Last week, the Microsoft Security team attended the RSA conference in San Francisco, California. We made several key announcements about Microsoft Threat Protection, the solution which provides end users optimal security from the moment they log in, use email, work on documents, or utilize cloud applications and offers security professionals the benefit of minimal complexity while staying ahead of threats to their organization. As we previously alluded to, Microsoft Threat Protection is on a journey to provide organizations seamless, integrated, and comprehensive security across multiple attack vectors. In this RSA edition, we want to share where we are in this journey, the most recent new capabilities launched, and the vision of where we’re going as we continue executing toward our goal of offering best-in-class security for modern organizations.
The journey taken
Microsoft Threat Protection is supported by tremendous investment and focus across multiple engineering teams. Each month, we report discrete enhancements to the solution, but Figure 1 shows the many years of strategic investments and designed capabilities which helped create the solution we offer today. As the timeline demonstrates, each discrete enhancement is tied to the larger vision of Microsoft Threat Protection and our effort to ensure customers are offered the best and most secure threat protection available on the market. The roots of Microsoft Threat Protection stretch back to 2014, with the launch of advanced identity protection capabilities offered in Azure Active Directory Premium. Development of the Microsoft Intelligent Security Graph, which weaves our security services together, began shortly thereafter. Building on these strong foundations in identity protection (including security for on-premises identities) and intelligence, we then launched services securing email and documents, cloud apps, endpoints, and infrastructure. Over the last few years, we have leveraged the connectivity of the Intelligent Security Graph to integrate and seamlessly correlate signals across all our services, to help provide an optimized security experience with minimal complexity for customers.
Figure 1. The development timeline of Microsoft Threat Protection.
The journey is continuing, as we further enhance and develop capabilities which secure customers with Microsoft Threat Protection. Next, we look at announcements made at RSA this year, which are significant strides on our evolution toward the full potential Microsoft Threat Protection.
Tomorrow’s SIEM, available today
Many organizations leverage Security Information and Events Management (SIEM) products to support their digital transformation. As the value of digital information continues to increase, so does the volume and sophistication of attacks. Several customers have told us their existing SIEM products are unable to keep pace.
To address this need, at RSA we announced the launch of Microsoft Azure Sentinel, which adds the benefits of a next-gen SIEM to the Microsoft Threat Protection solution. Azure Sentinel is a cloud-native solution, providing intelligent security analytics for the entire organization. With Azure Sentinel (Figure 2), collection of security data across the entire hybrid organization from devices, to users, to apps, to servers on any cloud is easy. It includes built-in artificial intelligence (AI) to help ensure threats are identified quickly and significantly reduces the burden of traditional SIEMs by eliminating the need to spend time setting up, maintaining, and scaling infrastructure. Since it is built on Azure, it offers nearly limitless cloud scale and speed to address your security needs. Traditional SIEMs are also expensive to own and operate, often requiring high upfront costs and continued high costs for infrastructure maintenance and data ingestion. With Azure Sentinel there are no upfront costs as you pay for what you use. Additionally, organizations can bring their Office 365 activity data to Azure Sentinel for free. It takes just a few clicks to retain your Office 365 data within the Microsoft cloud. Learn more about Azure Sentinel and opt in for a trial today.
Figure 2. The Azure Sentinel – Overview portal.
Combining artificial intelligence with human expertise for unparalleled security
Human expertise will always be pivotal for strong security. However, by 2021, there will be an estimated shortage of 3.5 million security professionals. To help organizations benefit from the knowledge of seasoned security analysts, we announced Microsoft Threat Experts at RSA adding another significant capability to Microsoft Threat Protection to augment customers Security Operation Centers (SOCs). Microsoft Threat Experts is currently offered as part of our endpoint security service, Windows Defender ATP and blends the benefits of human analysts with our industry leading endpoint security service. Soon, Threat Experts will extend to cover more components of Microsoft Threat Protection. It is a new managed threat hunting service providing proactive hunting, prioritization, and additional context and data-driven insights, further helping SOCs identify and respond to threats quickly and accurately. Microsoft Threat Experts enables SOCs to jump-start threat investigations by providing context-rich intelligence. The feature offers:
- Targeted attack notifications: Offers monitoring by Microsoft’s threat experts and provides notifications to customers in case a breach is identified. In cases where a full incident response becomes necessary, seamless transition to Microsoft incident response (IR) services is available.
- Experts on demand (Figure 3): Security experts provide technical consultation on relevant detections and adversaries.
Figure 3. Microsoft Threat Experts “Ask a Threat Expert” button.
Learn more about Microsoft Threat Experts and check out these case studies that showcase the significant benefit of combined human and artificial intelligence. Get started on a Windows Defender ATP trial and begin your preview of Microsoft Threat Experts.
Experience the evolution of Microsoft Threat Protection
Take a moment to learn more about Microsoft Threat Protection, read our previous monthly updates, and visit Integrated and automated security. Organizations have already transitioned to Microsoft Threat Protection and partners are leveraging its powerful capabilities. Begin a trial of Microsoft Threat Protection services today to experience the benefits of the most comprehensive, integrated, and secure threat protection solution for the modern workplace. And check out part 2 of this blog, where we discuss a new unified SecOps experience, powerful new features to strengthen your cloud app security, unique automation capabilities launching in Office 365, and an early look at the full vision and scope of Microsoft Threat Protection.