Microsoft Connects Cloud, Data Center, IoT Security

Microsoft made available Microsoft Threat Protection — nearly 18 months after first announcing the threat-hunting service — and its Azure Sentinel connector for IoT. The products use artificial intelligence (AI) to streamline threat hunting and improve security across customers’ clouds, data centers, endpoints, and IoT devices.

The company first announced Microsoft Threat Protection in September 2018. It’s continued to add capabilities almost monthly, but it hasn’t made the service generally available until now.

The threat protection service proactively hunts for threats across users, email, applications, and endpoints including Mac and Linux. It then uses artificial intelligence (AI) and automation to bring together alerts and take action.

“Microsoft Threat Protection breaks down security silos so security professionals can automatically detect, investigate, and stop coordinated multi-point attacks,” wrote Ann Johnson, corporate vice president or Microsoft’s Cybersecurity Solutions Group, in a blog post. “It weeds out the unimportant and amplifies signals that might have been missed, freeing defenders to work on the incidents that need their attention.”

Azure Sentinel Connector for IoT

Also in the lead up to the annual RSA security conference, Microsoft announced the general availability of the Azure Sentinel connector for IoT. This security service connects two tools that Microsoft rolled out around the time of last year’s RSA Conference.

First up: Azure Sentinel, which is a cloud-native security information and event management (SIEM) product that Microsoft rolled out in March 2019. At the time, Johnson said the SIEM uses AI to “reduce noise drastically” and cut security alert fatigue by up to 90 percent. Today, Johnson said that in December 2019 alone, within Microsoft, Azure Sentinel evaluated about 50 billion suspicious signals “that in practical terms would be impossible for people to manually analyze and emitted just 25 high-confidence incidents for SecOps teams to investigate.”

But, it doesn’t only work across Microsoft workloads. Azure Sentinel also brings together events generated by third-party vendors’ security products and signals generated by competitor’s cloud platforms such as Amazon Web Services (AWS).

Shortly after announcing Azure Sentinel, Microsoft unveiled Azure Security Center for IoT, which connects Azure cloud security, visibility, and analysis tools with the company’s Azure IoT Hub. At the time Microsoft said Azure Security Center for IoT could also hook into Azure Sentinel, and today Microsoft made this Azure Sentinel connector for IoT generally available. This means customers can combine their IoT security data with security data from across the enterprise, and then use analysis or machine learning to identify and mitigate threats.

And finally, the vendor said customers can also import AWS CloudTrail logs into Azure Sentinel at no additional cost from Feb. 24 until June 30.―SDX Central