International. The company has revealed two new cloud-based technologies in Microsoft Azure Sentinel and Microsoft Threat Experts, which power operations teams in security by reducing noise, false alarms, time-consuming tasks, and the complexity that overloads them.
In a recent example of the latest Security Intelligence Report, Microsoft experts were asked to help different financial services organizations deal with attacks launched by a state-sponsored group that gained administrative access and executed fraudulent transactions, to transfer large amounts of cash to overseas bank accounts. When the attacking group realized it had been discovered, it quickly deployed destructive malware that paralyzed customer operations for several days. Microsoft experts arrived on site within hours, and worked day and night with customers' security teams to restore normal business operations.
The company explains that incidents like this remind us that many defenders are overwhelmed by threats and alerts, and often spend several days chasing false alarms instead of investigating and resolving complex cases. Compounding the problem is the severe shortage of cyber defenders, with an estimated deficit of 3.5 million security professionals by 2021. Now, the company claims to have unlocked the power of cloud and AI so that security can do its best work, reason on vast amounts of security signals, detect anomalies and bring global scale to highly trained security professionals.
"Many companies still rely on traditional Security Information and Event Management (SIEM) tools, which are unable to keep pace with the needs of defenders, the volume of data, or the agility of adversaries. The cloud enables a new class of intelligent security technologies that reduce complexity and integrate with the productivity platforms and tools you depend on. Today we're excited to announce Microsoft Azure Sentinel, the first native SIEM within a larger cloud platform. Azure Sentinel allows them to protect their entire organization by allowing them to see and stop threats before they cause any damage. With AI on their side, which helps them reduce noise considerably, we've seen an overall reduction of up to 90% in alert fatigue with early adopters. Because it's built on Azure, you can take advantage of nearly unlimited cloud speed and scale and invest your time in security and not servers. With just a few clicks they can take their Microsoft Office 365 data for free, and combine it with their other security data for analysis," says Ann Johnson, corporate vice president of the cybersecurity solutions group at Microsoft.
Corry McGarry, Technical Business Operations Specialist at Tolko Industries Ltd., commented, "After using Microsoft Azure Sentinel for six months, it has become a resource that is turned to every morning. We get a clear view of what's happening across our network without having to review all of our systems and dashboards individually. I haven't seen an offering like another company's Microsoft Azure Sentinel."
Azure Sentinel supports open standards such as Common Event Format (CEF) and extensive customer connections that include Microsoft Intelligent Security Association partners such as Check Point, Cisco, F5, Fortinet, Palo Alto, Symantec, as well as broader ecosystem partners such as ServiceNow. Azure Sentinel mixes insights from Microsoft experts and AI with the unique insights and skills of defenders you have at home and machine learning tools to uncover the most sophisticated attacks before they take hold. Azure Sentinel helps power SecOps teams keep their organizations safe by leveraging the power, simplicity, and extensibility of Azure to analyze data from Microsoft 365 and third-party security solutions. Azure Sentinel is available in preview starting today from the Azure portal.
Microsoft Threat Experts
Microsoft Threat Experts is a new service within Windows Defender ATP that provides managed inspection to extend the capacity of your security operations center team. Through this service, Microsoft will proactively search your anonymous security data for the most important threats, such as intrusions from human adversaries, hands-on-keyboard attacks, and advanced attacks such as cyber espionage, to help your team prioritize the most important risks and respond quickly. The service also provides world-class expertise on demand. With the new "Ask a Threat Expert" button, your security operations team can submit questions directly in the product console. To join the public version of Microsoft Threat Experts, apply in the Windows Defender ATP settings.
"There are no easy answers or absolute remedies for security, yet the cloud unlocks new capabilities. This is why we put cloud and AI to work to extend and empower defenders whose unique insights are key to preventing cyberattacks. Azure Sentinel and Microsoft Threat Experts are two new capabilities that join our broad portfolio of security solutions across identity, endpoints, data, cloud applications, and infrastructure. We can't wait to showcase Azure Sentinel and Microsoft Threat Experts at the RSA Conference next week and invite you to visit the Microsoft booth in the main hall or any of our amazing sessions to learn more," concludes Ann Johnson.
Source: Microsoft.
