AttackIQ announced its integration between the Microsoft Azure Sentinel cloud-native security information and event manager (SIEM) platform and the AttackIQ Security Optimization Platform.
Microsoft was a founding member of AttackIQ’s Preactive Security Exchange (PSE), an objective and trusted program that enables security vendors to validate the efficacy of their products and identify security gaps.
Launched in August, the PSE already has dozens of leading security companies as partners, including BlackBerry, Cisco, CheckPoint, Illumio, LogRhythm, McAfee, Microsoft, Palo Alto Networks, RSA, SentinelOne, and TrendMicro.
“We’re delighted to announce AttackIQ’s integration with Microsoft Azure Sentinel, and the opportunity to enable Azure Sentinel users to test and validate their detection pipeline and ultimately fine-tune security processes across their organization,” said Dariush Afshar, VP of Platform & Business Development, AttackIQ.
“With our integration with Azure Sentinel, Microsoft customers now have another powerful tool for optimizing their security investments, whether that be their Microsoft 365 Defender investments like Microsoft Defender for Endpoint, or third-party security products – such as nextgen firewall – that feed Azure Sentinel.”
“Microsoft Azure Sentinel offers customers a robust platform for log aggregation, detection, and alerting while the AttackIQ platform enables customers to measure the performance of those capabilities and improve that performance over time,” said Eric Burkholder, Senior Program Manager, Azure Sentinel.
The security optimization capabilities of the AttackIQ platform provide Azure Sentinel users with essential tools to increase effectiveness of detection and investigation pipelines.
The platform utilizes the MITRE ATT&CK database of known attacker tactics, techniques and procedures (TTPs) to help customers assess the ability of their security stack to prevent, detect and contain real-world threats. Security teams are able to:
- Confirm events are detected and/or prevented by deployed security technologies
- Confirm that detection and prevention messages are properly forwarded to Azure Sentinel
- Test built-in and custom queries and alert rules
- Exercise the actions defined in Azure Sentinel Playbooks
The Azure Sentinel SIEM integrates with the AttackIQ Security Optimization Platform to verify detection pipelines and detection logic, which help security teams focus on finding threats quickly.
It operates by using machine learning models trained on trillions of daily signals and allowing customers to optimize for their own needs with tailored detections and threat intelligence.
Reference: https://www.helpnetsecurity.com/2020/10/28/attackiq-microsoft-azure-sentinel/
