Microsoft wants to improve security teams’ ability to detect and respond to threats at scale. The company announced Microsoft Azure Sentinel and Microsoft Threat Experts to reduce noise, false alarms, and time-consuming tasks.
“Cybersecurity is about people. The frontline defenders who stand between the promise of digital transformation and the daily reality of cyber-attacks need our help. At Microsoft, we’ve made it our mission to empower every person and organization on the planet to achieve more,” wrote in a post.
According to the company, too many teams are wasting time chasing down false alarms when they could be investigating and working on complex cases. By 2021, Cybersecurity Ventures predicts there will be 3.5 million cybersecurity job openings, and not enough people to fill them, Microsoft explained.
Azure Sentinel and Threat Experts are two cloud-based technologies that aim to leverage the cloud and artificial intelligence to address the growing skills gap. According to the company, Azure Sentinel has been able to reduce threat hunting from hours to seconds. It supports open standards like Common Event Format and includes partner connections from Check Point, Cisco, F5 and Symantec. Users can also include their own insights and collaborate with a community of security researchers. The solution is available as a preview today. Other features include ability to collect data at cloud scale, detect previously uncovered threats, investigate threats with AI, hunt suspicious activities at scale, and respond with built-in orchestration and automation.
“Previously, we had an on-premises solution to help us deal with security events. The problem with these fixed solutions is you are always trying to guess how much capacity, how much scale you need,” Eric Doerr, general manager of the Microsoft Security Response Center, said in a video. “We set out to reimagine the solution using an AI and born in the cloud. Because the cloud is inherently more flexible and more scalable. Azure Sentinel unleashes the power of you analysts to go find real issues at the fraction of the costs.”
Microsoft Threat Experts is a service within the company’s Windows Defender ATP solution designed to provide managed hunting capabilities and tackle human adversary intrusions, hands-on-keyboard attacks and more advanced attacks like cyber espionage. According to Microsoft, this will help teams prioritize more critical risks and respond better. The service also features an ask a threat expert capability, which teams can submit questions directly to. Microsoft Threat Experts is currently in public preview.
“There are no easy answers or silver bullets for security, however the cloud is unlocking new capabilities. This is why we are putting the cloud and AI to work to extend and empower the defenders whose unique human insights are key to avoiding cyber threats,” Johnson wrote.