ChatGPT and cybersecurity – Microsoft Copilot for Security in practice

Cyber security Csaba Krasznay todayFebruary 7, 2024 99

share close


ChatGPT is now not only used by cybersecurity students in universities to solve exams, but also by incident managers in Microsoft security solutions.

Although artificial intelligence is not a new invention and it is well known that scientists and developers have been working on it for decades, the advent of ChatGPT has certainly taken the world to the next level, as the technology has become available to everyone. While we know that ChatGPT and similar Large Language Models (LLMs) are not even considered the forerunner of “real” artificial intelligence, they are a groundbreaking technology that can transform many jobs. For example, cyber security. It is not surprising, therefore, that the security community has been looking for more than a year for use cases where this LLM solution could be of real use.

As usual, cybercriminals were of course the first to start using ChatGPT on a daily basis. As we have written before, natural language questions, for example, can be used to write excellent phishing emails in all the world’s languages, or to create previously unknown exploits by attackers who don’t necessarily know the depths of programming. Over time, however, more and more cybersecurity vendors have started to advertise their products as being powered by artificial intelligence. One of these pioneers is Microsoft, which is a major investor in OpenAI, the company behind ChatGPT, and is playing a prominent role in the use of LLM in security. The Microsoft Copilot for Security, announced in March 2023 and available only to selected partners for the time being, demonstrates the benefits of this technology.

The Microsoft Copilot for Security use cases page describes two important aspects that justify the use of LLM in everyday cybersecurity operations. One is time and the other is expertise. Let’s start with the first one! Preparing for an attack typically takes weeks, even months, but exploiting a 0-day vulnerability allows an attacker to act much faster. The damage itself can be done in minutes or hours. So it does matter how soon the attack can be detected! The sooner a suspicious signal is analysed by the defence system, the less impact the attack will have. To reduce this time, LLM can be of great help, providing the analyst investigating the incident with data in seconds to natural language questions that could otherwise take hours to collect.

The second aspect relates to cybersecurity skills and manpower shortages. It is a truism that there is a global shortage of millions of people in the cybersecurity field. While LLM will not solve the problem of having more experts in, for example, security operations centres, it will be of great help to those who work in these places but do not necessarily have deep experience. Indeed, one of the strengths of Copilot for Security is that it provides a comprehensive explanation of the indicators that the analyst sees on the screen. In a way, it is a good substitute for senior colleagues, as it provides a context for juniors to understand the details that is relevant for incident management.

Security operations, device management, identity management, data protection and compliance, cloud security. Just a few examples of how Microsoft is currently positioning Copilot for Security. But the list can be extended to many other areas. To this end, Microsoft has opened the Partner Private Preview program, inviting partners who are deepest users of Microsoft security technologies. Among them, White Hat IT Security is the only one from the Central-, East-, South-European and the Middle-East region so far. The aim of the programme is to expand the use cases and identify new use cases where LLM can help incident management teams. This technology is like a Swiss army knife. There are obvious applications, but in the course of day-to-day work, many new problems can emerge where the use of language models can save time, money, expertise, in short, resources. One thing is for sure, AI is a paradigm changer in all aspects of incident management. Those who fall behind are likely to be more vulnerable in cyberspace than those who understand and use AI well.

Written by: Csaba Krasznay

Rate it
Previous post

Similar posts