Redmond throws hat into cloud-based security analytics ring with AI-powered offering that promises to improve visibility, reduce noise.
Microsoft this week is taking a stab at SIEM-as-a-service, announcing a preview version of Azure Sentinel, a cloud-based security analytics service that features AI-driven detection and threat hunting powered by the vendor’s formidable cloud platform.
The Lowdown: Re-imagining SIEM as a cloud-native solution is part of an effort to ease the collection of security data from devices, users, apps, and servers no matter where they live on premises or in the cloud, all with no up-front costs.
Unburdened by the often expensive proposition of setting up and maintaining a SIEM platform, organizations will be able to leverage Sentinel’s powerful artificial intelligence and machine learning capabilities along with pre-built models and graphical analysis tools to keep watch of their systems with clearer visibility and less meaningless alert clutter.
The Details: Azure Sentinel should be especially attractive to the many Office 365 users that have been clamoring for a way to combine security data from users and endpoint apps with information from their infrastructure environment and third-party data to get a more complete picture of a threat or an attack. Office 365 data can be brought into Azure Sentinel for free, Microsoft officials said.
A key selling point for Sentinel, in addition to its reducing up-front costs and complexity and packing advanced automation and orchestration features, is that it resides on Azure, offering plenty of power and scale for even the most complicated security environment.
The Buzz: “Too many enterprises still rely on traditional SIEM tools that are unable to keep pace with the needs of defenders, volume of data, or the agility of adversaries,” said Ann Johnson, corporate vice president of Microsoft’s Cybersecurity Solutions Group. The cloud enables a new class of intelligent security technologies that reduce complexity and integrate with the platforms and productivity tools you depend on.”
“We’re pleased with our ongoing collaboration with Microsoft and the work we’re doing to deliver greater security orchestration for our joint customers,” said Adam Geller, senior vice president of SaaS, virtualization, and cloud-delivered security at Palo Alto Networks. “This latest integration allows customers to forward their physical and virtualized next-generation firewall logs to Azure Sentinel and use custom dashboards and artificial intelligence to rapidly uncover potential security incidents.”