New Microsoft tools to analyse cloud-based security data


Posted by David Monk over 1 year ago

Every day, security professionals are faced with high levels of noise and false positives when analysing security data in the cloud. To help with this, Microsoft has launched two new cloud-based technologies designed to enable cyber security experts to react faster when dealing with cyber-attacks.

The new security solutions, Azure Sentinel and Threat Experts, reduce the level of noise, time-consuming tasks, false alarms and complexity, meaning security professionals can focus on the crux – dealing with cyber threats.

Azure Sentinel is a security information and event management tool that allows customers to respond to security alerts across their networks. Using artificial intelligence to scrutinise data and identify potential threats, the results are flagged up in a dashboard. The tool also supports open standards and enables connections to third-party tools.

According to Microsoft, the product is the first of its kind to be based in the cloud. It will target businesses that plan to update their approach to using security information and event management software on their servers. Azure Sentinel will also cover applications running across multiple public or hybrid clouds.

Speaking about the product, Corey McGarry, senior technical specialist, enterprise operations at Tolko Industries, stated: “After using Microsoft Azure Sentinel for six months, it has become a go-to resource every morning.”

He continued: “We get a clear visual of what’s happening across our network without having to check all our systems and dashboards individually. I haven’t seen an offering like Microsoft Azure Sentinel from any other company.”

The other tool, Microsoft Threat Experts, is available as part of Windows Defender Advanced Threat Protection (ATP).

Threat Experts is made up of two components – a ‘managed threat hunting service’ and an ‘ask a threat expert’ option.

The former involves Microsoft professionals sifting through anonymous data on behalf of customers, looking for signs of cyber-espionage, hands-on keyboard attacks and human adversary intrusions.

The latter is a button within the ATP console, allowing customers to ask Microsoft security experts to help them examine data in order to prioritise threat responses.


Whether you’re a business looking for security specialists or an Azure professional looking for a new challenge, get in touch with Hunter Charles to find out how we can help you.

Tweets from @hunter__charles