Cybersecurity is about people. The frontline defenders who stand between the promise of digital transformation and the daily reality of cyber-attacks need our help. At Microsoft, we’ve made it our mission to empower every person and organization on the planet to achieve more. Today that mission is focused on defenders. We are unveiling two new cloud-based technologies in Microsoft Azure Sentinel and Microsoft Threat Experts that empower security operations teams by reducing the noise, false alarms, time consuming tasks and complexity that are weighing them down. Let me start by sharing some insight into the modern defender experience.
Every day Microsoft security professionals help organizations respond to threats at scale and through targeted incident response. In one recent example from the latest Security Intelligence Report, Microsoft experts were called in to help several financial services organizations deal with attacks launched by a state-sponsored group that had gained administrative access and executed fraudulent transactions, transferring large sums of cash into foreign bank accounts. When the attack group realized they had been detected, they rapidly deployed destructive malware that crippled the customers’ operations for several days. Microsoft experts were on site within hours, working around the clock with the customers’ security teams to restore normal business operations.
Incidents like this are a reminder that many defenders are overwhelmed by threats and alerts – often spending their days chasing down false alarms instead of investigating and solving complex cases. Compounding the problem is a critical shortage of skilled cyber defenders, with an estimated shortfall of 3.5 million security professionals by 2021. With today’s announcements we are unlocking the power of the cloud and AI for security to do what they do best—reason over vast amounts of security signal, spot anomalies and bring global scale to highly trained security professionals.
Too many enterprises still rely on traditional Security Information and Event Management (SIEM) tools that are unable to keep pace with the needs of defenders, volume of data or the agility of adversaries. The cloud enables a new class of intelligent security technologies that reduce complexity and integrate with the platforms and productivity tools you depend on. Today we are pleased to announce Microsoft Azure Sentinel, the first native SIEM within a major cloud platform. Azure Sentinel enables you to protect your entire organization by letting you see and stop threats before they cause harm. With AI on your side it helps reduce noise drastically—we have seen an overall reduction of up to 90 percent in alert fatigue with early adopters. Because it’s built on Azure you can take advantage of nearly limitless cloud speed and scale and invest your time in security and not servers. In just a few clicks you can bring in your Microsoft Office 365 data for free and combine it with your other security data for analysis.
Azure Sentinel is the product of Microsoft’s close partnership with customers on their journey to digital transformation. We worked hand in hand with dozens of customers and partners to rearchitect a modern security tool built from the ground up to help defenders do what they do best – solve complex security problems. Early adopters are finding that Azure Sentinel reduces threat hunting from hours to seconds.
Corey McGarry, Senior Technical Specialist, Enterprise Operations, Tolko Industries, Ltd., told me, “After using Microsoft Azure Sentinel for six months, it has become a go-to resource every morning. We get a clear visual of what’s happening across our network without having to check all our systems and dashboards individually. I haven’t seen an offering like Microsoft Azure Sentinel from any other company.”
Azure Sentinel supports open standards such as Common Event Format (CEF) and broad partner connections, including Microsoft Intelligent Security Association partners such as Check Point, Cisco, F5, Fortinet, Palo Alto and Symantec, as well as broader ecosystem partners such as ServiceNow. You can even bring your own insights and collaborate with a diverse community of defenders. Azure Sentinel blends the insights of Microsoft experts and AI with the unique insights and skills of your own in-house defenders and machine learning tools to uncover the most sophisticated attacks before they take root. Azure Sentinel helps empower SecOps teams to keep their organizations safe by harnessing the power, simplicity and extensibility of Azure to analyze data from Microsoft 365 and security solutions from other vendors. Azure Sentinel is available in preview today from the Azure portal.
Our approach to security is not only about applying the cloud and AI to your scale challenges, but also making the security operations experts who defend our cloud available to you. Therefore, we are pleased to announce Microsoft Threat Experts, a new service within Windows Defender ATP which provides managed hunting to extend the capability of your security operations center team. Through this service, Microsoft will proactively hunt over your anonymized security data for the most important threats, such as human adversary intrusions, hands-on-keyboard attacks, and advanced attacks like cyberespionage—helping your team prioritize the most important risks and respond quickly. The service also provides world-class expertise on demand. With the new “Ask a Threat Expert” button, your security operations team can submit questions directly in the product console. To join the public preview of Microsoft Threat Experts, apply in the Windows Defender ATP settings.
There are no easy answers or silver bullets for security, however the cloud is unlocking new capabilities. This is why we are putting the cloud and AI to work to extend and empower the defenders whose unique human insights are key to avoiding cyber threats. Azure Sentinel and Microsoft Threat Experts are two new capabilities that join our broad portfolio of security solutions across identity, endpoints, data, cloud applications and infrastructure.