Microsoft Corp. announced two new cyber security services on Thursday, ahead of the RSA Conference taking place in San Francisco.
The vendor introduced Azure Sentinel, which it describes as a cloud-native security information and event management (SIEM) tool, which uses artificial intelligence (AI) to reduce security alerts. For firms that are still feeling short-staffed in the effort to stay on top of security alerts, Microsoft is offering its own team to supply expertise through its Microsoft Threat Experts service.
During a web conference broadcast to press, Corporate Vice-President of Communications Frank X. Shaw underlined Microsoft’s investments in security – about $1 billion annually – and related an example of how Microsoft helps clients fend off sophisticated attackers. Microsoft assisted a financial organization in defending against a state-sponsored group, he said, one that deployed destructive malware after being discovered.
“The most valuable assets in cyber security are still experienced defenders,” he said. “It is the cloud that allows us to take all our signal intelligence and help our customers be more secure.”
Microsoft processes hundreds of billions of authentications a month using Active Directory. It also has the attack signal data from Windows (6.5 billion signals a day in this area alone, Shaw says), Microsoft 365, and Xbox to build threat profiles.
With all that data, Microsoft has come to a simple conclusion.
“There are simply not enough defenders to keep pace with the economic opportunity that cyber crime offers,” says Ann Johnson, corporate vice-president of cyber security solutions at Microsoft. “They often spend their days chasing down false alarms instead of what they do best, tracking down and investigating true cyber crimes.”
With the cloud-based SIEM comes the promise of automation, with Microsoft saying it can automate up to 80 per cent of the tasks defenders are spending time on today. The advantage of operating a SIEM in the cloud, Microsoft says, is that analysts can concentrate on defending against threats instead of spending time applying patches and updates.
Users will be able to import Microsoft Office 365 data for free, analyzing it along with their other security data. Azure Sentinel supports open standards, including Common Event Format. It also has partner connections with many security vendors, including Check Point, Cisco, F5, Fortinet, Palo Alto, and Symantec. Users can import their own data for analysis and even create their own machine learning algorithms to help protect their specific environment.
Microsoft Threat Experts is offered under the Windows Defender ATP umbrella. It sends in hunters through anonymized security data seeking threats. Expertise is also available on-demand, when users press the “Ask a Threat Expert” button, allowing questions to be submitted directly through the product console.
“Experts provide the insight that our customers need to react to alerts,” Johnson says. “We are empowering defenders and SecOp teams to take advantage of Microsoft’s unique industry experience.”
Both Azure Sentinel and Microsoft Threat Experts services are available in preview today. Microsoft did not share pricing details.