Microsoft launches cloud-native security management tool Azure Sentinel
The SIEM tool will harness AI to reduce 'alert fatigue' for security teams
Microsoft has announced a new inbuilt security information and event management (SIEM) tool for its Azure cloud customers, which promises to use AI to slash the number of alerts that security teams need to respond to.
The new tool, dubbed 'Azure Sentinel', will help infosec professionals monitor and defend their cloud environments by collating all of their security logs and threat data in one place. As well as information from Office 365 and Azure, customers will be able to process data from partners such as F5 Networks, Cisco, Palo Alto Networks, Symantec, Fortinet and more, including partners outside the security sector.
Unsurprisingly, Microsoft is touting the speed and scale that the cloud can offer as one of the biggest benefits of this service, promising it allows customers to "invest your time in security and not servers". In a blog post announcing the new product, the corporate vice president of Microsoft's Cybersecurity Solutions Group Ann Johnson boasted that early adopters of the product have seen up to 90% reductions in 'alert fatigue' - although she neglected to mention how this was measured.
"Azure Sentinel is the product of Microsoft's close partnership with customers on their journey to digital transformation," Johnson wrote "We worked hand in hand with dozens of customers and partners to rearchitect a modern security tool built from the ground up to help defenders do what they do best - solve complex security problems. Early adopters are finding that Azure Sentinel reduces threat hunting from hours to seconds."
While other companies like Splunk and Sumo Logic have previously unveiled cloud-based SIEM tools, Microsoft says that it's the first major cloud provider to offer one as an integrated part of its portfolio.
Azure Sentinel is currently available in preview via the Azure portal; the product is currently free to use, with future pricing to be announced at a later date. Microsoft has also said that there may be additional charges for automation workflows, machine learning model customisation and data ingestion, importing Office 365 data will be free.
The company also announced a tool that allows customers to call in the cavalry in the event of a security crisis. Microsoft Threat Experts, a new capability which will be introduced to Windows Defender ATP, allows customers to call on the expertise of Microsoft's own security specialists, who will scour your (anonymised) security data to identify the most pressing threats to your organisation.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Customers can apply to join the service through their Windows Defender ATP settings and once approved, can access it via a button in the console labelled 'Ask a Threat Expert'.
Adam Shepherd has been a technology journalist since 2015, covering everything from cloud storage and security, to smartphones and servers. Over the course of his career, he’s seen the spread of 5G, the growing ubiquity of wireless devices, and the start of the connected revolution. He’s also been to more trade shows and technology conferences than he cares to count.
Adam is an avid follower of the latest hardware innovations, and he is never happier than when tinkering with complex network configurations, or exploring a new Linux distro. He was also previously a co-host on the ITPro Podcast, where he was often found ranting about his love of strange gadgets, his disdain for Windows Mobile, and everything in between.
You can find Adam tweeting about enterprise technology (or more often bad jokes) @AdamShepherUK.