Key Takeaways:
- Microsoft has unveiled a unified security operations platform, which integrates tools such as Microsoft Sentinel, Defender XDR, and Copilot for Security into a single solution.
- This platform offers enhanced visibility, automation capabilities, and deeper insights into security incidents.
- Microsoft says that early adopters have reported significant benefits, including up to an 80 percent reduction in security incidents.
Microsoft has launched its new unified security operations platform in public preview for commercial customers. This platform combines essential security tools like Microsoft Sentinel, Defender XDR, and Copilot for Security, offering organizations a streamlined approach to managing and protecting corporate data.
Microsoft’s unified security operations platform has been available in limited preview since November 2023. This platform offers a new analyst experience that provides visibility into exposure, assets, incidents, threat intelligence, and security reporting. It provides robust security capabilities to help customers protect their enterprise environments.
The integration of Microsoft Sentinel and Defender XDR offers several benefits to organizations. It enables security professionals to access an improved reporting experience, deploy automations more effectively, and gain deeper insights from different data sources. Moreover, Microsoft Defender XDR customers can reduce repetitive processes by running custom security orchestration, automation, and response (SOAR) playbooks on security incidents.
Additionally, the unified security operations platform provides customers with a complete view of their attack surface to prevent security breaches. This capability enables them to identify overprivileged access, misconfigurations, software vulnerabilities, and evolving threats more easily. Security teams can also use attack path modeling to prevent unauthorized access to their sensitive data and corporate assets.
Microsoft’s unified security operations platform offers automatic attack disruption capabilities
Microsoft highlights that the platform offers automatic attack disruption capabilities to block business email compromise, ransomware, adversary-in-the-middle, and other sophisticated attacks. Microsoft Defender XDR also helps to mitigate the attacks by isolating the device or disabling a user account.
“During our private preview, customers saw up to an 80% reduction in incidents, with improved correlation of alerts to incidents across Microsoft Sentinel data sources, accelerating triage and response,” said Rob Lefferts, CVP for Microsoft Threat Protection.
Microsoft Copilot for Security accelerates security response
Microsoft Copilot for Security provides comprehensive incident summaries to speed up the investigation process of cybersecurity incidents. It can also help with malware analysis and incident response and provide guided investigations The Copilot for Security tool can also be used to automatically create incident reports.
Overall, Microsoft’s new security operations platform should simplify complex workflows and streamline security operations for businesses. The preview version is only available for customers with a single Microsoft Sentinel workspace and at least one Defender XDR workload deployed. If you want to know more about how to connect your Microsoft Sentinel workplace, we invite you to check out the support page.