Announcing new cloud-based technology
to empower cyber defenders
Cybersecurity is about people. The frontline defenders who stand between the promise of digital transformation and the daily reality of cyber-attacks need our help. At Microsoft, we’ve made it our mission to empower every person and organization on the planet to achieve more. Today that mission is focused on defenders. We are unveiling two new cloud-based technologies in Microsoft Azure Sentinel and Microsoft Threat Experts that empower security operations teams by reducing the noise, false alarms, time consuming tasks and complexity that are weighing them down. Let me start by sharing some insight into the modern defender experience.
Every day Microsoft security professionals help organizations respond to threats at scale and through targeted incident response. In one recent example from the latest Security Intelligence Report, Microsoft experts were called in to help several financial services organizations deal with attacks launched by a state-sponsored group that had gained administrative access and executed fraudulent transactions, transferring large sums of cash into foreign bank accounts. When the attack group realized they had been detected, they rapidly deployed destructive malware that crippled the customers’ operations for several days. Microsoft experts were on site within hours, working around the clock with the customers’ security teams to restore normal business operations.
Incidents like this are a reminder that many defenders are overwhelmed by threats and alerts – often spending their days chasing down false alarms instead of investigating and solving complex cases. Compounding the problem is a critical shortage of skilled cyber defenders, with an estimated shortfall of 3.5 million security professionals by 2021. With today’s announcements we are unlocking the power of the cloud and AI for security to do what they do best—reason over vast amounts of security signal, spot anomalies and bring global scale to highly trained security professionals.
Azure Sentinel is the product of Microsoft’s close partnership with customers on their journey to digital transformation. We worked hand in hand with dozens of customers and partners to rearchitect a modern security tool built from the ground up to help defenders do what they do best – solve complex security problems. Early adopters are finding that Azure Sentinel reduces threat hunting from hours to seconds.
Corey McGarry, Senior Technical Specialist, Enterprise Operations, Tolko Industries, Ltd., told me, “After using Microsoft Azure Sentinel for six months, it has become a go-to resource every morning. We get a clear visual of what’s happening across our network without having to check all our systems and dashboards individually. I haven’t seen an offering like Microsoft Azure Sentinel from any other company.”
Azure Sentinel supports open standards such as Common Event Format (CEF) and broad partner connections, including Microsoft Intelligent Security Association partners such as Check Point, Cisco, F5, Fortinet, Palo Alto and Symantec, as well as broader ecosystem partners such as ServiceNow. You can even bring your own insights and collaborate with a diverse community of defenders. Azure Sentinel blends the insights of Microsoft experts and AI with the unique insights and skills of your own in-house defenders and machine learning tools to uncover the most sophisticated attacks before they take root. Azure Sentinel helps empower SecOps teams to keep their organizations safe by harnessing the power, simplicity and extensibility of Azure to analyze data from Microsoft 365 and security solutions from other vendors. Azure Sentinel is available in preview today from the Azure portal.
There are no easy answers or silver bullets for security, however the cloud is unlocking new capabilities. This is why we are putting the cloud and AI to work to extend and empower the defenders whose unique human insights are key to avoiding cyber threats. Azure Sentinel and Microsoft Threat Experts are two new capabilities that join our broad portfolio of security solutions across identity, endpoints, data, cloud applications and infrastructure. We look forward to showcasing Azure Sentinel and Microsoft Threat Experts at the RSA Conference next week and encourage you to stop by the Microsoft booth on the main show floor or any of our compelling sessions to learn more.