Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more
Microsoft today revealed two new cloud-based technologies that will help security operations teams at enterprise organizations by reducing the noise, false alarms, time consuming tasks and various complexities. The two new offerings are Microsoft Azure Sentinel and Microsoft Threat Experts.
Microsoft Azure Sentinel:
Azure Sentinel is a native Security Information and Event Management (SIEM) tool built within Azure. It will enable SecOps teams to see and stop threats before they cause any harm to the organizations. Azure Sentinel is powered by AI to reduce noise and Microsoft claims that you can see an overall reduction of up to 90 percent in alert fatigue.
SecOps teams can even bring in their Microsoft Office 365 data to Azure Sentinel for free and combine it with other security data for analysis.
Azure Sentinel also supports open standards such as Common Event Format (CEF) and partner connections, including Microsoft Intelligent Security Association partners such as Check Point, Cisco, F5, Fortinet, Palo Alto and Symantec.
Azure Sentinel blends the insights of Microsoft experts and AI with the unique insights and skills of your own in-house defenders and machine learning tools to uncover the most sophisticated attacks before they take root.
As per the early adopters, Azure Sentinel reduces threat hunting from hours to seconds. Azure Sentinel is available in preview today and you can access it from the Azure portal.
Microsoft Threat Experts:
Microsoft Threat Experts is a new service within Windows Defender ATP that will offer managed hunting to extend the capability of your security operations center team. Yes, Microsoft is making its security operations experts available to enterprise customers.
Microsoft will proactively hunt over your anonymized security data for the most important threats, such as human adversary intrusions, hands-on-keyboard attacks, and advanced attacks like cyberespionage—helping your team prioritize the most important risks and respond quickly.
If you are a SecOps team member, you can join the public preview of Threat Experts from Windows Defender ATP settings.