Microsoft's Sentinel Security Tool Aims to Bring Intelligent Security Analytics To Your Data
To say that the security vector is expanding for companies who are increasingly making their data available and always connected would be an understatement. Hackers, which include state-sponsored entities, are ramping up their attacks on networks and services with the trends showing that this activity will not be slowing down anytime soon, or possibly ever.
To help protect your environment, Microsoft is announcing two new services today, Sentinel and Microsoft Threat Experts. The company says that Azure Sentinel is the first native SIEM (Security Information and Event Management) within a major cloud platform and states that the product will help you stop threats before they impact your environment.
The goal of Sentinel is to significantly reduce the noise when hunting down intrusions or weaknesses with Microsoft saying that they have seen reductions of up to 90 percent of “alert fatigue” for early adopters of the platform. And because Sentinel is running in Azure, you have the ability to scale up services quickly to scour volumes of data with minimal overhead – the company will let you ingest your Office 365 data into the platform for ‘free’ as well.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
If Sentinel only worked with your Office and cloud data, it wouldn’t be all that effective. Most organizations are in a hybrid-scenario where they have a variety of vendors. To address this, Sentinel supports open standards such as Common Event Format (CEF) and partner connections, including Microsoft Intelligent Security Association partners such as Check Point, Cisco, F5, Fortinet, Palo Alto, and Symantec, as well as ecosystem partners such as ServiceNow.
The idea is to bring as much data as is it can absorb into Sentinel to improve the viability into your own personal security graph.
To help companies further dive into their security graph, Microsoft is also rolling out Threat Experts, a new service within Windows Defender ATP. Think of Sentinal as the AI security solution from Microsoft and Threat Experts as the human-centric approach to help identify exposures.
With Threat Experts and a few clicks of the mouse, Microsoft can take a look at your anonymized security data for threats such as human adversary intrusions, hands-on-keyboard attacks, and advanced attacks like cyberespionage. Think of it this way, when you need a helping hand, Threat Experts is designed to make it a simple process to bring in outside experts for assistance with your security challenges.
Security will continue to be an evergreen challenge for nearly every company. As our dependency on connected-data continues to grow, so will its value to external threats who know that they can have a quick payday by compromising your platform. Microsoft’s goal is to help provide additional layers of security but remember that at the end of the day, you are only as strong as your weakest link.