Microsoft unveils Azure Sentinel Cloud security program

Microsoft has unveiled two new cloud security services to help customers find and stop threats and manage their cyber defenses.

The new offering is expected to help organizations in a number of industries, including healthcare, bolster data protection by enabling them to get help from security experts from the software giant.

Azure Sentinel, which was made available for customer last week, is what’s called a Security Information and Event management tool, and Microsoft said it’s the first of its type based in the cloud. The product uses artificial intelligence to comb through data to find threats and lets customers rent computing power from the company rather than buy more of their own servers to crunch information.

Companies are facing more threats online, and cloud providers such as Microsoft and Amazon.com contend that their offerings are more secure than traditional products. To make this point, Microsoft disclosed that it recently helped several financial-services companies fend off attacks by a state-sponsored group that was “transferring large sums of cash into foreign bank accounts.” The attackers then released malware that crippled systems for days, requiring Microsoft experts to help clean it up.

Azure Sentinel can quickly download a customer’s Office cloud data and combine that with security information to find threats. For example, Office email spam data can provide clues on suspicious accounts or computers that have turned into zombie spam-sending machines. The product works with security software from companies like Check Point Software Technologies, Cisco Systems, Symantec and Palo Alto Networks, says Ann Johnson, a Microsoft vice president for cybersecurity. Microsoft announced the new products ahead of this week’s RSA security conference in San Francisco.

Microsoft-CROP.jpg
Signage displayed outside the Microsoft Corp. main campus in Redmond, Washington, U.S., on Tuesday, Dec. 19, 2017. Photographer: David Ryder/Bloomberg

Azure Sentinel also integrates with Microsoft Graph Security API, enabling an organization to import its threat intelligence feeds and customize threat detection and alert rules. There are custom dashboards that provide an optimized view for specific use-cases.

The Microsoft offering also aims to automate common tasks and threat responses. For example, Azure Sentinel provides built-in automation and orchestration with pre-defined or custom playbooks to solve repetitive tasks and to respond to threats quickly. Azure Sentinel will augment existing enterprise defense and investigation tools, including best-of-breed security products, homegrown tools and other systems.

Microsoft also previewed a service called Microsoft Threat Experts in which the company hunts through a customer’s anonymous security data to find the biggest threats and provides help on demand through an “Ask a Threat Expert” button. The services will be part of Microsoft’s Windows Defender ATP security product.