AI

Microsoft unwraps Azure Sentinel, a cloud-native SIEM tool

Microsoft is taking its cybersecurity efforts to the cloud with the debut of its Azure Sentinel security information and event management (SIEM) tool.

With the constant threat of data breaches across all industries, Microsoft is looking to shore up customers' security defenses with Azure Sentinel. A projected shortfall of more than 3 million employees in the cybersecurity workforce puts increased pressure on security operations teams, according to a blog post by Eliav Levi, director of product management at Microsoft Azure Sentinel.

By using artificial intelligence, Azure Sentinel serves as a unified location for tracking security issues across an enterprise. It not only monitors security in Azure cloud environments, but also in rival cloud environments such Amazon Web Services.

"Azure Sentinel provides intelligent security analytics at cloud scale for your entire enterprise," said Levi. "Azure Sentinel makes it easy to collect security data across your entire hybrid organization from devices, to users, to apps, to servers on any cloud.  It uses the power of artificial intelligence to ensure you are identifying real threats quickly and unleashes you from the burden of traditional SIEMs by eliminating the need to spend time on setting up, maintaining, and scaling infrastructure."

"Since it is built on Azure, it offers nearly limitless cloud scale and speed to address your security needs. Traditional SIEMs have also proven to be expensive to own and operate, often requiring you to commit upfront and incur high cost for infrastructure maintenance and data ingestion. With Azure Sentinel there are no upfront costs, you pay for what you use."

RELATED: Windstream Enterprise rolls out SIEM service

With the proliferation of Microsoft's Office 365 by businesses and organizations, Microsoft also announced that Azure Sentinel users can bring their Office 365 log data to the cloud to combine it with it with other security data for analysis.

Azure Sentinel uses Azure Monitor, which is built on a scalable log analytics database that ingests more than 10 petabytes every day and provides a query engine that can sort through millions of records in seconds.

Azure Sentinel also taps into machine learning algorithms that are based on the experiences of Microsoft's security team over the years of providing security in the cloud. The machine learning algorithms are used to correlate millions of low-fidelity anomalies to present a few high-fidelity security incidents to the security analyst.

Levi said the machine learning technologies will help customers get value from large amounts of security data that they are ingesting while also helping them connect the dots.

"If you are a data scientist and you want to customize and enrich the detections then you can bring your own models to Azure Sentinel using the built-in Azure Machine Learning service," Levi said. "Additionally, Azure Sentinel can connect to user activity and behavior data from Microsoft 365 security products which can be combined with other sources to provide visibility into an entire attack sequence."

Azure Sentinel connects to some of the more well-known security vendors such as Palo Alto Networks, F5, Symantec, Fortinet and Check Point, with more to come.

Azure Sentinel is also integrated with Microsoft Graph Security API, which lets users import their own threat intelligence feeds while customizing threat detection and alert rules. There are also custom dashboards that give users a view optimized for their specific use cases.

Microsoft Azure Sentinel is available in preview mode in the Azure portal.