Enterprise Microsoft shops will be offered a new set of tools aimed at making life easier for security professionals tasked with guarding an organization against well-funded adversaries.
At the RSA conference Microsoft unveiled Azure Sentinel and Threat Experts, two Azure cloud services that promise to help security teams by “reducing the noise, false alarms, time consuming tasks and complexity”.
According to Microsoft, too many organizations still rely on traditional Security Information and Event Management (SIEM) tools and as such can’t keep pace with attackers.
So it’s pitching Microsoft Azure Sentinel as the “first native SIEM within a major cloud platform”, which uses Microsoft’s Azure cloud and AI to filter out false-positives and other security red-herrings.
“Azure Sentinel enables you to protect your entire organization by letting you see and stop threats before they cause harm. With AI on your side it helps reduce noise drastically—we have seen an overall reduction of up to 90 percent in alert fatigue with early adopters,” Microsoft’s corporate vice president of cybersecurity, Ann Johnson, said.
“Because it’s built on Azure you can take advantage of nearly limitless cloud speed and scale and invest your time in security and not servers. In just a few clicks you can bring in your Microsoft Office 365 data for free and combine it with your other security data for analysis.”
The new product puts Microsoft in competition with SIEM players like Splunk and LogRhythm,
Azure Sentinel is available today in preview from the Azure website. The service supports partners including Check Point, Cisco, F5, Fortinet, Palo Alto and Symantec, as well as broader ecosystem partners such as ServiceNow
The new Threat Experts service is part of the Microsoft 365 enterprise bundle of Office 365, Windows 10, and Microsoft’s mobile management products. The service is, as the name suggests, a channel to outsource security expertise to Microsoft’s security pros.
It’s a “managed threat hunting” add-on Microsoft’s Windows Defender Advanced Threat Protection that provides “proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately.”
Key services included targeted attack notifications and security experts on demand. The alerts bring into focus dangerous threats to a customer’s network and provide them a timeline of a breach, how deep it was, and how hackers made it in.
The experts on demand component is meant to complement internal SecOps capabilities during investigations. Microsoft’s own incident response service is available to customers in critical scenarios.
The company highlighted it’s help for customers who’d experienced business email compromise fraud at the hands of state-sponsored attackers who’d gained administrative access and transferred “large sums of cash to foreign bank accounts”.
Once the attacker became aware the attack was known by Microsoft the attacker deployed destructive malware to over half of the affected organizations’ machines.