Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home SIEM

Making Security More Intelligent, Microsoft Releases Azure Sentinel

Azure Sentinel News Editor by Azure Sentinel News Editor
November 16, 2020
in SIEM, SOC
0
Making Security More Intelligent, Microsoft Releases Azure Sentinel
1.3kViews

In a recent blog post, Microsoft announced further investments to its intelligent security offerings in the form of a Security Information and Event Management (SIEM) product called Azure Sentinel. SEIMs are used by security professionals as a data store that is capable of aggregating security events from logs across a variety of systems, including servers, firewalls, routers, switches and end-user computing devices. Azure Sentinel is a platform service that includes artificial intelligence and machine learning to reduce the burden of traditional SIEMs by eliminating the need to maintain infrastructure and reducing alert fatigue by providing prescriptive guidance on emerging threats.

Organizations are struggling with maintaining proactive security practices. Microsoft feels they can address this growing problem with Azure Sentinel. Eliav Levi, director of product management at Microsoft, explains:

SecOps teams are inundated with a very high volume of alerts and spend far too much time on tasks like infrastructure setup and maintenance. As a result, many legitimate threats go unnoticed. An expected, shortfall of 3.5M security professionals by 2021 will further increase the challenges for security operations teams. You need a solution that empowers your existing SecOps team to see the threats clearer and eliminate the distractions.

Microsoft is able to analyze signals from a variety of locations and can scale to address the needs of enterprise customers. Koby Koren, senior product manager at Microsoft, explains how this is possible:

Azure Sentinel works by correlating the security logs and signals from all sources across your apps, services, infrastructure, networks, and users, whether they reside on-premises in Azure or any other cloud. Our built-in AI leverages Microsoft threat intelligence that analyzes trillions of signals every day.  And our machine learning models refined through decades of security experience filter through the noise from alerts, drilling into it analyzing thousands of anomalous events, to return a view of threats that really require your attention.

For several years, companies have been exporting their cloud data from Office 365 and Azure and ingest it into their on-premises SIEM tools. However, this approach has created operational challenges for these organizations. Maarten Goet, a Microsoft regional director, explains:

In the past years, enterprises would hook up the alerts that Microsoft security solutions were generating and forward them back to their on-premise SIEM solution as part of their cloud security strategy. But they are struggling to keep pace with the increasing volume and variety of data they process. Unhappy users complained about the inability of their SIEMs to scale and the volume of alerts they must investigate. Azure Sentinel is a central place to analyze your security data, across all parts of your environment. Cloud security solutions like Azure Sentinel are set to disrupt the Security Operations Center (SOC).

Azure Sentinel is able to ingest events from several Microsoft and non-Microsoft platforms, including: Azure AD Identity Protection, Microsoft Cloud Application Security, Azure Security Center, Microsoft Graph Security API, DNS, Syslog and third party telemetry including F5, Palo Alto Networks, Checkpoint, and Cisco ASA.

Image source: (screenshot) https://www.youtube.com/watch?v=XXZp6LQZSJU

Microsoft wants to reduce the amount of noise that security analysts face while improving the accuracy of alerts. To address these requirements, Azure Sentinel uses AI to triage alerts and perform correlation across many different products and services. Levi explains why they have deeply invested in AI and ML technologies:

Azure Sentinel uses state of the art, scalable machine learning algorithms to correlate millions of low fidelity anomalies to present a few high fidelity security incidents to the analyst. ML technologies will help you quickly get value from large amounts of security data you are ingesting and connect the dots for you. For example, you can quickly see a compromised account that was used to deploy ransomware in a cloud application. This helps reduce noise drastically, in fact we have seen an overall reduction of up to 90 percent in alert fatigue during evaluations.

Image source: https://azure.microsoft.com/en-us/blog/introducing-microsoft-azure-sentinel-intelligent-security-analytics-for-your-entire-enterprise/

Once threats have been detected, security analysts can use the case management features of Azure Sentinel to review, triage and prioritize incidents across a SOC team. Playbooks can be established and maintained based upon Jupyter notebooks so that teams can maintain consistent and automated processes to address cyber threats.

Image source: (screenshot) https://www.youtube.com/watch?v=XXZp6LQZSJU

Additional automation opportunities exist, through the use of Azure Logic Apps, a cloud-based workflow platform, which includes an out-of-box connector that allows developers to listen for Azure Sentinel events. Azure Logic Apps can then orchestrate a business process which can include creating incidents in ServiceNow, communicating with team members over Microsoft Teams and performing proactive security measures such as disabling users in Azure AD or blocking firewall IP addresses.

Image source: (screenshot) https://www.youtube.com/watch?v=XXZp6LQZSJU

Reference: https://www.infoq.com/news/2019/03/Microsoft-Azure-Sentinel/

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

What’s new: Microsoft Teams connector in Public Preview
SIEM

Changes in How Running Hunting Queries Works in Azure Sentinel

February 11, 2021
Microsoft suspends 18 Azure accounts tied to China-based hackers
SIEM

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

February 8, 2021
With new release, CrowdStrike targets Google Cloud, Azure and container adopters
SIEM

How to Setup a Managed Identity for the Azure Sentinel Logic App Connector

January 21, 2021
Next Post
Open Systems Augments its Cybersecurity Capabilities With Acquisition of Leading Microsoft Azure Sentinel Expert

Open Systems Augments its Cybersecurity Capabilities With Acquisition of Leading Microsoft Azure Sentinel Expert

ForgeRock Joins Microsoft Intelligent Security Association

ForgeRock Joins Microsoft Intelligent Security Association

Wipro Announces Advanced Cloud SOC Service Powered by Microsoft Azure Sentinel

Wipro Announces Advanced Cloud SOC Service Powered by Microsoft Azure Sentinel

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

Mimecast® Email Security for Azure Sentinel is now available in the Microsoft Azure Marketplace

The Insight and Microsoft partnership offers clients access to powerful IoT solutions, cloud capabilities and managed services

3 months ago
What’s new: Microsoft Teams connector in Public Preview

What’s new: SOC operational metrics now available in Azure Sentinel

3 months ago
CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services

What’s new: Monitoring your Logic Apps Playbooks in Azure Sentinel

3 months ago
Open Systems Augments its Cybersecurity Capabilities With Acquisition of Leading Microsoft Azure Sentinel Expert

Automating the onboarding on-premises, AWS and GCP VMs on Sentinel with Azure Arc

2 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

New Items of Note on the Azure Sentinel GitHub Repo

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Trending

What’s new: Microsoft Teams connector in Public Preview
AI & ML

Azure Sentinel Weekly Newsletter

by Azure Sentinel News Editor
March 1, 2021
0

I’ve sensed this for a while now, but a few days ago it really hit me —...

What’s new: Microsoft Teams connector in Public Preview

How to Generate Azure Sentinel Incidents for Testing

February 26, 2021
What’s new: Microsoft Teams connector in Public Preview

Azure Sentinel Notebooks Loses It’s Preview Tag

February 25, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

February 22, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • Azure Sentinel Weekly Newsletter March 1, 2021
  • How to Generate Azure Sentinel Incidents for Testing February 26, 2021
  • Azure Sentinel Notebooks Loses It’s Preview Tag February 25, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News