Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity

    Microsoft Security Services Put AI, Experts to Work Against Threats

    By
    Wayne Rash
    -
    March 5, 2019
    Share
    Facebook
    Twitter
    Linkedin
      cloud-based security

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Microsoft is rolling out a brace of threat fighting capabilities for Windows 10 administrators that promise to bring the big guns of the company’s security experts, as well as its AI capabilities, to bear against attackers. The new services are Microsoft Azure Sentinel and Microsoft Threat Experts, which is part of Windows Defender ATP. Both are intended to be used for security operations administrators and managers.

      Sentinel is a cloud-based threat analysis service that uses Microsoft’s cloud AI capabilities to monitor cloud and on-premises infrastructure against threats. According to Microsoft, Sentinel will monitor for threats on an enterprise-wide basis, including all devices and users, in locations that are in the cloud or on-premises.

      Sentinel is a Security Information and Event Management (SIEM) tool that’s able to detect threats in a number of ways, including their activity in the enterprise, traces left in logs and changes to protected systems, then use AI to investigate the threats and produce alerts with sufficient details to allow the security staff to act on them. Sentinel will also help respond to threats through orchestration and automation of common tasks.

      In its announcement, Microsoft says that there are no storage or query limits to using Sentinel. Right now, Sentinel is in its preview stage, which means you can sign up for a free trial. You need an Azure account to use it, and you need an Office 365 account to take advantage of some of the reporting features.

      Security Experts at Your Service

      Microsoft Threat Experts, meanwhile, uses human security experts to help with security, which is a different approach from Sentinel, which uses AI. Threat Experts is available through Windows Defender ATP, where there’s an “Ask an Expert” button that will provide threat expertise on demand.

      The idea with Threat Experts is to serve as an extension to an organization’s in-house security team to provide help in examining security data to identify threats and intrusions and any other attacks. The service will provide proactive hunting for important threats to an enterprise, including human adversary intrusions and advanced attacks such as cyber-espionage. For organizations with exposure to state-sponsored attacks (which is nearly everyone these days), the ability to detect this sort of attack can be critical.

      What’s really improving the capability of Microsoft’s service is the availability of human expertise to help with the most difficult problems. You can simply click on a button within the Windows Defender Security Center console to engage an expert at Microsoft. Those experts can examine anonymized data to help your team understand the threats they face, which machines may be compromised, causes for suspicious activities and detailed knowledge on persistent threats.

      A key difference between the immediate threat response with Threat Experts and Sentinel is that Sentinel is designed to weed out routine alerts, determine which are actually problems and, where possible, handle them. If it’s not possible, then it will pass along an alert and recommended actions to the security operations team for action.

      In effect, Sentinel is the replacement for the entry-level security employee that you’re punishing by making them comb through nearly endless false positives from your security appliances. But the difference is that Sentinel won’t get bored, won’t lose focus and won’t miss alerts because they’re in the break room looking for coffee when the bad guys break in.

      But in reality, Sentinel is more than that, because while it can indeed sort those endless false positives created by your intrusion detection system, it can also correlate results across platforms, and it can look at intrusion data from other sources. It can, for example, detect related attacks on diverse cloud platforms and on the internal platforms that you have in your data center. The chances of this happening with a human staff are essentially non-existent.

      Built to Support Security Managers

      It’s worth noting that these services aren’t just consumer security products repurposed for business use. They are built from the ground up to support enterprise security managers, and because of this they can handle enterprise workloads. This means, for example, that Sentinel’s cloud-native software has the advantage of the breadth of cloud resources, and it can draw on the performance of extendable cloud services. You don’t have to worry about a lack of performance making you fall behind the threat.

      Likewise, Threat Experts is designed to complement your existing security team. They will work with your staff to identify threats and to suggest actions you can take to eliminate them, but they’re not a remote security staff that will run your SOC for you. Think of them as highly skilled advisors who are available when you need them, because that’s exactly what they are.

      At this point, both services are available in preview, which means that you may find that some new features show up without warning while others vanish. But for now the services themselves are free, although there will be a charge for related services, such as Azure and Office 365 as well as Windows Defender APT.

      You still need your existing security solutions, but what Microsoft is offering will go a long way to providing the level of security you really need.

      Wayne Rash
      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a freelance writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      10 Best Artificial Intelligence (AI) 3D Generators

      Aminu Abdullahi - November 17, 2023 0
      AI 3D Generators are powerful tools for creating 3D models and animations. Discover the 10 best AI 3D Generators for 2023 and explore their features.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×