2 min Security

Microsoft wants to increase its presence on the cyber security market with Azure Sentinel

Microsoft wants to increase its presence on the cyber security market with Azure Sentinel

Microsoft has increased its presence in the cyber security market with the introduction of Azure Sentinel. That’s a cloud-based threat detection service for enterprises, reports Silicon Angle.

Azure Sentinel is a security information and event management (SIEM) platform. SIEM products allow companies to centrally analyse activity data from various systems in order to search for threats. By bringing the data together in this way, it is possible to find useful patterns. Consider, for example, when two separate systems start showing suspicious behaviour at the same time.

Microsoft positions Azure Sentinel as a unified hub for tracking security events within an enterprise. According to the company itself, it is also the first cloud-based SIEM service that natively runs on a large cloud infrastructure-as-a-service platform. The product can monitor not only Azure environments, but also competitor clouds such as Amazon Web Services (AWS), and a company’s on-premise infrastructure.

Azure Sentinel can retrieve data from a long list of enterprise security tools and combine this with external threat intelligence and Office 365 user logs. In recent months, Microsoft has added several features to its productivity suite that allow companies to monitor whether sensitive documents are being abused.

Machine learning

Azure Sentinel uses machine learning to process security data. The platform’s algorithms filter out unnecessary logs, correlate activity patterns in systems, and condense abnormal activities they encounter in organized alerts for administrators.

In addition, the platform can automate parts of the threat response workflow. Azure Sentinel is able to perform tasks such as sending an email to administrators when the underlying machine learning models detect a high-priority security event.

Tools have also been added for performing manual threat analyses. An incident investigation console allows administrators to visualize suspicious activity patterns and run queries to retrieve relevant system data.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.