Microsoft’s new cloud security tools aim to reduce alert fatigue

Microsoft today unveiled a pair of new cloud-based security offerings aimed at helping large organizations cope with advanced security threats. The announcement comes ahead of the RSA Conference, where the two products will be showcased for security professionals.

Azure Sentinel is a new service offering within Azure that Microsoft bills as a “cloud-native Security Information and Event Management (SIEM) tool.” It’s designed to pull in vast amounts of data from other cloud-based services, including Office 365 and third-party solutions, and then use AI to reduce the noise and identify actual threats. The results appear in an Azure-based dashboard like the one shown here.


The Azure Sentinel dashboard analyzes millions of data points to spot trends and identify threats.

Ann Johnson, Microsoft Corporate Vice President for Cybersecurity, said that the use of AI and an organization’s own machine learning tools can dramatically reduce “alert fatigue” for frontline security professionals.

According to Microsoft, Azure Sentinel supports open standards such as Common Event Format (CEF), as well as allowing connections to third-party security tools from Check Point, Cisco, F5, Fortinet, Palo Alto and Symantec and integration with partners such as ServiceNow that offer a broader set of security and IT management services.

See also: The Windows 10 security guide: How to safeguard your business

Azure Sentinel is available as a preview in the Azure portal beginning today. During the preview period, it will be free. A Microsoft spokesperson declined to offer details about future pricing but said the service will be “aligned to general Azure pricing.”

The second offering, Microsoft Threat Experts, is a new service within Windows Defender Advanced Threat Protection (ATP) designed to “address the cybersecurity skills gap” by providing expert help for security operations teams who are existing ATP customers.

The new service consists of two parts. One is a “managed threat hunting service,” in which Microsoft experts will sift through anonymized security data for a customer and provide notifications of important threats such as human adversary intrusions, hands-on-keyboard attacks, and cyberespionage.

The second component is an “Ask a Threat Expert” button in the ATP console that allows security operations personnel to request help in analyzing data to prioritize threat responses and add context to notifications.

Microsoft Threat Experts is available as a public preview beginning today; existing customers can apply in the ATP console.

Related and previous coverage

Top cloud providers 2019: AWS, Microsoft Azure, Google Cloud; IBM makes hybrid move; Salesforce dominates SaaS
The cloud computing race in 2019 will have a definite multi-cloud spin. Here’s a look at how the cloud leaders stack up, the hybrid market, and the SaaS players that run your company.

Survey reveals growing concern about container technology security
Ninety-four percent of IT security pros worry about container security, and 60 percent have had container security incidents in the past year. What to do?

Google’s Cloud Security Command Center gets beta release
Cloud Security Command Center is Google’s dashboard for assessing and remediating security risks in a GCP environment.

Microsoft cloud services see global authentication outage
Office 365, Dynamics 365, Azure Government Cloud impacted by authentication issue.