Thoughts on Copilot for Security’s Early Days
April 1, 2024, seen the release of Microsoft Copilot for Security to general availability (GA). It is a generative AI solution integrating with Defender XDR, Entra, Purview, and Intune. Just over a month later, it’s time to write down some thoughts.
In cybersecurity, we face the challenge of scarce resources — time, finances, attention, will — to identify, protect, and respond to threats and vulnerabilities.
There’s an old joke. One economist asks another, “How’s your wife?”. The other economist replies, “Compared to what?”
To properly answer the question “How’s Copilot for Security?”, we need to think similarly: “How’s Copilot for Security compared to the alternatives that consume the similar resources to achieve similar ends?”
Then, a first run through my experience of using Copilot for Security so you can see how it performs against tasks you may attempt. My area of focus mostly pre-incident security: architecture, gap analysis, etc. Copilot for Security is marketed as solution for “end-to-end scenarios such as incident response, threat hunting, intelligence gathering, and posture management” [ref], so this use case is in scope, albeit not one that occupies most of the material I’ve seen online.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25544672/Jones_drives_the_solar_car_across_the_finish_line_at_the_Portofino_Hotel.jpg)
