Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home Security and Compliance

Looking Back at Microsoft Ignite 2019 – Tech Intensity, End to End Security and AI

Azure Sentinel News Editor by Azure Sentinel News Editor
November 25, 2020
in Security and Compliance
0
O365 & AAD Multi-Tenant Custom Connector – Azure Sentinel
5.0kViews
397 Shares Share on Facebook Share on Twitter

Microsoft hosted their annual flagship Ignite conference in Orlando Florida in early November. The event attracted over 30,000 attendees and consists of over 1800 sessions across a wide range of topics such as DevOps, coding, identity, security and many product deep dives. Among the headlines, the main trends and talking points were on technical advancements, security additions and company strategies.

Tech Intensity

The theme of “Tech Intensity” consists of the Microsoft formula of Tech Adoption x Tech Capability ^ Trust. As their driver is “to make every company a tech company” this means an organization must be able to adopt technology quickly – either using off the shelf products or by creating your own.

You also need to have the capability to handle that technology adoption – whether that is through internal development teams who can utilize the latest features, or by being able to support and operationalizing it, all with the context that your business/organization trusts in your ability to deliver.

Being a technology company, their focus is naturally on technology to drive change. I do wonder if the drive is to help change businesses, then maybe we should widen the definition and amend the formula slightly: Tech intensity = ((Tech Adoption x Tech Capability) + (Business Change Capability)) ^ Trust

I doubt Satya will copy this, but if he does you saw it first here.

Security Announcements

Security was a huge topic all week, after Microsoft spent over $1 Billion on security last year. In recent years they have been investing heavily in this area and this is evident in their end-to-end security architecture across their eco-system of products (Identity, Device Management, Digital Rights Management, Data, Applications).

A number of their products are industry leading in Gartner top right quadrant:

  • Microsoft Cloud App Security their Cloud Access Security Broker (CASB) product
  • Windows Defender ATP in Endpoint Protection
  • Identity Access Management Solution (Active Directory, Azure Active Directory)
  • Meeting Solutions (Skype & MS Teams)
  • Information Archiving 

Among the products to watch, I was impressed by the announcement of Azure Sentinel, the Microsoft cloud native SIEM and SOAR. The SIEM function is fully integrated with a wide number of Microsoft products and they offer free Office 365 data ingestion (it is not quite free, as you do need to pay for log storage and probably other costs).

They also allow a number of third party connectors to well-known vendors like Cisco, Palo Alto, AWS, F5 Networks so you can get data from other products. This looks like a direct competitor to the companies such as Splunk, ArcSight and Log Rhythm.

It also acts as a SOAR (Security Orchestration, Automation and Response) and this is where things get interesting. In one of the workshops I attended they used products like Power Automate (previously Flow) to automatically block IP address and domain names on the Palo Alto Firewall. They also showed the integrations between Windows Defender ATP and Azure Sentinel. This is not new in the industry with McAfee’s Open DXL platform, and Splunk’s Phantom product to name others.

This does have some great potential and definitely one to watch going forward, because of its high integrated nature across the Microsoft product stack.

Also worth mentioning is the Microsoft Intelligent Security Graph, the API service allows you to access the data in your environment and build your own custom reports/dashboards on any security events in the environment. Especially how they are integrating it with their reporting tool PowerBI.

Another notable product was Azure Arc. This is designed to extend management and security from the Azure cloud management console across servers (Windows and Linux), multiple clouds, containers, databases and other resources all in a consistent manner.

One of the current challenges for staff is the management across multiple clouds. The key aim of this is to simplify that management by controlling it all from the Azure console. Giving the ability to define role-based access to resources in the Azure Portal and assign that to devices/infrastructure running in other clouds or on premise. This could potentially be a big win for operations teams struggling with security and compliance.

Democratizing AI and Empowering Users

One of the key themes was the concept of making Artificial Intelligence (AI) simple and accessible to all users and empowering them to create products. There were a number of sessions that gave examples of using AI with the cognitive services like form recognition and using their Power Platform, which allows users to create custom applications and then perform triggers between them – empowering the business user to create their own workflows and products applying AI to them.

This is great, but also creates a shadow IT support headache: if a user has created a solution that becomes key to the business and support are unaware – in the event that it breaks whilst they are on holiday, or the user leaves and the call comes into the helpdesk – both sides will be stuck. This is a difficult one to manage because you do not want to stifle innovation, but equally need the support structure in place hence their concept of Tech Intensity.

Project Cortex

If you are an Office 365 user, Microsoft are automatically applying AI to enhance your experience. You may have seen services like MyAnalytics sending you reports. The aim is to help your organization work smarter.

The immediate question that sprang to mind for many was around privacy of company data. During the presentation they repeatedly promised that your data stays your data, and they do not use it for anything else. One of the examples given was where Bing searches both your internal data and then external results: if there is an acronym or project name used in an email it can automatically build a knowledgebase of those, provide the names of the individuals who are most likely to know about that term and suggest documents to read.

Care and attention will be needed here as this is rolled out. Sensitive internal projects, keywords or team members could be easily searched for if the correct permissions have not been applied.

For those of us who previously viewed Microsoft’s security products with caution, there is a definite concerted effort to reverse that and increase their brand reputation and product capabilities. Their strategy to integrate all of their products looks like it is having definite commercial and end user advantages.

Centralized logging and monitoring, ease of automation, integration of AI – all with a security backdrop shows how the individual project teams seem to be coming together. It is clear that security is a major focus and that can only be good for us as consumers.

Reference: https://www.infosecurity-magazine.com/blogs/microsoft-ignite-security-ai/

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

Vectra AI and Microsoft partner on security integration
Security and Compliance

Replay Now Available – Microsoft Security Insights 036: Azure Sentinel with Rod Trent

February 8, 2021
What’s new: Microsoft Teams connector in Public Preview
Security and Compliance

eBook Available for Managing Azure Sentinel with PowerShell

January 6, 2021
Microsoft is quietly becoming a cybersecurity powerhouse
Security and Compliance

Official Azure Sentinel PowerShell Module Released

January 4, 2021
Next Post
Watching the Watchers: Monitoring Azure Sentinel Query Activity for Malicious Activity.

Securing Remote Virtual Machines Using Azure Bastion

Insight Recognized as a Microsoft Security 20/20 Partner Award Winner for Azure Security Deployment Partner of the Year

Remote State Management with Terraform Cloud

Azure Stack and Azure Arc for data services from Blog Posts – SQLServerCentral

Cloud-based Supercomputer Accelerates COVID-19 Drug Discovery

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

Improve security with Azure Sentinel, a cloud-native SIEM and SOAR solution

How to Connect Crowdstrike to Azure Sentinel

2 months ago
Microsoft announces security, identity, management, and compliance updates across Azure and Office

Ingestion Cost Alert Playbook

2 months ago
BDO Expands its Managed Detection and Response Capabilities to Support Microsoft Azure Sentinel Clients and Becomes a Microsoft Intelligent Security Association Member

BDO Expands its Managed Detection and Response Capabilities to Support Microsoft Azure Sentinel Clients and Becomes a Microsoft Intelligent Security Association Member

3 months ago
Microsoft is quietly becoming a cybersecurity powerhouse

Combining Azure Lighthouse with Sentinel’s DevOps capabilities

2 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

Replay Now Available – Microsoft Security Insights 036: Azure Sentinel with Rod Trent

Understanding the Little Blue Permissions Locks in Azure Sentinel Data Connectors

Trending

Microsoft’s newest sustainable datacenter region coming to Arizona in 2021
IR

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

by Azure Sentinel News Editor
February 22, 2021
0

The Azure Sentinel product group continues to crank out new Data Connector after new Data Connector. There...

Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

February 17, 2021
What’s new: Microsoft Teams connector in Public Preview

New Search Capability for Azure Sentinel Incidents

February 16, 2021
With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

February 16, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting February 22, 2021
  • New Items of Note on the Azure Sentinel GitHub Repo February 18, 2021
  • Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation February 17, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News