sb-nz logo
Story image

Microsoft bolsters threat prevention capabilities for enterprises

28 Feb 2020

Microsoft has recently announced new capabilities in automation and artificial intelligence (AI) designed to provide cloud-based protection to organisations’ cybersecurity defences.

These capabilities centre around Microsoft Threat Protection, Azure Sentinel, and Insider Risk Management.

According to Microsoft’s Cybersecurity Solutions Group corporate vice president Ann Johnson, organisations can ‘turn the tide’ in cybersecurity by using the cloud and the right mix of human and AI intelligence.

“Cybersecurity always comes down to people – good and bad. Our optimism is grounded in our belief in the potential for good people and technology to work in harmony to accomplish amazing things. After years of investment and engineering work, the data now shows that Microsoft is delivering on the potential of AI to enable defenders to protect data and manage risk across the full breadth of their digital estates,” says Johnson.

Microsoft adds that its AI-enabled security solutions are trained on 8 trillion daily threat signals, as well as 3500 human security experts. These solutions are now able to automate 97% of tasks that took up human defenders’ time two years ago.

Microsoft Threat Protection uses automation and AI to monitor for threats across applications, emails, and endpoints. It also uses identity protection as one of its core components, which means it is designed for Zero Trust.

“Microsoft Threat Protection breaks down security silos so security professionals can automatically detect, investigate and stop coordinated multi-point attacks. It weeds out the unimportant and amplifies signals that might have been missed, freeing defenders to work on the incidents that need their attention,” explains Johnson.

The solution builds on the core Microsoft Defender Advanced Threat Protection for endpoint security. Microsoft Defender Advanced Threat Protection is also generally available across Windows, Linux, and macOS. Microsoft plans to develop the solution for iOS and Android in future.

The Azure Sentinel platform now has two separate additional capabilities. The first is a new Sentinel connector for IoT, which allows organisations to onboard data from Azure IoT Hub-managed deployments into Azure Sentinel.

“Customers can now monitor alerts across all IoT Hub deployments along with other related alerts in Azure Sentinel, inspect and triage IoT incidents, and run investigations to track an attacker’s lateral movement within their enterprise,” explains Microsoft principal group program manager Sarah Fender and partner director program manager Eliav Levi.

The second Azure Sentinel Capability allows organisations to import AWS CloudTrail Logs into Azure Sentinel at no additional cost for a limited time (February-April 2020).

Insider Risk Management, part of Microsoft 365, allows organisations to solve a problem without the need for agents or ingestions. It is now generally available and is rolling out to customers’ tenants.

Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
Video: 10 Minute IT Jams - Who is CrowdStrike?
Today, Techday speaks to CrowdStrike ANZ channel director Luke Francis about the company's key products and offerings, its upcoming annual security conference, and the infrastructure it leverages in the A/NZ region.More
Story image
Interview: Check Point profiles 5 battles that SOC teams face in 2020
Security operations centres (SOCs) are often the first lines of defence.More
Story image
Yubico launches latest YubiKey with NFC & USB-C support
Yubico has released a new hardware authentication key, designed to provide security through both near-field communication (NFC) and USB-C connections and smart card support.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More