Microsoft today unveiled a couple of new cloud-based security offers to help large organizations cope with advanced threats to security. The announcement precedes the RSA Conference, where the two products are presented to security professionals. Azure Sentinel is a new service offering within Azure that Microsoft bills as a “cloud-native security information and event management (SIEM) tool.” It is designed to extract large amounts of data from other cloud-based services, including Office 365 and third-party solutions, and then use AI to reduce noise and identify actual threats.
Azure Sentinel dashboard The results appear in a dashboard based on Azure as shown here. Ann Johnson, Microsoft Corporate Vice President for Cybersecurity, said the use of AI and machine learning tools by an organization can dramatically reduce “alert fatigue” for security professionals at the front line. According to Microsoft, Azure Sentinel supports open standards such as the Common Event Format (CEF), as well as connections to third-party security tools such as CheckPoint, Cisco, F5, Fortinet, Palo Alto and Symantec, and integration with partners such as ServiceNow, which offer a wider range of security and IT services.
