Microsoft announces Azure Sentinel and Threat Experts to analyse security data in the cloud

New tools inteded to reduce the level of noise and false positives security pros need to wade through every day

Microsoft has launched two new cloud-based technologies intended to help cyber defenders react faster and to manage their security efforts during cyber-attacks. The release of the new tools comes ahead of the RSA Conference, where Microsoft will showcase its products to security professionals.

Microsoft claims that the new security solutions, called Azure Sentinel and Threat Experts, will empower cyber-security teams by reducing the level of 'noise', time consuming tasks, false alarms, and complexity that weigh them down.

Azure Sentinel is a cloud-based security information and event management (SIEM) tool that will enable customers to respond to security alerts/threats across their networks. Microsoft claims that it uses artificial intelligence technology to sift through data to identify threats. The results are shown in an Azure-based dashboard.

The tool supports open standards such as Common Event Format (CEF) and also enables connections to third-party tools from Cisco, Symantec, Check Point, Fortinet, Palo Alto and others.

According to Microsoft, the tool is first of its kind based in the cloud. With the service, Microsoft plans to target organisations that are currently using SIEM software on their own servers, but are looking to modernise their approach. The product will also cover applications running across multiple hybrid or public clouds.

"After using Microsoft Azure Sentinel for six months, it has become a go-to resource every morning," said Corey McGarry, senior technical specialist, enterprise operations at Canadian forestry products company Tolko Industries.

"We get a clear visual of what's happening across our network without having to check all our systems and dashboards individually. I haven't seen an offering like Microsoft Azure Sentinel from any other company."

The second tool, Microsoft Threat Experts, which is being offered within Windows Defender Advanced Threat Protection (ATP), consists of two components.

The first is a "managed threat hunting service" in which Microsoft professionals will comb through anonymous data for a customer to search for threats such as cyber-espionage, hands-on-keyboard attacks and human adversary intrusions.

The second component of Threat Experts is "Ask a Threat Expert" button within the ATP console, which enables customers to request help from Microsoft security experts in examining data to prioritise threat responses.