With a growing number of high-profile data breaches emerging across all industries, companies are scrambling to shore up their defenses. However, some reports indicate anticipate a cybersecurity workforce shortfall of more than 3 million people by 2021.
Against that backdrop, artificial intelligence (AI) could prove pivotal in helping firms of all sizes protect themselves from outside threats.
Microsoft is today rolling out a couple of new cloud-based cybersecurity tools to help security teams by “reducing the noise” and “time-consuming tasks and complexity” involved in constantly monitoring for cyberattacks, Ann Johnson, Microsoft’s corporate vice president for cybersecurity, wrote in a blog post.
The first of these products is Microsoft Azure Sentinel, which is touted as the first native Security Information and Event Management (SIEM) tool built by a major cloud provider.
For the uninitiated, SIEM gives companies real-time insights into all activities across their internal systems, providing monitoring and alerts for potential threats. But with the growth of cloud computing and the increasing sophistication of cyberattacks, Microsoft argues that traditional SIEM tools are simply not up to the task. With Azure Sentinel, Microsoft wants its customers to know that it has their backs.
“Too many enterprises still rely on traditional Security Information and Event Management tools that are unable to keep pace with the needs of defenders, volume of data, or the agility of adversaries,” Johnson added. “The cloud enables a new class of intelligent security technologies that reduce complexity and integrate with the platforms and productivity tools you depend on.”
Azure Sentinel is about offering companies automated protection and reducing “alert fatigue” by cutting down on false alarms. It enables users to connect data from all of their various sources — across devices, servers, applications, and users — and works in any on-premises or cloud environment.
“Because it’s built on Azure, you can take advantage of nearly limitless cloud speed and scale and invest your time in security and not servers,” Johnson continued.
According to Johnson, Microsoft worked closely with a number of its Azure customers to build Sentinel “from the ground up.” At its core, it’s about helping security operations teams focus on more complex security issues, rather than getting bogged down chasing every alert, many of which are false flags generated by legitimate events.
“Early adopters are finding that Azure Sentinel reduces threat-hunting from hours to seconds,” Johnson noted.
The human touch
While Azure Sentinel opens in preview today through the Azure portal, Microsoft is also announcing a second new security offering it calls Threat Experts. For this service, Microsoft is offering its own in-house security experts as part of Windows Defender Advanced Threat Protection (ATP) — its unified enterprise security service for preventative, post-breach, and automated investigations.
In a nutshell, Threat Experts will serve as an extension to companies’ own in-house security personnel, providing additional manpower to “proactively hunt” through security data to identify intrusions and other advanced attacks.
“Our approach to security is not only about applying the cloud and AI to your scale challenges, but also making the security operations experts who defend our cloud available to you,” added Johnson.
As part of this offering, users will see an “Ask a Threat Expert” button that lets security teams submit questions directly through the Windows Defender ATP console. This service is available now as a public preview through the settings in Windows Defender ATP.
At its last earnings, Microsoft reported Azure revenue growth of 76 percent, and some analysts predict that Azure will grow 72 percent in 2019. It’s estimated that this will represent roughly 10 percent of Microsoft’s total business. But as Microsoft goes all-in on the cloud, it is faced with the task of convincing new — and existing — customers to use Azure over competitors such as Amazon’s AWS, which is currently the market leader. Central to that mission is security.
If Microsoft can convince companies that their data is protected, it stands a far greater of chance of winning in the long-term.