data is always your data and stays within your control. It is not used to train the foundation AI models, and in fact, it is protected by the most comprehensive enterprise compliance and security controls.”
Improved Incident Response Capabilities
“As a cloud security consultant, I'm thrilled to see the introduction of Microsoft Security Copilot. Integrating AI-driven threat detection and remediation will be a game-changer for organisations striving to maintain robust security postures. I'm particularly excited about the potential for improved incident response times and the ability to stay ahead of emerging threats. In addition, Microsoft's continued commitment to empowering defenders with cutting-edge tools demonstrates their dedication to ensuring a safer digital landscape.”
Overcoming the Cyber Skills Gap
"The new product from Microsoft, "Microsoft Security Copilot," has the potential to address the cybersecurity skills gap that exists. The cybersecurity industry is facing a shortage of skilled professionals, which is only expected to worsen in the coming years. According to a study by (ISC)², the global cybersecurity workforce needs to grow by 145% to meet the demand for skilled professionals. With the known skills gap, combined with budgetary constraints that face several organisations, this product has serious potential.
This new product is designed to assist security analysts in identifying, investigating, and responding to security incidents more efficiently. It leverages Microsoft's artificial intelligence and machine learning capabilities to automate common tasks, such as correlating data across different security solutions and prioritizing incidents based on their severity. This provides existing cybersecurity professionals with tools to improve their skills and knowledge, thereby augmenting their abilities to detect and respond to security incidents.
With a user-friendly interface and integrated SOC, the tool allows even non-experts to navigate through the security incident process. This is particularly important for organizations that lack a dedicated cybersecurity team or do not have the resources to hire additional staff. By providing a platform that enables existing cybersecurity professionals to improve their skills and knowledge, and ultimately mitigating the skills gap that exists in the industry.
Moreover, the integration of AI in the tool and its ability to analyse vast amounts of data and provide recommendations, the tool assists in decision-making processes, reducing the need for highly skilled professionals to manually analyse every security incident. This combination of human expertise and AI reduces the time required to detect and respond to security incidents, allowing organizations to become more efficient in their cybersecurity operations, even with a limited budget and resources."
In conclusion, "Microsoft Security Copilot" is an innovative solution that has the potential to reduce the cybersecurity skills gap by providing a platform for existing cybersecurity professionals to improve their skills and knowledge. By leveraging AI to assist in decision-making processes and reducing the time required to detect and respond to security incidents, the tool makes cybersecurity operations more efficient, ultimately leading to better protection against cyber threats whilst also improving the efficiency of their cybersecurity operations."
Augmenting Security Operations and Reducing Cyber Burnout
"The recent public release and introduction of large-scale neural language models developed by OpenAI and subsequent release of its chat service ChatGPT has placed powerful AI capabilities in the hands of everyone. If you are not already trialling and looking at ways to integrate these capabilities into your personal or business workflows, then you are going to miss out. Microsoft Security Co-pilot is an extension of this but provides a security focussed service that can act as a force multiplier for security teams and professionals. It is important to note that Microsoft Security Co-pilot is enterprise ready product with an appropriate security wrap which can alleviate some of the concerns organisations have when using more public services such as OpenAI’s chat bot.
On social there is some concern the technology will displace or replace the requirement for human workers, and subsequent FUD surrounding loss of jobs. Of course, disruptive technologies can remove manual activities, but they can also provide huge opportunities to shape new professions and roles within the workplace.
To me this technology really feels like augmentation of the human supported by a powerful personal assistant, which is needed in an industry that requires professionals to understand and consume an ever growing/changing breadth and depth of knowledge when compared to other professions. I can see AI technologies supporting the reduction of burnout, massively improving productivity, and remove single points of success/failure (every SOC/MSSP/team has them). It could also help address the reported talent shortage, allowing more junior roles to flourish and be more productive in their day-to-day work.
It is worth noting we still need experienced battle-hardened security professionals in the field, my experience with these technologies so far is that you need to know what to ask the AI and have a strong grasp of how to frame your prompts to return appropriate value. You also will not always get a working outcome, so knowledge is required to review what it has returned and to refactor your prompt or repurpose the outcome, so it is appropriate for your use case.
On a recent Lex Friedman podcast the OpenAI CEO Sam Altman likened these early models to the very first computers. If that is the case, just think where we might end up in 3-5 years' time!"