Trustwave Blog

Microsoft Copilot for Security Brings an AI Assist – Even to Your MDR Provider

Written by | Nov 4, 2024

Artificial intelligence has a significant role to play in cybersecurity, and Microsoft CoPilot for Security is a great example of its promise, with its ability to help even novice security professionals process threat data more quickly and accurately. However, it can also benefit seasoned security pros, including managed detection and response (MDR) service providers.

MDR providers always work with your in-house tools, including endpoint detection and response (EDR) and security information and event management systems (SIEM). Adding CoPilot for Security to your arsenal can give your MDR provider another valuable tool to help them more quickly and accurately assess and ultimately eradicate threats.

 

What Microsoft CoPilot Does

CoPilot for Security is different from (although related to) the more general-purpose series of Microsoft CoPilot or the Microsoft 365 Copilot AI assistant. Copilot for Security is a generative AI (GenAI) engine that integrates with other security tools and helps users with several security-related functions. They include incident summarization, impact analysis, reverse engineering of malware scripts, and guided response suggestions.

Consider the "Identity Summary" skill, which was recently added to Copilot for Security. As this Microsoft blog details, a prompt such as, "What can Defender tell me about John Doe over the past seven days?" will deliver a response detailing potential issues with the user. "Mismatch between the city and country settings" is one example, along with "the account is disabled, which may pose a security risk."

In coming up with its responses, Copilot for Security can include data from numerous Microsoft Security products, including Microsoft Defender XDR and Defender for Cloud, for example. It can also integrate with third-party (non-Microsoft) security tools like ServiceNow and Splunk. In each case, Copilot for Security examines all the output from such tools and quickly determines what's relevant to the prompt it's working from. (Indeed, crafting effective prompts is important to get helpful responses and keep costs down).

The tool brings benefits to seasoned security pros and novices alike, according to a Microsoft study. Security pros could conduct tasks up to 22% faster with Copilot for Security, while novices were 44% faster across all tasks. More than 93% of users studied wanted to use Copilot again, Microsoft found.

In practice, Copilot for Security could help your Tier 1 team with event triage and escalation and create incident reports. You could even use it as a training tool to test how your newer team members might respond to an alert compared to what Copilot for Security suggests.

 

Copilot for Security and MDR

It's clear from the Microsoft study that Copilot for Security also boosts productivity for seasoned security professionals, including professionals on your team or working with a security provider on your behalf.

As an MXDR and MDR provider, Trustwave is one of the first Microsoft AI Cloud Solutions Partners to offer to work natively with your Copilot for Security implementation to augment human analysts, accelerate investigations, and potentially decrease the time to remediate. Trustwave is a longstanding Microsoft Security partner with a series of offerings to help users make the most of their Microsoft Security investments. They include an MDR service, MXDR for Microsoft, for users of Microsoft Defender XDR and Microsoft Sentinel.

Trustwave has deep experience with the entire Microsoft Security product suite, and Copilot for Security is no exception. In addition to using it in conjunction with MXDR/MDR, our security team can help your company plan and implement Microsoft Copilot for Security to get the most out of your investment.

To learn more, talk to one of our experts about how AI and Copilot for Security can strengthen your cyber security posture.