Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home SIEM

Microsoft Brings Integrated SIEM and XDR Tools to Defender and Azure Sentinel

Azure Sentinel News Editor by Azure Sentinel News Editor
November 12, 2020
in SIEM, SOC
0
Microsoft Brings Integrated SIEM and XDR Tools to Defender and Azure Sentinel
2.9kViews

Microsoft believes that SOC teams can benefit from using deeply integrated SIEM and XDR solutions. At its Ignite conference in September, Microsoft announced changes aimed at bringing the best-integrated experience, covering a broad range of devices and workloads.

Microsoft Threat Protection is renamed Microsoft 365 Defender

At its Ignite conference in September, Microsoft announced a serious of branding changes for Microsoft Defender. Defender is Microsoft’s extended detection and response (XDR) solution for Windows and all major OSes, identities, cloud apps, email, and documents. Microsoft announced the following name changes:

  • Microsoft 365 Defender (previously Microsoft Threat Protection)
  • Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
  • Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
  • Microsoft Defender for Identity (previously Azure Advanced Threat Protection)

Microsoft made some bold claims, stating that Microsoft 365 defender was used in a test to consolidate 1,000 alerts down to only 40 high-priority incidents. Using artificial intelligence (AI) and self-healing capabilities, 365 Defender can provide full automation more than 70% of the time, so that security operations center (SOC) staff can better use their time and skills.

In addition to the name changes, Microsoft 365 Defender is now generally available on Android and in preview on iOS. Threat and vulnerability management is also now available for macOS in preview. It allows organizations to continuously detect vulnerabilities on macOS so that remediation can be prioritized.

Priority Account Protection

A new feature called Priority Account Protection in Microsoft Defender for Office 365 lets security teams protect critical and privileged accounts from phishing attacks. IT can be used to create customized workflows for these accounts for additional protection.

Licensing

The following licenses provide customers access to Microsoft 365 Defender:

  • Microsoft 365 E5 or A5
  • Microsoft 365 E5 Security or A5 Security
  • Windows 10 Enterprise E5 or A5
  • Enterprise Mobility + Security (EMS) E5 or A5
  • Office 365 E5 or A5
  • Microsoft Defender Advanced Threat Protection
  • Azure Advanced Threat Protection
  • Microsoft Cloud App Security
  • Office 365 Advanced Threat Protection (Plan 2)

Azure Defender comes to the Azure Security Center

Now part of the Azure Security Center, Azure Defender provides XDR capabilities for protecting multi-cloud and hybrid workloads. Azure Defender can be used to protect virtual machines (VM), databases, containers, IoT, and other cloud and on-premises workloads. Microsoft announced the following name changes at Ignite:

  • Azure Defender for Servers (previously Azure Security Center Standard Edition)
  • Azure Defender for IoT (previously Azure Security Center for IoT)
  • Azure Defender for SQL (previously Advanced Threat Protection for SQL)

As with Microsoft 365 Defender, new features were also announced that will be part of Azure Defender. SOC teams will get a new unified approach for identifying and mitigating unprotected resources. The new method will make it easier to see which resources are protected and those that are vulnerable. There’s additional protection for SQL servers and VMs located in non-Azure clouds. There’s also better protection for containers, like Kubernetes-level policy management and continuous monitoring of container images in container registries.

Image #1

Microsoft Brings Integrated SIEM and XDR Tools with Defender and Azure Sentinel (Image Credit: Microsoft)

Support for CyberX is coming to IoT workloads

Finally, support for CyberX is coming to IoT workloads. Microsoft purchased CyberX earlier in 2020. It lets customers create a digital map of their IoT assets across a factory floor or within a building and gather information about the devices and vulnerabilities.

Azure Sentinel gets simplified threat intelligence and management

The information from Microsoft 365 Defender and Azure Defender feeds into Azure Sentinel, Microsoft’s cloud-native security information and event management (SIEM) product. But Sentinel is also getting some new features of its own. New entity behavior analytics will make it easier for SOC teams to diagnose compromised accounts and malicious insiders.

Image #2

Microsoft Brings Integrated SIEM and XDR Tools with Defender and Azure Sentinel (Image Credit: Microsoft)

Lastly, Microsoft has added the ability to search, add, and track threat indicators, perform threat intelligence lookups, and create watchlists. You can find more information about the changes to Sentinel on Microsoft’s website here.

Reference: https://petri.com/microsoft-brings-integrated-siem-and-xdr-tools-with-defender-and-azure-sentinel

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

What’s new: Microsoft Teams connector in Public Preview
SIEM

Changes in How Running Hunting Queries Works in Azure Sentinel

February 11, 2021
Microsoft suspends 18 Azure accounts tied to China-based hackers
SIEM

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

February 8, 2021
With new release, CrowdStrike targets Google Cloud, Azure and container adopters
SIEM

How to Setup a Managed Identity for the Azure Sentinel Logic App Connector

January 21, 2021
Next Post
Understanding How Azure Sentinel and Entity Behavior Analytics Deliver Actionable Intelligence

Understanding How Azure Sentinel and Entity Behavior Analytics Deliver Actionable Intelligence

A Deep Dive Into How to Use Azure Sentinel

A Deep Dive Into How to Use Azure Sentinel

Auditing Azure Sentinel activities

Auditing Azure Sentinel activities

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

Azure Sentinel To-Go (Part2): Integrating a Basic Windows Lab 🧪 via ARM Templates 🚀

Azure Sentinel To-Go (Part2): Integrating a Basic Windows Lab 🧪 via ARM Templates 🚀

5 months ago
Wipro launches advanced cloud SOC services using Microsoft Azure Sentinel

Azure Sentinel Rare Occurrences Incidents Generated After Setup

2 months ago
Monitoring your Logic Apps Playbooks in Azure Sentinel

Monitoring your Logic Apps Playbooks in Azure Sentinel

5 months ago
Guided UEBA Investigation Scenarios to empower your SOC

Guided UEBA Investigation Scenarios to empower your SOC

5 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

New Items of Note on the Azure Sentinel GitHub Repo

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Trending

What’s new: Microsoft Teams connector in Public Preview
AI & ML

Azure Sentinel Weekly Newsletter

by Azure Sentinel News Editor
March 1, 2021
0

I’ve sensed this for a while now, but a few days ago it really hit me —...

What’s new: Microsoft Teams connector in Public Preview

How to Generate Azure Sentinel Incidents for Testing

February 26, 2021
What’s new: Microsoft Teams connector in Public Preview

Azure Sentinel Notebooks Loses It’s Preview Tag

February 25, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

February 22, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • Azure Sentinel Weekly Newsletter March 1, 2021
  • How to Generate Azure Sentinel Incidents for Testing February 26, 2021
  • Azure Sentinel Notebooks Loses It’s Preview Tag February 25, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News