Listen to this article

Cybersecurity experts use leading-edge technology to safeguard clients’ data and networks. But in a continuing game of cat and mouse, bad actors are constantly honing their own attack plans. Fortunately, a tool called Microsoft Security Copilot offers legitimate users a valuable tool to defend against threats.

Security Copilot is a generative AI program. It uses GPT-4, a large model that works with both images and text. This valuable program analyzes your company’s security. It also offers solutions for network defense. This helps you and your cybersecurity partner quickly find and fix problems.

As with any generative AI tool, the quality of the information you receive is only as good as the information you put into the system. To get the most from Security Copilot, you need to create effective prompts. These instructions or questions tell Copilot what tasks to perform, helping to improve its threat-response efficiency.

To design an effective prompt, like “Generate a security query to identify unusual login attempts from (a specific geographic location) within the last 24 hours,” a user should provide as much information as possible. As a general rule, the more information you include in the prompt, the better it will be. It is a good idea to be specific. Give clear details that help Copilot provide the answer you want.

When crafting a Copilot security prompt, consider these key points:

• Be specific. Clearly state what you want Copilot to analyze or investigate. You could include such relevant details as user accounts, IP addresses or specific suspicious activity.
• Use clear language. To ensure Copilot understands your request, keep away from ambiguity and jargon.
• Leverage context. If possible, provide background information about the situation, or recent security events. This will enrich the analysis process.
• Focus on actionable insights. Do not simply ask for identification of potential threats; instead, also ask for recommended actions to mitigate them.

It is also important to remember that Security Copilot is not a “set it and forget it” kind of tool. Instead, evaluate the answers you get and consider changing your approach If the answers do not solve your challenge.

Copilot gives you the option to provide feedback. If you tell the program whether the answer meets your needs, needs improvement or is not right, you will get better replies. The program will keep learning as you feed it more information.

Security Copilot also accepts plugins that can extend and integrate services. Plugins provide more context from event logs, alerts, incidents and policies. This includes information from Microsoft security products and supported third-party solutions.

More Tech Intelligence

• Directly confronting cyber threats may be exciting, but eliminating them is better for business
• The end – why your email signature matters
• How AI-backed dark web tools can keep your business safe

Security Copilot can also access threat intelligence and reliable content through plugins. These plugins can search Microsoft Defender Threat Intelligence articles, intel profiles and Microsoft Defender XDR threat analytics reports. They also look at vulnerability disclosure publications and more.

Copilot also gives you the ability to customize plugins, so you get the exact experience you want. You can turn certain plugins on and off as needed, and you can specify data sources the plugins should use to search for information.

To improve security, Copilot lets you set permissions on plugins. Doing so helps limit which users can manage or add plugins. For example, your permission settings might let tech administrators change and create plugins by default. Other people will only get these permissions when needed.

Further, in the current regulatory environment, it is important for your organization to monitor and analyze how users interact with security products. You may need to track actions, transactions and settings on a platform. This helps ensure you follow regulations and standards.

Security Copilot can help with compliance audits by providing access to audit logs. This helps you meet compliance and regulatory requirements, since audit logs give you insight into admin events and activity details. It can also suggest ways to help meet regulators’ expectations.

Microsoft Copilot can help you to operate more efficiently, while keeping your organization’s data safe, and helping you to remain on the right side of regulators. Organizations that work closely with their cybersecurity partner will get the most out of this valuable tool.

Carl Mazzanti is president of eMazzanti Technologies in Hoboken, providing IT consulting and cybersecurity services for businesses ranging from home offices to multinational corporations.