Microsoft launches cloud-native security management tool Azure Sentinel

The SIEM tool will harness AI to reduce 'alert fatigue' for security teams

Microsoft security

Microsoft has announced a new inbuilt security information and event management (SIEM) tool for its Azure cloud customers, which promises to use AI to slash the number of alerts that security teams need to respond to.

The new tool, dubbed 'Azure Sentinel', will help infosec professionals monitor and defend their cloud environments by collating all of their security logs and threat data in one place. As well as information from Office 365 and Azure, customers will be able to process data from partners such as F5 Networks, Cisco, Palo Alto Networks, Symantec, Fortinet and more, including partners outside the security sector.

Unsurprisingly, Microsoft is touting the speed and scale that the cloud can offer as one of the biggest benefits of this service, promising it allows customers to "invest your time in security and not servers". In a blog post announcing the new product, the corporate vice president of Microsoft's Cybersecurity Solutions Group Ann Johnson boasted that early adopters of the product have seen up to 90% reductions in 'alert fatigue' - although she neglected to mention how this was measured.

"Azure Sentinel is the product of Microsoft's close partnership with customers on their journey to digital transformation," Johnson wrote "We worked hand in hand with dozens of customers and partners to rearchitect a modern security tool built from the ground up to help defenders do what they do best - solve complex security problems. Early adopters are finding that Azure Sentinel reduces threat hunting from hours to seconds."

While other companies like Splunk and Sumo Logic have previously unveiled cloud-based SIEM tools, Microsoft says that it's the first major cloud provider to offer one as an integrated part of its portfolio.

Azure Sentinel is currently available in preview via the Azure portal; the product is currently free to use, with future pricing to be announced at a later date. Microsoft has also said that there may be additional charges for automation workflows, machine learning model customisation and data ingestion, importing Office 365 data will be free.

The company also announced a tool that allows customers to call in the cavalry in the event of a security crisis. Microsoft Threat Experts, a new capability which will be introduced to Windows Defender ATP, allows customers to call on the expertise of Microsoft's own security specialists, who will scour your (anonymised) security data to identify the most pressing threats to your organisation.

Customers can apply to join the service through their Windows Defender ATP settings and once approved, can access it via a button in the console labelled 'Ask a Threat Expert'.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Most Popular

How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
Ransomware operators are exploiting VMware ESXi flaws
ransomware

Ransomware operators are exploiting VMware ESXi flaws

1 Mar 2021