Microsoft introduces two new cybersecurity services: Azure Sentinel and Microsoft Threat Experts

Marco Green
March 2, 2019

Azure Sentinel is a machine learning-based Security Information and Event Management that takes the (often overwhelming) stream of security events-a bad password, a failed attempt to elevate privileges, an unusual executable that's blocked by anti-malware, and so on-and distinguishes between important events that actually deserve investigation and mundane events that can likely be ignored.

Threat Experts is a new feature for Windows Defender Advanced Threat Detection (ATP), and it has two elements.

Early partners working with Azure Sentinel include Accenture, Insight and New Signature, Microsoft disclosed. The results appear in an Azure-based dashboard like the one shown here.

Ann Johnson, Microsoft Corporate Vice President for Cybersecurity, said that the use of AI and an organization's own machine learning tools can dramatically reduce "alert fatigue" for frontline security professionals.

And, "because it's built on Azure you can take advantage of almost limitless cloud speed and scale and invest your time in security and not servers", Johnson wrote. And because Sentinel is running in Azure, you have the ability to scale up services quickly to scour volumes of data with minimal overhead - the company will let you ingest your Office 365 data into the platform for "free" as well. Microsoft claims that early adopters have found that the Azure Sentinel tool "reduces threat hunting from hours to seconds".

Sentinel works only with an Azure subscription, where Microsoft said it will provide a "fully integrated experience in the Azure portal" to augment existing services such as Azure Security Centre and Azure Machine Learning.

The Azure Sentinel cloud tech provides built-in support for "open standards such as Common Event Format (CEF) and broad partner connections, including Microsoft Intelligent Security Association partners such as Check Point, Cisco, F5, Fortinet, Palo Alto and Symantec, as well as broader ecosystem partners such as ServiceNow". Meanwhile, use of the cloud has led to an explosion in the amount of data and devices they have under management-and that's created friction with their existing SIEM solutions, he said.

"Microsoft Azure Sentinel continues a worrying process of cloud providers eating their partners' lunch, which is neither good for the industry nor for customers". Accordingly, the preview program is much more limited; interested organizations have to apply to be in the preview and then wait for approval.

Security will continue to be an evergreen challenge for almost every company.

Microsoft has announced two new cloud services to help administrators detect and manage threats to their systems.

Microsoft Threat Experts provides both "world-class expertise on demand" and automated hunting down of "human adversary intrusions, hands-on-keyboard attacks, and advanced attacks like cyberespionage" by scouring through large swaths of collected anonymized data. The new service is created to help security teams easily hunt down and restrict human adversary intrusions and advanced attacks such as cyber-espionage. Click Ask a Threat Expert and you'll be put in touch with a real human to help understand what's going on and how to respond and, if necessary, transition to Microsoft's Incident Response service.

Other reports by Click Lancashire

Discuss This Article