Hardware and software provider Microsoft today unveiled two new cybersecurity solutions: Azure Sentinel and Threat Experts.
The Azure Sentinel
Microsoft claims the Azure Sentinel is the first cloud-native SIEM tool built by a major cloud provider.
According to their release, this nativity allows the Azure Sentinel to optimally perform security analytics, log collection, and threat detection on enterprise cloud and hybrid environments; additionally, the SIEM solution can provide increased visibility across multiple public clouds and cloud applications. The solution can also draw computing power from Microsoft’s servers, rather than relying on the client servers, to analyze data and hunt for digital threats.
Microsoft also claims the new solution can use an artificial intelligence filter to cut down on false positive security alerts; this alleviates some of the burdens of “alert fatigue” on IT security teams, allowing for more thorough investigations.
In addition to the Azure Sentinel, Microsoft also unveiled the Threat Experts service, which is available through their Windows Defender Advanced Threat Protection solution. Threat Experts provides enterprise security operations centers with threat hunting and contextualization to facilitate their investigation and remediation efforts.
Threat Experts provides targeted attack notifications, with emphasis on human adversary intrusions and hands-on-keyboard attacks.
Additionally, Threat Experts offers security analyst consultation for complicated threat investigations. They can help enterprise SOCs discover the root cause of a security incident and analyze nonhuman actor behaviors. Finally, if necessary, Threat Experts can help enterprise transition to their Incident Response service.
The release of these two products simultaneously highlights the growing importance of threat intelligence and cloud security in modern security analytics. Enterprises continue to transition to the cloud through digital transformation; thus they must adapt to the new security demands of that environment. Legacy SIEM solutions don’t have the capabilities necessary to handle the decentralized nature of the cloud.
Latest posts by Ben Canner (see all)
- Forecast: The Gartner 2019 SIEM Magic Quadrant - May 17, 2019
- LogRhythm Releases LogRhythm Cloud—a Cloud-Based SIEM Solution - May 16, 2019
- The 20 Best Cybersecurity Books for Enterprises in 2019 - May 14, 2019