Microsoft has announced a new inbuilt security information and event management (SIEM) tool for its Azure cloud customers, which promises to use AI to slash the number of alerts that security teams need to respond to.
The new tool, dubbed ‘Azure Sentinel’, will help infosec professionals monitor and defend their cloud environments by collating all of their security logs and threat data in one place. As well as information from Office 365 and Azure, customers will be able to process data from partners such as F5 Networks, Cisco, Palo Alto Networks, Symantec, Fortinet and more, including partners outside the security sector.
Unsurprisingly, Microsoft is touting the speed and scale that the cloud can offer as one of the biggest benefits of this service, promising it allows customers to “invest your time in security and not servers”. In a blog post announcing the new product, the corporate vice president of Microsoft’s Cybersecurity Solutions Group Ann Johnson boasted that early adopters of the product have seen up to 90% reductions in ‘alert fatigue’ – although she neglected to mention how this was measured.
“Azure Sentinel is the product of Microsoft’s close partnership with customers on their journey to digital transformation,” Johnson wrote “We worked hand in hand with dozens of customers and partners to rearchitect a modern security tool built from the ground up to help defenders do what they do best – solve complex security problems. Early adopters are finding that Azure Sentinel reduces threat hunting from hours to seconds.”
While other companies like Splunk and Sumo Logic have previously unveiled cloud-based SIEM tools, Microsoft says that it’s the first major cloud provider to offer one as an integrated part of its portfolio.
Azure Sentinel is currently available in preview via the Azure portal; the product is currently free to use, with future pricing to be announced at a later date. Microsoft has also said that there may be additional charges for automation workflows, machine learning model customisation and data ingestion, importing Office 365 data will be free.
The company also announced a tool that allows customers to call in the cavalry in the event of a security crisis. Microsoft Threat Experts, a new capability which will be introduced to Windows Defender ATP, allows customers to call on the expertise of Microsoft’s own security specialists, who will scour your (anonymised) security data to identify the most pressing threats to your organisation.
Customers can apply to join the service through their Windows Defender ATP settings and once approved, can access it via a button in the console labelled ‘Ask a Threat Expert’.