Microsoft Debuts Azure Sentinel SIEM, Threat Experts Service

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Debuts Azure Sentinel SIEM, Threat Experts Service


New services, which are both available in preview, arrive at a time when two major trends are converging on security.



Microsoft today debuted two new security services: Azure Sentinel, a cloud-native security information and event management (SIEM) system, and Microsoft Threat Experts, a service through which security operations teams can leverage expertise from Microsofts experts.
The two services arrive at a time when two major trends are converging on security: SOC teams are struggling with an overwhelming amount of daily alerts and a lack of staff to handle them, and more organizations are moving their data and processes over to the cloud.
As the cloud has revolutionized modern IT architecture, more and more enterprise workloads have moved to the cloud, says Steve Dispensa, program management lead for Microsofts cloud and AI security division. The transition especially makes sense for security workloads, he adds, as theyre both data- and compute-intensive.
Enter Azure Sentinel, which Microsoft reports is the first native SIEM within a major cloud platform. Many organizations still rely on traditional SIEM tools, which typically cant keep up with the clouds scale and complexity. The AI built into Sentinel scours large volumes of data from users, applications, servers, and devices running on-prem or in the cloud. Microsoft reports early adopters of Sentinel have seen an overall reduction of up to 90% in alert fatigue.
One of the key goals of Azure Sentinel was to really help SOC operators use their limited bandwidth in the most effective way possible, Dispensa notes.
Azure Sentinel pulls data from Office 365, combs for threats, and combines findings with other security data for analysis. Its integration extends beyond Microsoft: Users can leverage
Azure Sentinel
to pull data from clouds and software built by companies including Cisco, Check Point, Palo Alto Networks, and Symantec, said Ann Johnson, Microsofts corporate vice president of security solutions, in a briefing ahead of next weeks RSA Conference.
An early goal of Azure Sentinel was to be able to integrate well with the infrastructure and services actually in use at these large enterprises, Dispensa says. This isnt just Microsoft cloud, he points out, and not just on-prem infrastructure, but apps and services in third-party clouds.
Data import for Office 365 is free, though you need to be a licensed Office 365 customer. Azure Sentinel is limited to Azure subscribers and is available in public preview starting today, Feb. 28. The preview period is also free; pricing will be announced in the future, Microsoft says.
Microsoft Threat Experts: Now Your Threat Experts
Alongside its Azure Sentinel announcement, Microsoft unveiled a service dubbed Microsoft Threat Experts, which connects the companys security experts with its in-house security staff. The idea is to give businesses an opportunity to augment security as part of Microsoft 365.
Microsoft Threat Experts
is a managed threat-hunting service built into Windows Defender Advanced Threat Protection. Its intended to provide two capabilities. The first is targeted attack notifications, which are alerts tailored to organizations critical threats. Theyre intended to inform the victim with timeline, scope of breach, and method of intrusions, for example.
The second is experts on demand. When a breach exceeds the targets ability to investigate, Microsofts security experts will provide technical consultation. If full incident response is necessary, the client can transition to working with Microsoft incident response services.
Dustin Duran, lead for Microsoft Threat Experts, says all participants in the program are full-time Microsoft employees who can provide either of the services capabilities. The same set of people have intimate knowledge of the operating system and features of security products, so theyre able to do both, he explains.
Windows Defender ATP customers can now apply to join the preview of this service via the Windows Defender Security Center.
Related Content:
In 2019, Cryptomining Just Might Have an Even Better Year
More Than 22,000 Vulns Were Disclosed in 2018, 27% Without Fixes
Stay Ahead of the Curve by Using AI in Compliance
Whose Line Is It? When Voice Phishing Attacks Get Sneaky
 
 
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Debuts Azure Sentinel SIEM, Threat Experts Service