Microsoft unveiled Azure Sentinel and Threat Experts, two cloud-based AI cybersecurity tools. The tools use AI to assist security professionals to respond to immediate risks rapidly.
Azure Sentinel is created to attract a huge quantity of data from other cloud-based services. Microsoft is pitching the tool as a “cloud-native Security Information and Event Management tool.” It enables users to link to and gather data from sources such as applications, servers, and devices operating on-campus or in the cloud.
As per the company’s assertion, the tool is also capable of integrating existing tools, whether business applications, other security products, or homegrown tools. Users can add their respective machine learning (ML) models, along with tailored detections and threat intelligence.
Microsoft proclaims the Artificial Intelligence’s potential to reduce noise from legal events with in-built ML knowledge based on analyzing trillions of signals on regular basis.
Additionally, Microsoft-set tool claims to increase proactive risk hunting using pre-built queries-based security experience over the years. This will enable users to visualize a prioritized list of warnings and alerts, gain correlated analysis of a number of security events, and observe the scope of each and every attack.
The aim of integrated automation and synchronization of regular tasks and workflows is to cut down security operations and accelerating threat response speed.
Azure Sentinel also helps Common Event Format like open standards and broad partner connections which includes Microsoft Intelligent Security Association partners such as Check Point, Cisco, F5, Fortinet, Palo Alto, and Symantec, as well as broader ecosystem partners such as ServiceNow.
Focusing on the second release of the sequence, Threat Experts is a fresh service within Windows Defender ATP which provides managed discovery to assist the expansion of the capabilities of an enterprise and its security operations center team.
With the assistance of the new services, Microsoft enrolls anonymized security data for high-risk threats which includes hands-on-keyboard attacks and human adversary intrusions along with advanced attacks such as cyber espionage.
Corey McGarry, senior technical specialist of enterprise operations at Tolko Industries said, “After using Microsoft Azure Sentinel for six months, it has become a go-to resource every morning. We get a clear vision of what’s happening across our network without having to check all our systems and dashboards individually.”
In one of the company’s official blog, Microsoft corporate vice president for the cybersecurity solutions group Ann Johnson cited, “Cybersecurity is about people. The frontline defenders who stand between the promise of digital transformation and the daily reality of cyber-attacks need our help.”