Microsoft bolsters cloud security with more AI threat detection

Image: GERARD JULIEN/AFP/Getty Images

The Satya Nadella era at Microsoft has been defined by one overarching theme: everything ties back to the cloud.

Every Microsoft business app and service plugs back to its Azure cloud platform in one way or another. Ahead of the RSA security conference, the company is once again debuting new Azure security tools to add to its enterprise threat protection arsenal.

Ann Johnson, Microsoft’s Corporate Vice President of Cybersecurity Solutions, announced two new services—Azure Sentinel and the Microsoft Threat Experts program—from the floor of the company’s Cyber Defense Operations Center. Johnson said Azure Sentintel is “the first cloud-native SIEM [security information and event management tool] within a major cloud platform.”

Azure Sentinel, available in preview today, applies AI to cybersecurity by automating up to 80 percent of common security operations (SecOps) tasks, according to Microsoft. The service also integrates with security providers inclcuding Check Point, Cisco, F5, Fortinet, Palo Alto, Symantec, and ServiceNow, while supporting open standards and allowing enterprises to import their own machine learning models trained for specific environments.

This includes collecting security data integrated with Office 365, detecting and responding to threats, and performing root cause investigations into suspicious activities. Johnson also talked a lot about “cloud scale,” or the ability to devote Azure’s scalable infrastructure to AI resources in order to speed up detection and protection “from hours to seconds,” said Johnson.

Johnson also announced a new program called Microsoft Threat Experts in public preview within the Windows Defender Advanced Threat Protection (ATP) application for Windows 10 Enterprise. The idea here is to give enterprise IT and SecOps professionals an “Ask a Threat Expert” button to quickly ping Microsoft’s security team for threat monitoring and analysis, incident response, or to understand the full context or an attack or data breach.

All of this is part of Microsoft’s broader strategy for defending enterprises from an evolving threat landscape and cyber warfare techniques. Frank X. Shaw, Microsoft’s Corporate Vice President of Communications, talked about last year’s Cybersecurity Tech Accord, and the tech giant’s work to defend organizations and governments against cyber criminals and nation-state attacks.

Shaw said Microsoft’s Cyber Defense Operations Center has worked with global law enforcement to disrupt malware infrastructure, break up 18 criminal botnets, and combat nation-state hackers including stymying election hacking attemptsand shutting down fake websites intended to spread misinformation ahead of the 2018 US midterm elections.

“Today’s cyber war is about intelligence,” said Shaw. “The role of technology is to empower defenders to stay a step ahead of well-funded and well-organized adversaries.”

This article originally published at PCMag
here