XDR, Threat Management, MSSP, Email security, Generative AI

Microsoft Embeds Security Copilot in 365 Defender XDR

Credit: Adobe Stock Images

Microsoft intends to shake up the eXtended detection and response (XDR) marketplace with the release of a new Security Copilot experience embedded in the Microsoft 365 Defender XDR platform.

Organizations that work with MSSPs and are part of Microsoft’s Early Access Program will be able to extend access to their Security Copilot environment, allowing MSSPs to participate with them using Security Copilot (Bring Your Own—MSSP).

Stellar Cyber, an Open XDR specialist, offers Copilot through its marketplace, according to Steve Garrison, senior vice president of marketing. He regards the Copilot release as “a trend for vendors to build communities and ecosystems” and believes it’s preferable that companies work together even though they compete now and then.

Microsoft said its new version 365 Defender helps “guide analysts directly with actionable recommendations from within a single unified experience.” Moreover, Microsoft Defender Threat Intelligence is now included at no cost with Security Copilot.

Defender Threat Intelligence enables customers to directly access, operate, and integrate Microsoft’s threat intelligence to provide security teams with a greater depth of insight, Microsoft said in a blog post.

Harnessing the Power of Gen AI

Microsoft’s blog explained that "the era of AI brings unprecedented opportunities for us, and at the same time we are also facing an unprecedented surge in cyberthreats, coupled with a global shortage of security experts." As such, “a paradigm shift is required in the security industry’s approach to this challenge,” and key to this effort is harnessing the power of generative AI.

“Generative AI is transformative for security, and generative AI combined with Microsoft threat intelligence and our security-specific models will enable us to tip the scales in favor of security teams,” Microsoft said.

Microsoft brought Security Copilot to market in March 2023 — calling it “the first generative AI security product to help protect organizations at machine speed and scale.” Microsoft described Security Copilot as an AI assistant for security teams that is built on the most recent large language models. Microsoft said that Security Copilot is helping its preview customers save up to 40% of their time on core security operations tasks.

A Closer Look at the Copilot/Defender Experience

The combination of 365 Defender and Security Copilot is intended help analysts focus on what matters most to protect faster, Microsoft said. The new embedded experience opens up scenarios directly from within Microsoft 365 Defender, including:

  • Incident summaries with a single click
  • Guided response to incidents at machine speed
  • Natural language queries to simplify hunting
  • Real-time malware analysis
  • Threat intelligence whereby users can inquire in natural language about emerging cyber threats, cyberattack techniques, and whether an organization is impacted by or exposed to a specific threat
Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.