Microsoft has unveiled a new set of cloud security tools to help security professionals cope with any advanced security threats.
At the RSA conference, Microsoft introduced Azure Sentinel and Threat Experts, two Azure products that aim to help security teams by “reducing the noise, false alarm, time-consuming tasks, and complexity”.
According to a Microsoft blog post published on Thursday (Feb.28th), too many enterprises still rely on traditional Security Information and Event Management (SIEM) tools that are unable to protect organisations from cyber threats.
Azure Sentinel will use AI and organisation’s own machine learning tools to help reduce “alert fatigue” for security professionals.
“Azure Sentinel enables you to protect your entire organisation by letting you see and stop threats before they cause harm. With AI on your side, it helps reduce noise drastically—we have seen an overall reduction of up to 90 percent in alert fatigue with early adopters,” Microsoft’s corporate vice president of cybersecurity, Ann Johnson, said in the blog post.
“Because it’s built on Azure you can take advantage of nearly limitless cloud speed and scale and invest your time in security and not servers. In just a few clicks you can bring in your Microsoft Office 365 data for free and combine it with your other security data for analysis.”
Microsoft’s new product appears positioned to directly compete with other SIEM players like Splunk and LogRhythm.
Azure Sentinel is now available as a preview on the Azure website. The service supports partners including Check Point, Cisco, F5, Fortinet, Palo Alto, and Symantec, as well as broader ecosystem partners such as ServiceNow.
Microsoft Threat Experts
The second offering, Microsoft Threat Experts, is a new service built within the Window Defender Advanced Threat Protection (ATP) and developed to offer “managed hunting to extend the capability of your security operations centre team,” said Microsoft.
“Through this service, Microsoft will proactively hunt over your anonymised security data for the most important threats, such as human adversary intrusions, hands-on-keyboard attacks, and advanced attacks like cyberespionage—helping your team prioritize the most important risks and respond quickly.”
To access Microsoft Threat Experts, users have to click the “Ask a Threat Expert” button within Windows Defender ATP which allows customers to request help to various security threat situations straight from the product console.
Just like Azure Sentinel, Microsoft Threat Experts is now available as a public preview. To join the public preview of Microsoft Threat Experts, existing customers need to apply in the Windows Defender ATP settings.