Revolutionizing Security Analysis with CrowdSec and Microsoft Copilot for Security

Today, we announced CrowdSec’s participation in the Microsoft Copilot for Security Partner Private Preview. The integration of CrowdSec's Cyber Threat Intelligence (CTI) into Microsoft Copilot for Security represents a monumental stride towards a more resilient and efficient approach to security operations. 

This article delves into how CrowdSec's unique capabilities enhance the Copilot for Security platform, marking a significant advancement in the realm of security analytics and incident response.

An introduction to Microsoft Copilot for Security

The combination of natural language and a new reasoning engine defines this new age of generative AI. Together, they have created a new category of LMM-based, generative AI interaction that Microsoft calls ‘copilots.’ Copilots empower people to be smarter, more productive, more creative, and more connected to the people and things around them.

Microsoft Copilot for Security is a generative AI-powered security solution that helps increase the efficiency and capabilities of defenders to improve security outcomes at machine speed and scale. Copilot for Security provides natural language AI assistance to help security and IT professionals assess and respond to threats. 

Copilot is embedded in Microsoft Intune and Microsoft Purview which includes Microsoft Purview’s various products like Microsoft Purview Insider Risk Management.

CrowdSec's unique Cyber Threat Intelligence

At its core, CrowdSec is an open source, crowd-powered security solution that leverages collaborative intelligence to detect and respond to threats. By analyzing behaviors, responding to attacks, and sharing signals across its user base, the CrowdSec CTI provides invaluable insights into potentially aggressive IP addresses, their behaviors, targeted protocols, and the vulnerabilities they exploit. 

This collaborative approach to cybersecurity not only improves your defensive capabilities but also contributes to a safer digital environment for all and fosters a robust defense mechanism shared among its users.

A seamless integration with Microsoft Copilot for Security

Integrating CrowdSec with Microsoft Copilot for Security through a simple API key setup unlocks a new dimension of threat intelligence within the Copilot ecosystem. You can grab your API key through the CrowdSec Console. Once configured, users can directly leverage CrowdSec's dataset to enrich their security analytics, enabling a deeper understanding of suspicious IP addresses. 

This integration facilitates the identification of threats by providing detailed insights into the nature of the threat actors, including their targeted protocols, exploited vulnerabilities, and even the specific categories they belong to, such as proxy/VPN services or legitimate security scanners and their timelined activity.

Enhancing Copilot's efficacy with CrowdSec

The integration of CrowdSec with Copilot for Security does not merely add another data source for security analysis; it fundamentally enhances Copilot's capability to deliver timely, context-rich insights that are crucial for effective security operations. 

Through the LookupIpAddressSmokeDataset skill, users gain access to a wealth of information on IP addresses, such as their observed behaviors and the confidence level of the information provided. This not only aids in the rapid identification and categorization of threats but also enriches the incident response process with an unprecedented layer of intelligence within the Copilot framework.

Visit the official documentation for Copilot for Security to learn more about how to use the CrowdSec CTI plugin. 

Empirical validation of enhanced productivity and accuracy using Copilot for Security

Microsoft has evidenced Copilot for Security benefits through a comprehensive study involving both security professionals and novices. The study showcased remarkable efficiency gains, with Copilot users finishing tasks significantly faster — 22% overall for professionals and an impressive 25.9% for novices. 

The accuracy and quality of security analysis also saw substantial improvements, with a 49% higher content score among professional Copilot users in incident summarization tasks and a staggering 80% higher content score for novices. This precision is reinforced by the integration of CrowdSec's CTI, which, according to the latest VirusTotal tests, recognizes up to 36% of exclusive aggressive IPs, thanks to its unique collaborative detection mechanism. These findings underscore the value of integrating CrowdSec's Threat Intelligence into Copilot and the broader potential for collaborative security solutions to amplify the effectiveness of security operations across all skill levels.

Read the full report on Microsoft Copilot for Security productivity findings here.

Looking forward

The integration of CrowdSec's Cyber Threat Intelligence with Microsoft Copilot for Security paves the way for a new era of collaborative and intelligent security operations. By harnessing the collective power of the CrowdSec community, Copilot users are now better equipped to navigate the complex threat landscape with enhanced accuracy, efficiency, and confidence. This collaboration exemplifies the transformative potential of integrating crowd-powered intelligence with advanced security analytics platforms, setting a new benchmark for what is achievable in the realm of cybersecurity.