Why Security ?:

The average cost of a data breach was $4.35M last year, the highest average on record, whereas the average cost of a ransomware attack was $4.54M. (IBM) and it takes an average of 277 days — about nine months — to identify and contain a breach. (IBM)

Challenge :-

To over come this challenge Organisation can setup Blue team for defensive security aka SOC (Security Operation Center). These SOC team continuously scans possible threats, networks attack, Incidents. But the real challenge comes when attackers(APT) automate the attack scenarios using custom AI tools. Then it pattern becomes undetectable by normal Security rules, SOC analyst (Manual inspection) . Sometimes most of the SIEM solution bypass such threats. And while dealing with high volume of threat incidents, the average response time of a SOC analyst expands , which allows attackers enough room for attack.

Solution :-

To deal with such scenarios, SOC can build in house AI model & train with their own past attack data. To leverage this Microsoft comes with solution called security co-pilot which can be easily integrated with SIEM solution ,XDR,CNAPP. Apart from that SOC team can integrate Azure Open AI with MS sentinel , MDC as AI assistance for SOC.

Demo :-
In this hands-on section audience will build Azure OpenAI powered SIEM AI assistance
1. With onboard security tools like Microsoft Defender for cloud and map threat alerts to SIEM tool MS Sentinel.
2. Create Threat detection analytic rules
3. Onboard Azure Open AI (on request service) to Azure subscription
4.Connect with custom data source
5. Build Chat Bot using Chat-GPT-3.5 Model and map with custom prompt using own data source coming from SIEM events
6. Integrate inside Sentinel Incident page