Microsoft Defender XDR Gets New Copilot for Security Integration for Enhanced Threat Intelligence

Key Takeaways:

• Microsoft has introduced the Copilot for Security threat intelligence embedded experience in the Defender XDR portal.
• This new feature leverages AI to provide contextualized and summarized threat intelligence from MDTI and threat analytics.
• The tool helps organizations identify, prioritize, and respond to cybersecurity threats relevant to their specific attack surfaces.

Microsoft has announced the general availability of the Copilot for Security threat intelligence (TI) embedded experience in the Defender XDR portal. The new AI-powered tool is designed to contextualize and summarize intelligence from Microsoft Defender Threat Intelligence (MDTI) and threat analytics.

The new Microsoft Copilot for Security TI embedded experience enables customers to access and use threat intelligence through natural language commands. These prompts allow users to ask important questions about the data and content provided by Microsoft Defender Threat Intelligence (MDTI). The responses offer the latest information on indicators of compromise (IoCs), intelligence articles, intel profiles, and guidance.

“Defender XDR customers will see a handy AI-powered sidecar in the Threat Analytics, intel profiles, intel explorer, and intel projects tabs in the threat intelligence blade, which returns, contextualizes, and summarizes intelligence from across MDTI and Threat Analytics about threat actors, threat tooling, and indicators of compromise (IoCs) related to their vulnerabilities and security incidents,” Microsoft explained.

What are the key capabilities of the Copilot for Security TI Embedded Experience?

Microsoft has detailed several features of the Copilot for Security TI embedded experience in Defender XDR. Customers can utilize pre-populated and customizable prompts to generate a summary of the latest threat intelligence tailored to their organization. This includes Intel Profiles and Activity Snapshots detailing vulnerabilities, TTPs (tactics, techniques, and procedures), and other pertinent factors. This summary helps security teams stay informed about potential threats and proactively safeguard enterprise environments.

Additionally, the Copilot AI assistant helps organizations identify and prioritize cybersecurity threats relevant to their unique attack surface. This feature also facilitates detailed information gathering on indicators like IP addresses and domains.

Last but not least, Microsoft Copilot for Security utilizes MDTI and Threat Analytics data to create a prioritized list of vulnerabilities, considering specific industry contexts and other relevant factors. These insights make it easier for security teams to design a comprehensive defense strategy.

Overall, this new Copilot for Security threat intelligence embedded experience in Defender XDR is designed to help organizations stay ahead of sophisticated cybersecurity threats and safeguard their critical assets. Microsoft has released a “Copilot for Security Customer’s Guide to MDTI,” and you can find more details in Microsoft’s blog post.