Ahead of the annual RSA Conference, Microsoft rolled out a new cloud-native security information and event management (SIEM) tool called Azure Sentinel, and a managed threat hunting service dubbed Microsoft Threat Experts.
Both of these will help security operations teams to cut through false alarms and automate time-consuming tasks, said Ann Johnson, corporate vice president of Microsoft’s Cybersecurity Solutions Group, in a press briefing.
The shortage of cybersecurity professionals has been well documented. Seventy percent of IT employers already face a moderate to extreme shortage, and the shortfall is expected to hit 3 million-plus by 2021, Johnson said. “The cybersecurity landscape has gotten to a point where the attackers do have an advantage due to a lack of skilled cyber defenders,” she said.
Traditional SIEM tools can’t keep up. Enter Azure Sentinel, which uses artificial intelligence (AI) to “reduce noise drastically” and cut alert fatigue by up to 90 percent, Johnson said. Early customers using the product, which is now in beta, have seen their threat hunting time cut from hours to milliseconds, she added.
Microsoft claims it’s the first cloud-native SIEM in a major cloud platform. Azure Sentinel collects data across all users, devices, applications, and infrastructure — both in on-premises data centers and multiple clouds. And it automates 80 percent of the most common tasks that security operations teams spend time performing, Johnson said.
Azure Sentinel supports open standards such as Common Event Format (CEF) and integrates with Microsoft Intelligent Security Association partners including Check Point, Cisco, F5, Fortinet, Palo Alto Networks, and Symantec, as well as other Microsoft technology partners such as ServiceNow.
“We are leveraging our own human expertise, our global security operations, and our intelligence capabilities to train and deliver AI-powered tools to help defenders do what they do best,” Johnson said.
Microsoft Threat Experts
Microsoft also rolled out a managed threat hunting service. Microsoft Threat Experts is a new service within Windows Defender ATP. Through this service Microsoft will analyze a company’s security data and pull the most important threats, such as human adversary intrusions, hands-on-keyboard attacks, and cyberespionage, to help security teams prioritize risks and respond to the most important ones more quickly.
It also includes a new “Ask a Threat Expert” button, which allows security operations team to submit questions directly in the product console.
Microsoft will showcase both Azure Sentinel and Microsoft Threat Experts at this week’s RSA Conference.