Teaming with Microsoft Copilot for Security

Today is an exciting day for cybersecurity: the general availability of Microsoft Copilot for Security marks a major milestone for bringing GenAI into security operations workflows. As a member of the Microsoft Copilot for Security Design Advisory Council, we’ve seen the transformational technology up close for several quarters, and we provided our detection and response expertise to actively shape the technology’s development and trajectory. Our years of security operations experience and use of GenAI in our own SOC give us a unique vantage point on how Copilot for Security will positively impact defenders. I’ve been looking forward to sharing Red Canary’s perspective on both the power of this technology and how organizations can leverage it to its full potential.

“We designed Copilot for Security to augment human security competence. When partners like Red Canary leverage Copilot for Security, joint customers will see streamlined security operations made possible by the seamless integration of our product and our partners’ security expertise.”

—Brandon Dixon, Group Product Manager, Microsoft Copilot for Security

Copilots need pilots to succeed

The name “Copilot for Security” reinforces a critical point from the outset: the product alone is not a turnkey solution. This is because threat detection, investigation, and response are complex skills that demand more than pattern recognition; they require human creativity, intuition, and decision-making to be done successfully. Industry experts think this as well. Forrester Principal Analyst Allie Mellen writes that the Autonomous SOC is a Pipe Dream and draws the critical distinction between automating SOC processes and entrusting your entire security operations program to automation. Copilot for Security relies on human expertise—a strong pilot—at the helm to achieve its maximum impact.

Copilot for Security makes third-party expertise easily accessible

A key benefit of Copilot for Security is its ability to swiftly aggregate insights from diverse data sources. While consolidating information from Microsoft products is a clear use case, we believe that plugins will amplify the benefit by seamlessly incorporating third-party expertise into the user experience. To that end, we’re building a Red Canary plugin that integrates our insights into the Copilot for Security interface.

Let’s consider a scenario: one of your analysts receives an alert regarding a high-severity incident in Microsoft Sentinel. With our plugin, your analyst can leverage Copilot for Security to access Red Canary’s expertise directly. She can request information such as the most recent Red Canary-detected threats involving the affected host and identity, a summary of any suspicious PowerShell activity that Red Canary associated with the threat, and all Red Canary analyst comments and recommended response actions related to the suspicious activity. Our plugin enables joint customers to respond to threats faster and more effectively by bringing this information into Copilot for Security.

Leveraging our customers’ Copilot for Security makes the future even brighter

Our close work with Microsoft gives us visibility into exciting developments on the horizon. Soon Red Canary will be able to utilize our customers’ Copilot for Security instances in much the same way as we do now with all their Microsoft Defender security products. This is a game-changer. Imagine a future where Red Canary leverages Copilot for Security’s broad visibility into customer environments during our threat investigations, asking Copilot questions at machine speed. That level of interoperability between Copilot for Security and our platform will unlock significant time savings during the detection and response lifecycle, further reducing customers’ mean-time-to-response (MTTR) to threats. Copilot for Security offers endless possibilities for streamlining security operations workflows, and we believe API access is instrumental to achieving that bright future.

Embrace Copilot for Security now to enhance your security

We encourage organizations to embrace GenAI and evaluate how Copilot for Security could improve their security program. Red Canary is leaning into GenAI not only through Copilot for Security, but also by developing our own GenAI applications using Azure OpenAI models. The results have been fantastic—GenAI improves security analyst efficiency while also improving analyst job satisfaction by automating tedious tasks. Joint Red Canary and Microsoft Copilot for Security customers will benefit from GenAI in multiple ways. On the backend, GenAI helps Red Canary’s experts detect and respond to threats more effectively. On the front end, Copilot for Security surfaces Red Canary’s insights to joint customers precisely when our insights are needed most.

Keep an eye out for a blog post focused on our plugin in the near future. To see how Red Canary uses GenAI to more efficiently stop threats, check out this blog from our GenAI lead and watch our webinar on bringing GenAI into your security operations.