Microsoft launches cloud-native security management tool Azure Sentinel

The SIEM tool will harness AI to reduce 'alert fatigue' for security teams

Microsoft has announced a new inbuilt security information and event management (SIEM) tool for its Azure cloud customers, which promises to use AI to slash the number of alerts that security teams need to respond to.

The new tool, dubbed 'Azure Sentinel', will help infosec professionals monitor and defend their cloud environments by collating all of their security logs and threat data in one place. As well as information from Office 365 and Azure, customers will be able to process data from partners such as F5 Networks, Cisco, Palo Alto Networks, Symantec, Fortinet and more, including partners outside the security sector.

Unsurprisingly, Microsoft is touting the speed and scale that the cloud can offer as one of the biggest benefits of this service, promising it allows customers to "invest your time in security and not servers". In a blog post announcing the new product, the corporate vice president of Microsoft's Cybersecurity Solutions Group Ann Johnson boasted that early adopters of the product have seen up to 90% reductions in 'alert fatigue' - although she neglected to mention how this was measured.

"Azure Sentinel is the product of Microsoft's close partnership with customers on their journey to digital transformation," Johnson wrote "We worked hand in hand with dozens of customers and partners to rearchitect a modern security tool built from the ground up to help defenders do what they do best - solve complex security problems. Early adopters are finding that Azure Sentinel reduces threat hunting from hours to seconds."

While other companies like Splunk and Sumo Logic have previously unveiled cloud-based SIEM tools, Microsoft says that it's the first major cloud provider to offer one as an integrated part of its portfolio.

Azure Sentinel is currently available in preview via the Azure portal; the product is currently free to use, with future pricing to be announced at a later date. Microsoft has also said that there may be additional charges for automation workflows, machine learning model customisation and data ingestion, importing Office 365 data will be free.

The company also announced a tool that allows customers to call in the cavalry in the event of a security crisis. Microsoft Threat Experts, a new capability which will be introduced to Windows Defender ATP, allows customers to call on the expertise of Microsoft's own security specialists, who will scour your (anonymised) security data to identify the most pressing threats to your organisation.

Customers can apply to join the service through their Windows Defender ATP settings and once approved, can access it via a button in the console labelled 'Ask a Threat Expert'.

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now


New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021