Microsoft has rolled out two new security tools for cloud organizations who are dealing with potential advanced security threats. The company announced the Azure features ahead of the RSA Security Conference, where Microsoft will showcase the products for professionals.
Azure Sentinel is one of the new tools. As the name suggests, it works with Azure to provide “cloud-native Security Information and Event Management (SIEM) tool.” Sentinel works by gathering huge quantities of data from cloud-based services, such as Office 365 third-party offerings.
According to Ann Johnson, Corporate Vice President of Cybersecurity for Microsoft, AI powers Sentinel and can work with inner-organizational machine learning tools to reduce “alert fatigue”.
As is becoming the norm for Microsoft, Sentinel supports open standard like the Common Event Format (CEF). It is also compatible with several major third-party security solutions, such as Cisco, F5, Palo Alto, and Symantec.
Azure Sentinel will be showcased at the RSA Conference, but Microsoft has also dropped a preview of the tool on the portal today. It is free to use in preview but will come at a price that is “aligned to general pricing” when fully available.
Microsoft Threat Experts
Microsoft Threat Experts is another new service. It taps into Windows Defender Advanced Threat protection (ATP) and helps “address the cybersecurity skills gap” by offering expert help for security teams who are ATP customers.
The feature is designed to “proactively hunt and prioritize threats”. Elsewhere, Microsoft has added an “Ask a Threat Expert” button to the Windows Defender ATP.
- Targeted attack notifications: Alerts that are tailored to organizations provide as much information as can be quickly delivered to bring attention to critical threats in their network, including the timeline, scope of breach, and the methods of intrusion.
- Experts on demand: When a threat exceeds the SOC’s capability to investigate, or when more actionable information is needed, security experts provide technical consultation on relevant detections and adversaries. In cases where a full incident response becomes necessary, seamless transition to Microsoft incident response (IR) services is available.
Like Sentinel, Microsoft Threat Experts is now available in public preview on the ATP console.