Azure Sentinel is one of the new tools. As the name suggests, it works with Azure to provide “cloud-native Security Information and Event Management (SIEM) tool.” Sentinel works by gathering huge quantities of data from cloud-based services, such as Office 365 third-party offerings. According to Ann Johnson, Corporate Vice President of Cybersecurity for Microsoft, AI powers Sentinel and can work with inner-organizational machine learning tools to reduce “alert fatigue”. As is becoming the norm for Microsoft, Sentinel supports open standard like the Common Event Format (CEF). It is also compatible with several major third-party security solutions, such as Cisco, F5, Palo Alto, and Symantec.
Azure Sentinel will be showcased at the RSA Conference, but Microsoft has also dropped a preview of the tool on the portal today. It is free to use in preview but will come at a price that is “aligned to general pricing” when fully available.
Microsoft Threat Experts
Microsoft Threat Experts is another new service. It taps into Windows Defender Advanced Threat protection (ATP) and helps “address the cybersecurity skills gap” by offering expert help for security teams who are ATP customers. https://www.youtube.com/watch?v=hMYOb81kDYE The feature is designed to “proactively hunt and prioritize threats”. Elsewhere, Microsoft has added an “Ask a Threat Expert” button to the Windows Defender ATP. Like Sentinel, Microsoft Threat Experts is now available in public preview on the ATP console.
