Microsoft Azure Sentinel SIEM Tool Uses Machine Learning to Fight Malware

Azure Sentinel dashboard Credit: MicrosoftAzure Sentinel dashboard Credit: MicrosoftMicrosoft has announced today two new cloud-based security solutions for its Azure public cloud service, called Microsoft Azure Sentinel and Microsoft Threat Experts. Azure Sentinel claims to be the first “cloud-native” Security Information and Event Management (SIEM) tool powered by machine learning, while Threat Experts is a new “managed hunting” service meant to extend the capability of in-house security teams during security crises.

Microsoft Azure Sentinel

Azure Sentinel is an anti-malware service that uses cloud telemetry to feed the machine learning algorithms that can detect and stop threats before they cause harm. According to the company, the service can drastically reduce “noise,” such as automated bot attacks, by up to 90 percent.

Microsoft said it worked with customers to develop the Sentinel service in a way that best suits their needs. According to the company, early adopters claim the service has often reduced their threat hunting from hours to seconds.

For example, Corey McGarry, Senior Technical Specialist, Enterprise Operations, Tolko Industries, said in statement that his company has been using Azure sentinel for six months, and it's become a daily "go-to resource" unlike any other offering. 

"We get a clear visual of what’s happening across our network without having to check all our systems and dashboards individually," McGarry said. 

The Sentinel service supports open standards, such as the Common Event Format (CEF), and Microsoft's business partner ecosystem, including Microsoft Intelligent Security Association partners, like Check Point, Cisco, F5, Fortinet, Palo Alto and Symantec, as well as other ecosystem partners, such as ServiceNow.

Azure Sentinel is available in preview today from the Azure portal.

Microsoft Threat Experts

Threat Experts is a new service within Windows Defender Advanced Threat Protection (ATP) that can provide access to Microsoft’s security operations experts, who will then help enterprise customers hunt down and stop human adversary intrusions and other advanced attacks, such as nation-state espionage operations.

Security teams from within companies under attack can use the “Ask a Threat Expert” button in the Windows ATP console to submit their security-related questions. Companies interested in trying out a preview of the Threat Experts service can apply for it in the Windows Defender ATP settings.