Industry Insights with Information Security Media Group

Microsoft Copilot for Security

7 Quick Wins to Boost Cyber Defenses with Microsoft Copilot

7 Quick Wins to Boost Cyber Defenses with Microsoft Copilot

Corporate and cybersecurity leaders are starting to realize AI can be a pivotal ally in the fight against rising cyber threats. To illustrate, Microsoft Copilot for Security is already helping to streamline and enhance security operations and empower teams with AI-driven insights and efficiencies.

See Also: An Executive's Guide to Operationalizing Generative AI

To compare how Copilot works in real-world threat scenarios, Microsoft conducted randomized, controlled testing to measure Copilot's impact on security operations. They tested security analysts using Defender XDR, with and without Copilot features. Analysts were randomly assigned to either have access to Copilot or not, and faced timed simulated tests of their responses to cyber threats, including ransomware and BEC attacks.

Below are 7 quick wins delivered by Copilot for Security – along with evidence from Microsoft research, and feedback from early adopters. The goal here is to bring to light tangible improvements you can expect, along with some detail on how those benefits are achieved, from those who’ve already embraced Microsoft’s AI-driven security capabilities.

Quick wins you can expect from Copilot for Security include:

  1. Speed up Incident Response and Reporting. In Microsoft’s testing, seasoned security analysts were 22% faster and 7% more accurate across all tasks when using Copilot for Security. Those same security professionals were also 19% faster at analyzing incident reports and 39% faster at summarizing an incident. Based on feedback collected so far, security analysts have been able to draft incident narratives 90% faster, freeing up valuable time for other critical tasks, such as threat-hunting. “Copilot for Security has a tremendous ability to summarize data and create narratives about threats in a polished, professional way,” said Brian Hooper, Principal Research Lead, Defender Experts. “Before Copilot, our analysts spent precious time capturing and consolidating attack data and running it through copywrite reviews before publishing. Now with Copilot for Security, we can reduce that time by 90%, allowing them to start their next case. This makes a material time savings for all of us,” Hooper added.
  2. Boost Task Efficiency. Initial testing of early-career security analysts demonstrated 44% more accurate responses. In practical terms, Copilot was tested by a range of junior to senior-level security analysts to gauge their speed and accuracy at everything from script analysis, to threat detection and incident response and reporting. Senior analysts using Copilot created incident summaries with 49% more incident facts. And 92% of security analysts reported that Copilot made them more productive. Copilot can help strategically optimize the resources you have, ensuring your organization’s efforts and investments are focused on areas with the highest risk or potential impact.
  3. Enhance Work Quality. Over 90% (93%) of security professionals reported Copilot helped improve the quality of their work. Those security analysts were also seven percent more accurate when using Copilot. This quality boost is linked to Copilot's ability to sift through 78 trillion threat signals daily, helping even the most seasoned security analysts make better-informed decisions. By storing and reusing customized security prompts and analyses, Copilot makes it easy to share knowledge among security team members, enhancing the overall effectiveness of your security operations center (SOC).
  4. Upskill Security Teams. Copilot enables junior analysts to quickly improve their skills by providing guided, step-by-step instructions and insights, effectively serving as a coaching tool. With its ability to provide real-time feedback and learning resources, Copilot supports continuous professional development, so analysts stay up-to-date on cyber threats and defense mechanisms. “One of the functions I use the most in Copilot for Security is its ability summarize CVEs [Common Vulnerabilities and Exposures] and other vulnerabilities,” said Phoebe Rogers, Security Analyst 2, Defender Experts. “It describes the vulnerability, the affected product versions, and can provide step-by-step instructions on how to remediate it. Copilot also provides its source so I can verify details if needed. Even better, Copilot can then tell me whether/where that vulnerability exists in my customers’ environments! Compiling this information used to take me 5-10 minutes, where Copilot takes less than a minute,” she explained.
  5. Streamline Continuity Tests. Embedding Copilot within Microsoft Defender enriches security operations with AI-driven insights and automated task completion. By simulating potential cyber threat scenarios, Copilot is also helping early adopters test response strategies and improve their preparedness. Early adopters are finding they can move from reactive to proactive -- even providing automatic attack disruption. High-confidence signals collected by XDR help identify in-progress attacks early so built-in automation can stop the progress of the attack in real time, isolate affected devices, and suspend compromised users. Global technology consulting and digital solutions company, LTIMindtree has found that it’s now able to safeguard against escalating attacks.
  6. Outwit Threat Actors. Security professionals can use Copilot to quickly parse through and summarize vast amounts of threat data, translating it into actionable threat intelligence. Examining scripts, for example, which attackers intentionally make confusing, is complex and often tackled only by highly skilled senior analysts. Using Copilot for script analysis, experienced analysts were 14 percent faster at analyzing scripts, and 12 percent more accurate at script analysis. This is at least partially because, with Copilot, security analysts can use natural language, rather than advanced coding skills to investigate threats. Analysts can quickly create and modify automated workflows using what are called promptbooks, which require no coding and use natural language to get tasks completed faster and more efficiently. Promptbooks may cover a wide range of tasks, from analyzing suspicious scripts to evaluating the impact of vulnerabilities, all the way to creating threat actor profiles. This helps strengthen team expertise, catch what others may miss, and saves hours of time in analysis. In fact, one of Microsoft’s customers reported that they can now complete a task that used to take hours, in just three minutes.
  7. Automate Required Operational and Reporting Tasks. Copilot helps maintain compliance with evolving cybersecurity regulations by automatically identifying gaps and recommending actions to address them. Using Copilot, security analysts can integrate personalized knowledge such as company policies into Copilot’s knowledge base for quick reference. Take for example, an organization’s data handling policy, which is a typical corporate policy that outlines what employees can and can’t do with their devices, and how information should be shared across the organization. Getting that policy into Copilot is easy. There’s not need to make changes or put the information into a structured data store. Instead, you upload the document to Copilot, and it readily works with the text provided to ensure those data handling policies are integrate for analysis and reporting. And Copilot now supports eight local languages in the model. This enables Microsoft customers in the U.S., for example, to share executive reports with their Japanese colleagues in their natural language, even if they don’t speak Japanese. In early tests, 83% of analysts reported that Copilot for Security reduced the effort required to complete tasks.

These quick wins illustrate the versatility of Microsoft Copilot for Security. And security analysts like it, too. In total, 97% of experienced professionals said they want to use Copilot to do the same task again in the future. Analysts said they felt more effective, more productive, and more in control using Copilot.

With immediate, measurable gains that can be customized to meet your most-pressing cybersecurity needs, organizations that embrace Copilot are improving security and positioning themselves to effectively tackle their toughest cybersecurity challenges, now and in the future.

To learn more about how Microsoft Copilot for Security can empower security teams and transform your cybersecurity posture for the better, reach out here, or visit here for more detailed information and testimonials.



About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 37 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing aitoday.io, you agree to our use of cookies.