Hardware and software provider Microsoft today unveiled two new cybersecurity solutions: Azure Sentinel and Threat Experts.
The Azure Sentinel
Microsoft claims the Azure Sentinel is the first cloud-native SIEM tool built by a major cloud provider.
According to their release, this nativity allows the Azure Sentinel to optimally perform security analytics, log collection, and threat detection on enterprise cloud and hybrid environments; additionally, the SIEM solution can provide increased visibility across multiple public clouds and cloud applications. The solution can also draw computing power from Microsoft’s servers, rather than relying on the client servers, to analyze data and hunt for digital threats.
Microsoft also claims the new solution can use an artificial intelligence filter to cut down on false positive security alerts; this alleviates some of the burdens of “alert fatigue” on IT security teams, allowing for more thorough investigations.
In addition to the Azure Sentinel, Microsoft also unveiled the Threat Experts service, which is available through their Windows Defender Advanced Threat Protection solution. Threat Experts provides enterprise security operations centers with threat hunting and contextualization to facilitate their investigation and remediation efforts.
Threat Experts provides targeted attack notifications, with emphasis on human adversary intrusions and hands-on-keyboard attacks.
Additionally, Threat Experts offers security analyst consultation for complicated threat investigations. They can help enterprise SOCs discover the root cause of a security incident and analyze nonhuman actor behaviors. Finally, if necessary, Threat Experts can help enterprise transition to their Incident Response service.
The release of these two products simultaneously highlights the growing importance of threat intelligence and cloud security in modern security analytics. Enterprises continue to transition to the cloud through digital transformation; thus they must adapt to the new security demands of that environment. Legacy SIEM solutions don’t have the capabilities necessary to handle the decentralized nature of the cloud.
Latest posts by Ben Canner (see all)
- 5 Key Security Analytics Capabilities for Security Operations Centers - October 17, 2019
- 40 Percent of Security Practitioners Don’t Report to the Board - October 15, 2019
- What Do SIEM Components Actually Do For Enterprises? - October 10, 2019