Microsoft Launches Azure Sentinel For Cloud-Scale Security Analytics


Microsoft is launching what it's calling the first SIEM (security information and event management) tool that is native to a major cloud platform.

The offering, Azure Sentinel, aims to stand out from other SIEM tools by leveraging the scalability and flexibility of the cloud—and by tapping artificial intelligence to reduce cyberthreat noise.

[Related: Microsoft Ignite 2018: 9 Key Updates To Office 365 And Security]

Early partners working with Azure Sentinel include Accenture, Insight and New Signature, Microsoft disclosed.

Sponsored post

Azure Sentinel is "addressing a significant challenge in our customers' environments, many of which were originally designed prior to the cloud era," said Reed Wiedower, CTO at Washington, D.C.-based New Signature, in an email to CRN.

The launch comes at a time when massive volumes of data have created issues for security professionals, who are often too overwhelmed by alerts to focus on solving complex security problems, according to Microsoft.

The use of AI in Azure Sentinel has helped to enable a 90-percent reduction in "alert fatigue" among early users, wrote Ann Johnson, corporate vice president for cybersecurity at Microsoft, in a blog post.

And, "because it's built on Azure you can take advantage of nearly limitless cloud speed and scale and invest your time in security and not servers," Johnson wrote.

Organizations can bring data into Azure Sentinel from Office 365 for free, where it can be analyzed alongside the organization's other security data, Johnson said.

Ultimately, Azure Sentinel "reduces threat hunting from hours to seconds," Johnson wrote.

Azure Sentinel supports the Common Event Format open standard as well as security platforms from Check Point, Cisco, Symantec, Fortinet, Palo Alto Networks and F5.

The solution, which is being announced ahead of next week's RSA Conference 2019 in San Francisco, is now available for preview in the Azure portal, Microsoft said.

For many customers, SIEM systems tend to be client-server based while also being focused on a specific security niche, Wiedower told CRN. Meanwhile, use of the cloud has led to an explosion in the amount of data and devices they have under management—and that's created friction with their existing SIEM solutions, he said.

Most enterprise customers have more than 50 security solutions in place—a level of complexity that itself has created security challenges and made it difficult to react quickly as a security provider, Wiedower said.

Azure Sentinel, on the other hand, is a "true SIEM-as-a-service," Wiedower said. "We’re expecting to help our customers reduce the total number of security solutions they have in place (reducing both complexity and cost) as well as gain more rapid security insights into their digital estate, both on-premises and into the cloud."

These capabilities are "critical for customers we fully manage from a security perspective, as well as CISOs who are looking for temporary assistance," he said. "Because Azure Sentinel was designed as a cloud service, for customers who have increasing workloads in the cloud, it is a natural fit to our digital transformation efforts."

Additionally, Microsoft announced a new security service within Windows Defender ATP, Microsoft Threat Experts, which assists security operations centers with managed hunting.

The service analyzes anonymized security data to uncover serious threats, such as human adversary intrusions and cyber-espionage, Microsoft said.

Microsoft Threat Experts also provides answers to questions on demand, with partners and customers able to submit questions in the product console. Microsoft Threat Experts is now in public preview.