The accelerated popularization of artificial intelligence is gradually showing the "two sides" of science and technology acting on human society: it can become a driving force for innovation, and it may also become a tool of destruction in the hands of criminals.
Telecom scams woven from synthetic videos, online rumors spread with fake photos, phishing emails that are increasingly difficult to distinguish between authenticity, and malicious code generation tools that can learn and evolve – smart technologies are making digital crimes less barrier-to-entry and cost, while digital attacks are becoming more sophisticated, faster, and larger.
According to Microsoft's security data, there will be 30 billion password attacks per month on global users in 2023, ten times more than in 2022, and the shortage of more than 4 million cybersecurity professionals around the world also poses challenges for enterprises to build a modern security system - with the advent of the AI era, the balance of information security offensive and defensive warfare seems to be tilting to the side of attackers.
The magic is one foot high, the road is one foot high, and AI technology is used to prevent intelligent attacks
Compared with traditional attack methods, emerging digital crimes are showing the characteristics of intelligence, automation, and scale, as a defensive side, not only need to "see the moves" to strengthen protection and reduce losses by monitoring risks, warning threats, analyzing and responding, and making up for vulnerabilities, but more importantly, we must consider how to achieve faster and more efficient security operations at a lower cost, and truly establish a persistent long-term response mechanism.
Ensuring information security itself is a large-scale and wide-ranging system project, which not only involves many aspects such as network, terminal, service, identity management, webmail, and compliance governance, but also is nested with business and environmental factors such as business processes, development and operation and maintenance, and on-premise and multi-cloud deployment. For this reason, many enterprises have adopted security products provided by dozens or even hundreds of vendors, forming an extremely large and complex security product stack, but even so, can it really eliminate the blind spots of security defense and form an efficient security operation system?
The answer is clearly no. The modern security operation concept is no longer a pile of many security capabilities, but more emphasis on comprehensive, intelligent, and automated capabilities. In order to ensure the efficient operation of the information security system, Microsoft continues to promote the automation and intelligence of security management with the innovative application of AI technology, and accelerate the continuous optimization of business processes.
According to the survey report, through the implementation of one-stop management of cross-cloud and cross-environment security posture and resources, automatic monitoring and investigation of potential threats and suspicious activities, and unified and strict control of all identity authentication links, the evolving Microsoft security services such as Microsoft Defender, Microsoft Sentinel, and Microsoft Pureview have successfully reduced the threat response time of information security systems by 88% to reduce the risk of data breaches by more than 60%. Among them, Microsoft 365 Defender with integrated XDR intelligent protection technology can provide comprehensive security policy management and real-time protection for users across different endpoints and multiple work environments, which alone can bring more than 10 million dollars of productivity value to enterprises and achieve a return on investment of up to 241%.
Microsoft Copilot for Security:以自然语言对话,引领信息安全变革
In order to further empower enterprise information security teams, Microsoft announced for the first time in March 2023 the "intelligent co-pilot" for security field, which pioneered the combination of large language model drive and security-specific models, supplemented by industry-leading threat intelligence and expert experience, and introduced into the security field, hoping to integrate the assistance of generative artificial intelligence on the basis of the existing end-to-end security protection system, with "end-to-end cloud-native security capabilities + generative AI." Jointly lead the transformation of modern information security.
On April 1 this year, the fully integrated and upgraded Microsoft Copilot for Security (international version) was officially commercialized for the global market. As the world's first generative intelligence solution focused on information security, Microsoft Copilotfor Security processes more than 78 trillion hyperscale security signals every day, combining large language models with security-specific models to provide deep security insights and guide next steps.
Microsoft Copilot for Security seamlessly integrates with six product families of Microsoft information security services, including Microsoft Defender for threat protection and cloud security, Microsoft Sentinel, Microsoft Pureview, Microsoft for data security, compliance and privacy Privia, and Microsoft Entra, Microsoft Intune, which focus on identity access and endpoint management. Its services are not only available for all Microsoft platforms such as Azure, Windows, and Microsoft 365, but also can be extended to third-party platforms and applications, and support hybrid cloud and multi-cloud environments, cross-device and operating system deployment, and are compatible with mainstream security products and customer-developed systems in the industry. After commercial use, Copilot for Security is committed to embedding conversational intelligence into every aspect of the end-to-end security ecosystem.
Microsoft Copilot for Security(国际版)支持全面的端到端安全框架
Like all Microsoft "intelligent co-pilots", Microsoft Copilot for Security is based on natural language dialogue, provides a Chinese interface and fully supports dialogue operations with Chinese as a prompt word. The large language model behind it is trained and optimized for security operations, helping information security and IT professionals sharpen their skills to collaborate more effectively, gain a more complete understanding of security posture, and respond faster.
Microsoft Copilot for Security provides two different operational experiences, "immersive" and "embedded." Users can invoke and query information across products and services in a stand-alone Copilot for Security interface, bringing all cases together and giving security teams contextual information at a glance for efficient incident investigation, response, and remediation. At the same time, Copilot for Security's conversational interface has been embedded into the management interfaces of different security products, so that security teams can get "intelligent co-pilot" assistance through natural language conversations at any time in a familiar interface.
Microsoft Copilot for Security (international version) provides an "immersive" and "embedded" experience in the form of a standalone interface
To make it easier for users to get started quickly, Microsoft Copilot for Security (international version) also adds a series of user-friendly features in the commercial version, including: custom promptbooks that allow customers to create and save their own series of natural language instructions for daily security work, and knowledge base integration (preview) to help users use Microsoft Copilot for Security (international) integrates with business logic and executes according to its own step-by-step guidance; connects from Defender EASM to a custom external attack surface to identify and analyze up-to-date information about the risks of your organization's external attack surface; Microsoft Entra audit logs and diagnostic logs, which provide recommendations for security investigations or IT issue analysis involving audit logs related to a specific user or event, summarized in natural language, and usage reports, which provide recommendations on how teams are using Copilot through dashboards, helping teams identify more optimization opportunities.
Whether you're a novice or an expert, you can significantly improve the efficiency and accuracy of your security analysis
From the initial release to the official commercial use, Microsoft Copilot for Security (international version) has conducted extensive and comprehensive long-term testing with security experts, test customers, partners, developers and other members of the Microsoft security ecosystem for more than a year. In November 2023 and January 2024, two randomized controlled trials were conducted on novice and senior security analysts, respectively, and the results showed that:
· With the help of Microsoft Copilot for Security, senior security analysts are 22% more productive and they are 7% more accurate in completing all tasks;
· Microsoft Copilot for Security is even more effective for novice security analysts, helping them increase their productivity by 26% while completing tasks with a 35% increase in accuracy;
· 97% of testers said they hope to continue using Microsoft Copilot for Security in their future work.
新手和资深安全分析师都能从Microsoft Copilot for Security(国际版)得到帮助
Microsoft Copilot for Security (International) has proven to provide significant improvements in responsiveness and accuracy for both novice and experienced experts when tackling security challenges. This will help security team members break down the technical barriers between entry and advancement, help improve the work experience for everyone, and further enhance the safety and security capabilities of the entire team.
To give all information security professionals the opportunity to benefit from Microsoft Copilot for Security (International), the service uses a flexible, pay-as-you-go licensing model that allows enterprise customers to quickly enable Microsoft Copilot for Security (International) and control usage and costs based on their needs and budget.
(8689988)