Ahead of next week’s big RSA security conference, Microsoft plans to introduce a new cloud service Thursday that will help customers manage their security efforts and also give them a way to tap into its world-class security talent.
Azure Sentinel is a cloud-based SIEM, or security information and event management (security folks like acronyms too) service that allows customers to view and respond to security alerts and threats across their corporate networks. Microsoft appears to be targeting this service at companies that are running SIEM software on their own servers and looking to modernize their approach, but it will also cover applications running across multiple public clouds and hybrid cloud, company executives said.
Security is hard. Threats grow every day as more and more applications flood the web, and software designed to flag potential malware or suspicious activity can overwhelm users with alerts that need to be investigated and dealt with. There is also a dearth of qualified cybersecurity professionals in the world at the moment, which has led to demand for artificial-intelligence based security services that reduce manual labor and a concentration of security talent at big companies like Microsoft, Amazon, and Google.
With Azure Sentinel, “customers are able to automate 80 percent of the most common tasks defenders spend their time on today,” said Ann Johnson, corporate vice president for cybersecurity solutions at Microsoft, in a briefing ahead of the announcement.
Companies are also embracing more complex infrastructure strategies, with applications running on public clouds like Azure and on their own self-managed servers. Older products designed for the data center era can’t necessarily handle that complexity, said Microsoft’s Steve Dispensa, partner director for product management, security.
All the major cloud vendors pay very close attention to their own security efforts while also introducing products for customers to help them manage the parts of cloud security for which the customer is responsible. Amazon Web Services introduced its GuardDuty service at re:Invent 2017 and Google unveiled its Cloud Security Command Center last year.
One primary argument for cloud computing is that these companies are much better at security than your company probably is, and Microsoft will also introduce a new feature Thursday that lets users submit detailed questions to Microsoft security staff. It’s called Microsoft Threat Experts, and allow Windows Defender ATP customers to hit an “ask the expert” button on their dashboards to send a question to Microsoft alongside application or network data.