Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Microsoft Copilot for Security – Proper Configuration is the Key

Microsoft Copilot for Security is a powerful new artificial intelligence tool that can help companies home in on credible cybersecurity threats amid an onslaught of noise. However, significant expertise is required to configure and operate it properly and avoid unnecessary costs.

These are a few key takeaways from the webinar, "Getting Started with Microsoft Copilot for Security", presented by Dan Gravelle, Director of Global Solutions Architecture at Trustwave. In a little more than half an hour, Gravelle outlined the significant promise of Microsoft Copilot for Security, along with some practical advice on how to best deal with the usage-based pricing model.

Part of that equation may well mean getting professional help from a Microsoft security partner that has relevant expertise and offerings, such as the Trustwave Accelerator for Microsoft Copilot for Security, which provides a roadmap to follow for successful implementation and ongoing operation.

 

What is Microsoft Copilot for Security

AI is now mainstream in cybersecurity, Gravelle said, and with good reason.

"When used correctly, AI systems can be trained to enable automatic cyber threat detection, to generate alerts, and identify new strands of malware," Gravelle said. "With the help of AI we'll finally be able to discover and mitigate the thousands of cyber events that cause alert fatigue."

Any AI system is only as good as the data that feeds into it, and that's an area where Microsoft has an edge. "Microsoft has a vast array of data sources including Microsoft 365, Azure, Bing, Xbox, Outlook mail, and more," he said. "They add value through 65+ million daily signals."

All of these data sources integrate with Copilot for Security (which, by the way, is different from the more general-purpose AI engine Microsoft Copilot). So does the suite of Microsoft Security products that come with its E5 license, including Defender XDR, the Sentinel cloud-based security information and event management (SIEM) system, Entra ID, and third-party products like ServiceNow and Splunk.

 

Copilot for Security's Six-Step Process

In the webinar, Gravelle walked through how Copilot for Security follows a six-step process that would clearly take a hefty chunk of time to walk through manually. It involves crafting a prompt that can come directly from a user or an integrated system such as Defender XDR or Sentinel.

Then there's pre-processing, involving various data sources and an AI large language model (LLM). Next is post-processing the feedback from the LLM, which includes gathering data from relevant plug-ins for additional context and, finally, returning a response.

"By taking all of these steps, Copilot for Security is trying to orchestrate what would normally be a pretty clunky and disjointed manual [process]," Gravelle said. It also makes many decisions, informed by far more data than any human could process in the same amount of time.

 

Pricing Model Lends Importance to Proper Configuration

However, users will have to be mindful of their usage. Copilot for Security is priced using a provisioned capacity model based on hourly usage, or what Microsoft calls Security Compute Units (SCUs).

If you run up against your SCU limit, even in the middle of an investigation, you may find queries throttled. "You just have to wait till the next hour, and then you'll get reset in how much you can use," Gravelle said. "It's important to understand that."

The way users set up prompts has a lot to do with how quickly they will burn through SCUs, he noted, which gets to the importance of proper configuration and operation of Copilot for Security.

Trustwave can help in that regard. The Trustwave Accelerator for Microsoft Copilot for Security gives clients access to a team of Trustwave consultants with deep subject matter expertise in the whole suite of Microsoft Security products. In fact, Trustwave was one of the first Microsoft-certified Managed Security Service Providers (MSSPs) and holds a bevy of Microsoft credentials, including as a Verified MXDR Partner and Copilot for Security Partner.

This team can help assess your environment, as well as plan and analyze core security operations such as detection, triage, and response promptbooks – which are key to keeping usage under control. We can also help optimize the interoperability of Copilot for Security with other Microsoft Security products, identify potential use cases, and generally help increase the return on your Microsoft investment.

To learn more, check out the webinar "Getting Started with Microsoft Copilot for Security". While you're at it, check out the rest of the Trustwave webinar series, "Unlocking the Power of Microsoft Security".

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo