Microsoft Unveils 2 New Services: Azure Sentinel and Threat Experts

Microsoft Unveils 2 New Services: Azure Sentinel and Threat Experts

Hardware and software provider Microsoft today unveiled two new cybersecurity solutions: Azure Sentinel and Threat Experts.

The Azure Sentinel

Microsoft claims the Azure Sentinel is the first cloud-native SIEM tool built by a major cloud provider.

According to their release, this nativity allows the Azure Sentinel to optimally perform security analytics, log collection, and threat detection on enterprise cloud and hybrid environments; additionally, the SIEM solution can provide increased visibility across multiple public clouds and cloud applications. The solution can also draw computing power from Microsoft’s servers, rather than relying on the client servers, to analyze data and hunt for digital threats.   

Microsoft also claims the new solution can use an artificial intelligence filter to cut down on false positive security alerts; this alleviates some of the burdens of “alert fatigue” on IT security teams, allowing for more thorough investigations.

Threat Experts  

In addition to the Azure Sentinel, Microsoft also unveiled the Threat Experts service, which is available through their Windows Defender Advanced Threat Protection solution. Threat Experts provides enterprise security operations centers with threat hunting and contextualization to facilitate their investigation and remediation efforts.

Threat Experts provides targeted attack notifications, with emphasis on human adversary intrusions and hands-on-keyboard attacks.   

Additionally, Threat Experts offers security analyst consultation for complicated threat investigations. They can help enterprise SOCs discover the root cause of a security incident and analyze nonhuman actor behaviors. Finally, if necessary, Threat Experts can help enterprise transition to their Incident Response service.

The release of these two products simultaneously highlights the growing importance of threat intelligence and cloud security in modern security analytics. Enterprises continue to transition to the cloud through digital transformation; thus they must adapt to the new security demands of that environment. Legacy SIEM solutions don’t have the capabilities necessary to handle the decentralized nature of the cloud.        

Ben Canner

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner

Latest posts by Ben Canner (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *