Sentinel works only with an Azure subscription to augment existing services such as Azure Security Centre
Microsoft has announced an AI-powered security solution called Sentinel that is designed to integrate with the Azure public cloud platform, to comb for and predict threats from large volumes of data at enterprise scale.
The company announced the platform ahead of the major RSA security conference taking place in San Francisco this week.
Sentinel works only with an Azure subscription, where Microsoft said it will provide a “fully integrated experience in the Azure portal” to augment existing services such as Azure Security Centre and Azure Machine Learning.
Microsoft claimed that by running Sentinel, the company has seen an “overall reduction of up to 90 per cent in alert fatigue” with early adopters, i.e. it is supposedly cutting through the noise and surfacing actual threats rather than false positives.
To put it (perhaps too) crudely, you could think of Sentinel as a Darktrace-a-like for existing Azure customers who want to plump for Azure expertise straight from the source rather than externally, although it will work with third-party providers, such as security and event management vendors, as well as workflow management systems such as System Now.
The idea is that it will provide an “extensible architecture” to “support custom collectors through REST API and advanced queries”, so an organisation’s existing data can feed into Sentinel for better customisation.
However, it’s clear that the product could carve a niche in mostly Microsoft shops: Sentinel can, for example, integrate with Office cloud data such as that pulled from email spam.
Microsoft is promoting Sentinel’s ability to operate at scale, too, as well as the usual messaging about freeing up employee time by automating the dreary tasks.
The company says on the Sentinel website: “Invest in security, not infrastructure setup, and maintenance, [with the] first cloud-native SIEM from a major public cloud provider.
Never again let a storage limit or a query limit prevent you from protecting your enterprise.”
The major cloud players are increasingly touting their security nous as major selling points for their platforms.
Bloomberg notes that Microsoft stressed how it was recently integral in helping finance companies head off hacks that were siphoning money to “foreign bank accounts”, as well as hobbling systems in the process.
The company also announced Microsoft Threat Experts, which is a service that sits in Windows Defender ATP to provide “managed hunting” to “extend the capability of a businesses’ security operations centre team” – looking for indicators of successful attacks within company data.
The announcement fits in with the company’s Enterprise Mobility and Security product for Office 365 productivity apps, which we profiled towards the end of 2017.