Microsoft has stepped up its cloud security offering with Azure Sentinel, a “reimagined” SIEM tool which brings a big dollop of AI to take the load off over-stretched security analysts.
Sentinel was announced by Eliav Levi, the service’s director of product management, in a blog post today, which claimed “today’s Security Information and Event Management can’t keep pace”. If that wasn’t bad enough, he claimed the industry would be short around 3.5 million security analysts by 2021.
The answer? Computers of course. Levi claimed the new service – which is only available in preview right now – would use “the power of artificial intelligence to ensure you are identifying real threats quickly and unleashes you from the burden of traditional SIEMs by eliminating the need to spend time on setting up, maintaining, and scaling infrastructure.”
At the same time, he said, “Since it is built on Azure, it offers nearly limitless cloud scale and speed to address your security needs.”
This should all reduce the load on security analysts juggling multiple feeds and alerts, he claimed: “This helps reduce noise drastically, in fact we have seen an overall reduction of up to 90 percent in alert fatigue during evaluations.”
“Of course, if you are a data scientist and you want to customise and enrich the detections then you can bring your own models to Azure Sentinel using the built-in Azure Machine Learning service,” he added. “Additionally, Azure Sentinel can connect to user activity and behaviour data from Microsoft 365 security products which can be combined with other sources to provide visibility into an entire attack sequence.”
Presumably Sentinel will not replace Microsoft’s existing security offerings, including the free Security Centre service which is available to all Azure customers.
And, Microsoft is not claiming to supplant customers’ other security providers, saying it connects to “popular solutions including Palo Alto Networks, F5, Symantec, Fortinet, and Check Point” amongst others.
Customers will be able to import their own threat intelligence feeds and develop their own threat detection and alert rules, and dashboards. At the same time, there will be built-in orchestration and automation, with predefined and customised playbooks to “solve repetitive tasks”.
With all that taken care of, you might ask what else is left for security specialists to do, other than ensure the Azure subscription is paid.
The only thing you’ll need to worry about, perhaps, is the nightmare scenario of Azure itself experiencing an outage. But the chances of that are next to nothing, right?