Microsoft's new cloud security tools aim to reduce alert fatigue
In an announcement ahead of the RSA Conference, Microsoft released details of two cloud-based security tools for large organizations. The new tools use AI and machine learning to help security professionals reduce "alert fatigue" and respond to actual threats more quickly.
Microsoft today unveiled a pair of new cloud-based security offerings aimed at helping large organizations cope with advanced security threats. The announcement comes ahead of the RSA Conference, where the two products will be showcased for security professionals.
Azure Sentinel is a new service offering within Azure that Microsoft bills as a "cloud-native Security Information and Event Management (SIEM) tool." It's designed to pull in vast amounts of data from other cloud-based services, including Office 365 and third-party solutions, and then use AI to reduce the noise and identify actual threats. The results appear in an Azure-based dashboard like the one shown here.
Ann Johnson, Microsoft Corporate Vice President for Cybersecurity, said that the use of AI and an organization's own machine learning tools can dramatically reduce "alert fatigue" for frontline security professionals.
According to Microsoft, Azure Sentinel supports open standards such as Common Event Format (CEF), as well as allowing connections to third-party security tools from Check Point, Cisco, F5, Fortinet, Palo Alto and Symantec and integration with partners such as ServiceNow that offer a broader set of security and IT management services.
Azure Sentinel is available as a preview in the Azure portal beginning today. During the preview period, it will be free. A Microsoft spokesperson declined to offer details about future pricing but said the service will be "aligned to general Azure pricing."
The second offering, Microsoft Threat Experts, is a new service within Windows Defender Advanced Threat Protection (ATP) designed to "address the cybersecurity skills gap" by providing expert help for security operations teams who are existing ATP customers.
The new service consists of two parts. One is a "managed threat hunting service," in which Microsoft experts will sift through anonymized security data for a customer and provide notifications of important threats such as human adversary intrusions, hands-on-keyboard attacks, and cyberespionage.
The second component is an "Ask a Threat Expert" button in the ATP console that allows security operations personnel to request help in analyzing data to prioritize threat responses and add context to notifications.
Microsoft Threat Experts is available as a public preview beginning today; existing customers can apply in the ATP console.