Microsoft Azure Sentinel Cloud-Native Security Analytics Tool, Threat Experts Service Launched to Help Security Teams

Microsoft on Thursday launched its cloud-native solution called Azure Sentinel that is touted to provide enterprises with intelligent security analytics at cloud scale. The new development, which comes as an advanced Security Information and Event Management (SIEM) tool, uses artificial intelligence (AI) and scalable machine learning algorithms to analyse and detect threats alongside offering a significant reduction in alert fatigue. The Redmond company also brought Microsoft Threat Experts as a service to provide managed hunting over anonymised security data to enterprises and businesses using Windows Defender Advanced Threat Protection (ATP). The new service is designed to help security teams easily hunt down and restrict human adversary intrusions and advanced attacks such as cyber-espionage.

Among the new enterprise-focused security offerings, Microsoft Azure Sentinel comes as a new SIEM tool to mitigate the risk of cyber attacks using AI. It also integrates data from Microsoft experts and third-party defenders and machine learning tools to provide security insights under one roof. Microsoft claims that early adopters have found that the Azure Sentinel tool "reduces threat hunting from hours to seconds."

A traditional SIEM system is designed to provide enterprises with real-time analysis of security alerts by collecting and aggregating log data from the application and network infrastructure. But since enterprises nowadays largely use cloud alongside their conventional technological deployments, a cloud-native solution like Azure Sentinel has become the need of the hour.

Microsoft says that using Azure at the backend, the new tool provides "limitless cloud scale and speed" to collect and analyse security data. It also supports open standards such as Common Event Format (CEF) and has broad partner connections, including Microsoft Intelligent Security Association partners such as Check Point, Cisco, F5, Fortinet, Palo Alto, and Symantec.

"Azure Sentinel blends the insights of Microsoft experts and AI with the unique insights and skills of your own in-house defenders and machine learning tools to uncover the most sophisticated attacks before they take root," explains Ann Johnson, Microsoft CVP, Cybersecurity Solutions Group, in a blog post.

Azure Sentinel is capable of analysing data from Office 365. This means enterprises can bring their Office 365 activity data to Azure Sentinel to detect security loopholes. Also, the new tool can be integrated with security solutions from various third-party vendors. There is also Microsoft Graph Security API support to let enterprises import their threat intelligence feeds and customise threat detection.

Microsoft claims that machine learning algorithms powering Azure Sentinel make it capable of offering up to 90 percent reduction in alert fatigue during evaluations. Furthermore, the tool provides graphical and AI-based investigation to make it efficient for security teams to understand the full scope of an attack and its impact.

Enterprise customers can get Microsoft Azure Sentinel in preview directly from the Azure portal.

In addition to the Azure Sentinel tool, Microsoft has brought the Threat Experts service that adds a human touch to the company's security offerings. The managed threat hunting service is a part of Windows Defender ATP and is designed to offer proactive hunting, prioritisation, and additional context and insights. It is essentially designed with two capabilities -- targeted attack notifications and security experts on demand.

On the part of security experts on demand, Microsoft Threat Experts lets security operation centres (SOCs) connect with Microsoft's in-house security experts directly from within Windows Defender Security Centre. There is an "Ask a Threat Expert" button to let security teams submit their questions from the product console.

The preview of Microsoft Threat Experts is available for Windows Defender ATP customers directly from the Windows Defender Security Centre. Once applied for the preview, Microsoft will reach eligible customers via email to confirm their participation.