Microsoft announced its new cloud-based Microsoft Azure Sentinel and Microsoft Threat Experts solutions designed to allow security professionals to react faster and provide adequate responses during cyber attacks.
Microsoft Azure Sentinel has been developed in response to the diminishing capability of common Security Information and Event Management (SIEM) tools to keep up with the demands of defenders, the incoming volume of data during malicious events or the agility of cyber adversaries.
The fact that by 2021 there will be an estimated shortfall of at least 3.5 million security professionals and that roughly 70% of IT employers already see a moderate-to-extreme shortage of skills were also motivations behind the development of the Azure Sentinel tech.
Native cloud Security Information and Event Management tool
Microsoft’s Azure Sentinel has been designed from the ground up as the first native cloud SIEM able to provide intelligent security analytics for enterprise, allowing defenders to protect their organizations from security threats and block malicious activities before they’re able to do any damage.
According to Microsoft:
With AI on your side it helps reduce noise drastically—we have seen an overall reduction of up to 90 percent in alert fatigue with early adopters. Because it’s built on Azure you can take advantage of nearly limitless cloud speed and scale and invest your time in security and not servers.
Microsoft Azure Sentinel is also built to allow security pros to quickly import Microsoft Office 365 data with just a couple of mouse clicks, easily combining it with other security data streams for quick and extensive analysis.
The Azure Sentinel cloud tech provides built-in support for “open standards such as Common Event Format (CEF) and broad partner connections, including Microsoft Intelligent Security Association partners such as Check Point, Cisco, F5, Fortinet, Palo Alto and Symantec, as well as broader ecosystem partners such as ServiceNow.”
In addition, Microsoft Azure Sentinel makes it possible to mix AI and Microsoft experts’ insights with insights from in-house security experts as well as machines learning tools designed to bring into the light even “the most sophisticated attacks before they take root.”
On-demand and AI-powered threat detection
Microsoft Threat Experts, the other cloud tech announced today by Microsoft, is a service built within the Windows Defender ATP and developed to offer “managed hunting to extend the capability of your security operations center team.”
To access Microsoft Threat Experts, users have to click the “Ask a Threat Expert” button within Windows Defender ATP which makes it possible to request solutions to various security threat situations and events straight from the product console.
Microsoft Threat Experts provides both “world-class expertise on demand” and automated hunting down of “human adversary intrusions, hands-on-keyboard attacks, and advanced attacks like cyberespionage” by scouring through large swaths of collected anonymized data.
Some of Microsoft Threat Experts’ features:
- Threat monitoring and analysis
- Hunter-trained artificial intelligence
- Proactive notification service
- Full context of breach
- Experts on demand
As detailed by Microsoft, Azure Sentinel is already available in preview today on the company’s Azure portal, while Microsoft Threats Experts can be accessed by applying through the Windows Defender ATP settings.
Furthermore, the Azure Sentinel and Threat Experts will be showcased at the RSA Conference next week during a number of presentation sessions at the Microsoft booth on the main show floor.