This is how the channel plans to sell Microsoft Copilot for Security
CRN speaks to channel leaders in the cybersecurity market about the benefits and value-creation strategies for Microsoft Copilot for Security
As Microsoft plans to release Copilot for Security on 1 April 2024, channel partners are looking at the new technology as a chance to deepen cyber security expertise, offering end-to-end visibility and coordinated defence across multiple endpoints.
Speaking to four partners in the UK, CRN finds out the potential benefits and adoption of Microsoft's Copilot for Security, such as its ability to enhance efficiency, address the skills shortage, and facilitate cost-effective deployment, particularly for managed security service providers (MSSPs).
In the last few months, Microsoft has been developing and analysing how Copilot for Security can benefit the industry.
The vendor says an economic study found security professionals using Copilot were 22 per cent faster and 7 per cent more accurate across tasks. And notably, 97 per cent wanted to continue using Copilot.
Combining this with a prior study on new professionals, Microsoft says the results demonstrate Copilot's productivity gains span all experience levels.
Copilot is aimed at enhancing security operations by catching threats faster, strengthening team expertise, and enabling "security for all" through AI-powered acceleration.
The release of Copilot for Security is set to have a major impact on the way the channel delivers cybersecurity solutions.
Anna Barkvall, director of strategic programmes and global portfolio management at Orange Cyberdefense tells CRN the reseller plans to incorporate the technology into its offering to help speed up its work and the onboarding of new analysts.
"Looking at the security market there is a huge lack of resources, and it can be tricky to find and train staff.
"With Copilot, junior analysts will learn faster and be able to work with more advanced analytics in a shorter space of time."
She argues that ultimately, humans in analytics will always be needed, but the combination of the two will be strong.
"It will allow us to automate simple tasks, analyse faster and stop attacks earlier. With that, we can reduce the effects of an attack and help customers return to business as usual with minimal impact.
"Today, it takes just a few minutes for an attacker to take down an entire organisation, so every minute counts."
Adoption, workforce, and the cybersecurity industry
Rob Young, CEO of Infinity Group says that the launch of Copilot for Security has great potential: "It clearly promises substantial gains for IT teams, such as advanced root cause and threat analysis, prompted by conversational language.
"We plan to use Copilot to augment our existing security offering, rather than it necessarily acting as a standalone tool.
"In their announcement, Microsoft has placed emphasis on how the technology can work in tandem with their existing security products. We believe it can enhance security capabilities across core areas for increased value, including remediation and investigation.
Young also explains how the new functionality in Copilot for Security also puts power in the hands of more employees.
Much like Barkvall argues, he says that the natural language inputs will enable junior team members, with the right baseline skills, to complete complex tasks and develop their understanding within the field.
Daniel Hurel, VP of cybersecurity & next gen solutions EMEA at Westcon-Comstor adds: "Against the backdrop of the well-documented cybersecurity skills shortage, the rise of genAI can have a positive impact by plugging skills gaps and bringing cybersecurity protection to more businesses.
"It also has the potential to make those working in cybersecurity more efficient and effective.
"One challenge facing the traditional security operations centre is the prospect of being overwhelmed by the sheer number of alerts, many of which might be false positives.
"GenAI has the potential to detect actual attacks more accurately and efficiently by shifting the focus from alerts to events."
Jason Revill, a global security practice leader at MSSP Avanade weighs in on the matter as well arguing that Microsoft and Avanade both advocate that genAI, in its various forms, are productivity enhancers, and not intended to replace or reduce the workforce in any way.
"The benefits of such tools enable teams to be more effective and efficient, enabling more time to focus on the important things like personal development, developing new skills or channelling time into service improvements.
"One thing that is certain in cybersecurity is that there is always more to do in terms of improving attack detection coverage, developing automated responses or improving and refining policies.
"It's also important to highlight the very real issue of security analyst burnout. Stress, anxiety and burnout are very real problems for security teams, and a tool like Copilot for Security can help towards alleviating some of the demanding workload causing these issues."
However, this can only be realised if employers enable the teams to realise these benefits - which will come down to culture and employee wellness programmes evolving to take these tools into account, according to Revill.
"Our own experience of using Copilot for Security teaches us that in the hands of more junior analysts it enables them to improve their skills and capabilities through its ability to guide and advise.
"More junior analysts reduce the time needed from senior team members, giving them more time for their own tasks.
"For senior team members, Copilot enables them to complete their tasks more efficiently, with capabilities that enable the use of natural language to carry out difficult tasks like complex code creation, or malware code analysis."
The question of pay-as-you-go
Young notes questions around the pricing of Copilot for Security, particularly given the pay-as-you-go licensing model announced by Microsoft which could prove variable and complex.
Hurel has a positive take on it: "The use of pay-as-you-go licensing models has the potential to drive adoption of AI-powered security solutions, including within the SMB market where flexibility is key, and customers are often reluctant to make a long-term commitment.
Revill echoes this point. He says this approach from Microsoft is a "creative and cost-effective" way to make Copilot for Security available to organisations of all sizes.
"By only charging for what they use, it provides a low-cost entry point to enable organisations to get started at a lower cost than expected for such an advanced tool.
"Especially when compared with traditional security tooling license models (i.e. per endpoint, per user, per GB.)
"Additionally, as the billing is tied to Azure, it is easy to get started with clients existing Azure billing mechanisms, without having to negotiate an additional license.
"Microsoft are working to create an extensive partner ecosystem, with Tanium leading the way on demonstrating the value of a deep integration.
"With such an extensive amount of integration possible, clients can further make a more strategic decision by choosing Copilot for Security over a point genAI Security assistant solution that are emerging."
Hurel also adds that MSSPs are perfectly placed to help facilitate driving scale and adoption of the new breed of genAI-based security products such as Copilot Security.
"Indeed, I expect demand for MSSPs to accelerate even further as genAI becomes more embedded in the cybersecurity ecosystem, with AI solutions being delivered as part of a platform in line with the platformisation trend is reshaping the way end-users consume and deploy security products.
"Total cost of operations is a real focus for MSSPs because security is an endlessly evolving and moving target.
"Therefore, any well-designed AI fully integrated into cybersecurity solutions will help them to meet their cost expectations."
Accommodating MSSP use cases
"As a cybersecurity consulting leader our goal is very much to ensure Copilot for Security becomes a deeply embedded part of our clients' daily lives," Revill explains.
He says the goal is to modernise security operations and security administration tasks, enhancing Microsoft's proposition with its own extensive well-engineered promptbooks, custom plugins and partnerships such as with Tanium, to provide deeper integration and automation capabilities.
"For example, the combination of Tanium's real-time data and Copilot's AI-driven action offers immense potential to reduce clients' cyberthreats, regulate environments, and resolve incidents proactively in a matter of minutes.
"As an MSSP, we are working with Microsoft to not only shape the product for clients, via our position as a Copilot for Security design advisory council member, but also to influence how it is designed to support MSSP use cases.
"For MSSPs there is a lot of potential to further bring value to clients, through increased efficiencies boosting mean time to detect and respond performance.
"With any introduction of a tool that brings efficiencies there is often an expectation of cost reduction, Copilot for Security will need some time in market before we see how tangible these efficiencies can be across MSSP scale, but our guidance is very much around recognising the value of having more time from a team of experts, such as driving increased coverage, detection and automation."