Microsoft has announced two new cloud services to help administrators detect and manage threats to their systems. The first, Azure Sentinel, is very much in line with other cloud services: it’s dependent on machine learning to sift through vast amounts of data to find a signal among all the noise. The second, Microsoft Threat Experts, is a little different: it’s powered by humans, not machines.
Azure Sentinel is a machine learning-based Security Information and Event Management that takes the (often overwhelming) stream of security events—a bad password, a failed attempt to elevate privileges, an unusual executable that’s blocked by anti-malware, and so on—and distinguishes between important events that actually deserve investigation and mundane events that can likely be ignored.
Sentinel can use a range of data sources. There are the obvious Microsoft sources—Azure Active Directory, Windows Event Logs, and so on—as well as integrations with third-party firewalls, intrusion-detection systems, endpoint anti-malware software, and more. Sentinel can also ingest any data source that uses ArcSight’s Common Event Format, which has been adopted by a wide range of security tools.
Azure Sentinel is available in preview today and found within the Azure Dashboard. During preview it’s free to use, and Microsoft hasn’t yet decided how to price it once it goes live.