To help cyber defenders protect against cybersecurity attacks, Microsoft is leveraging its Azure cloud infrastructure and expert cyber defenders for new products.
The first, called Azure Sentinel, aims to help cyber defenders solve complex security problems. It does so by reducing the noise, assisting defenders in narrowing in on real threats instead of wasting time chasing false alarms.
Microsoft says Sentinel’s early adopters witnessed an up to 90 percent reduction in alert fatigue. Further, it helped defenders reduce the time it takes to hunt down a threat from hours to minutes.
Part of the benefit of Sentinel is its flexibility. It supports open standards for monitoring threats, like Common Event Format (CEF), as well as partner connections like Check Point, Cisco and more. Sentinel also allows users to bring their own insights and machine learning tools and incorporate them into threat hunting.
Along with Sentinel, Microsoft is rolling out Microsoft Threat Experts, a service that extends the capabilities of a security operations team.
Threat Experts will allow Microsoft to hunt through anonymized security data for advanced cyber attacks, helping teams prioritize the most significant risks.
The service also offers access to a new ‘Ask a Threat Expert’ button. The button allows a security team to submit questions directly in the product console.
Azure Sentinel is available now in preview through the Azure portal. Those looking to join the public preview of Microsoft Threat Experts can apply in the Windows Defender ATP settings.
Microsoft also released its Security Intelligence Report in an interactive format that you can view here.