Microsoft has recently announced new capabilities in automation and artificial intelligence (AI) designed to provide cloud-based protection to organisations’ cybersecurity defences.
These capabilities centre around Microsoft Threat Protection, Azure Sentinel, and Insider Risk Management.
According to Microsoft’s Cybersecurity Solutions Group corporate vice president Ann Johnson, organisations can ‘turn the tide’ in cybersecurity by using the cloud and the right mix of human and AI intelligence.
“Cybersecurity always comes down to people – good and bad. Our optimism is grounded in our belief in the potential for good people and technology to work in harmony to accomplish amazing things. After years of investment and engineering work, the data now shows that Microsoft is delivering on the potential of AI to enable defenders to protect data and manage risk across the full breadth of their digital estates,” says Johnson.
Microsoft adds that its AI-enabled security solutions are trained on 8 trillion daily threat signals, as well as 3500 human security experts. These solutions are now able to automate 97% of tasks that took up human defenders’ time two years ago.
Microsoft Threat Protection uses automation and AI to monitor for threats across applications, emails, and endpoints. It also uses identity protection as one of its core components, which means it is designed for Zero Trust.
“Microsoft Threat Protection breaks down security silos so security professionals can automatically detect, investigate and stop coordinated multi-point attacks. It weeds out the unimportant and amplifies signals that might have been missed, freeing defenders to work on the incidents that need their attention,” explains Johnson.
The solution builds on the core Microsoft Defender Advanced Threat Protection for endpoint security. Microsoft Defender Advanced Threat Protection is also generally available across Windows, Linux, and macOS. Microsoft plans to develop the solution for iOS and Android in future.
The Azure Sentinel platform now has two separate additional capabilities. The first is a new Sentinel connector for IoT, which allows organisations to onboard data from Azure IoT Hub-managed deployments into Azure Sentinel.
“Customers can now monitor alerts across all IoT Hub deployments along with other related alerts in Azure Sentinel, inspect and triage IoT incidents, and run investigations to track an attacker’s lateral movement within their enterprise,” explains Microsoft principal group program manager Sarah Fender and partner director program manager Eliav Levi.
The second Azure Sentinel Capability allows organisations to import AWS CloudTrail Logs into Azure Sentinel at no additional cost for a limited time (February-April 2020).
Insider Risk Management, part of Microsoft 365, allows organisations to solve a problem without the need for agents or ingestions. It is now generally available and is rolling out to customers’ tenants.