Microsoft announces at its Ignite conference that it is continuing to invest in security, including with its new Unified Security Operations Platform.
The new platform combines Microsoft Sentinel and Microsoft Defender XDR (formerly Microsoft 365 Defender). Sentinel is Microsoft’s solution for security information and event management (SIEM) and security orchestration, automation, and response (SOAR). Defender XDR, in turn, can help investigate and respond to attacks. Bringing these solutions together now in the Unified Security Operations Platform creates a new more comprehensive platform for Security Operations Center.
Microsoft is adding Security Copilot features to the Unified Security Operations Platform. With these, Microsoft supports security operations. That guidance should be strong because the Copilot has extracted training and experience from 65 trillion daily security signals.
By bringing together Sentinel, Defender XDR and Security Copilot, Microsoft aims to give security analysts a unified incident experience that streamlines triage and provides an end-to-end view of threats. “With a single set of automation rules and playbooks enriched with generative AI, coordinating response is now easier and quicker for analysts of every level. In addition, unified hunting now gives analysts the ability to query all SIEM and XDR data in one place to uncover cyberthreats and take appropriate remediation action”, Microsoft explains.
At Ignite, Microsoft also announced that Security Copilot is expanding to Intune, Purview and Entra. This should help IT administrators, compliance departments and identity experts simplify complex scenarios. At Ignite, sure we’ll hear more about exactly how this works.