Microsoft has answered this question with what solution providers can do with ChatGPT: incorporate it into a tool for security analysts.
The tool is called an AI assistant Microsoft Safety Co-Pilot, A service to quickly detect and respond to threats and help analysts better understand the overall threat landscape.
Now in private preview, Security Co-Pilot will combine ChatGPT4’s search and natural language response capabilities with Microsoft’s Threat Intelligence capabilities.
If a company receives an endpoint alert from Microsoft Defender, a threat analyst can ask Security Copilot to assemble a story on the compromise, including a graphic of the attack chain that can be shared with others on the security team. May go. It can reverse-engineer the attack script or tell the analyst how many email messages are linked to the attack.
This Microsoft video shows better how it works:
Microsoft said Security Co-Pilot will continually learn and improve to help ensure that security teams are working with the latest knowledge of attackers, their tactics, techniques and procedures.
The company acknowledged that the safety co-pilot can’t always get everything right. In fact, the query responses say that the content should be verified before sharing. But, Microsoft said, Safety Co-Pilot is a closed-loop learning system that continuously learns from users’ feedback.
The company stressed that each organization’s implementation of Copilot would only use its own corporate data. Security data will not be shared between customers to help them learn the platform.
At the moment, it only integrates with Microsoft products such as Defender, Antra, Intune, Priva and Purview. But the company promises that it will integrate with products from other companies, many of which will be Microsoft partners.
Microsoft stresses that Security Co-Pilot can help inexperienced members of security teams better fight attacks.
The company did not say when the safety co-pilot would be generally released, nor how much it would cost.
“The odds are stacked against cyber security professionals today. Too often, they fight an asymmetric battle against relentless and sophisticated attackers,” said Vasu Jakkal, corporate vice president, Microsoft Security. “With Security CoPilot, we are shifting the balance of power in our favor. Security CoPilot is the first and only Generative AI security product that enables defenders to advance at the speed and scale of AI.
In a comment, Eli Mellon, senior analyst at Forrester Research, said Security Copilot is set to become the connective tissue for all Microsoft security products and, importantly, will integrate with third-party products as well. There is a hard and fast need for an adjunct that can deliver comprehensive and consistent value, he added.
“This is the first time a product is outfitted with AI to deliver true improvements in detection and response,” she said. “With this announcement, we leave behind an era where AI was relegated to detection, and enter one where AI has the potential to improve one of the most critical issues in security operations: Analyst Experience (AX).”