< blog

Delivering on the promise of security AI to help defenders protect today’s hybrid environments

Technology is reshaping society — artificial intelligence (AI) is enabling us to increase crop yields, protect endangered animals and improve access to healthcare. Technology is also transforming criminal enterprises, which are developing increasingly targeted attacks against a growing range of devices and services. Using the cloud to harness the largest and most diverse set of signals — with the right mix of AI and human defenders — we can turn the tide in cybersecurity. Microsoft is announcing new capabilities in AI and automation available today to accelerate that change.

Cybersecurity always comes down to people — good and bad. Our optimism is grounded in our belief in the potential for good people and technology to work in harmony to accomplish amazing things. After years of investment and engineering work, the data now shows that Microsoft is delivering on the potential of AI to enable defenders to protect data and manage risk across the full breadth of their digital estates.

The AI capabilities built into Microsoft Security solutions are trained on 8 trillion daily threat signals and the insights of 3,500 security experts. Custom algorithms and machine learning models make, and learn from, billions of queries every day. As a result, Microsoft Security solutions help identify and respond to threats 50% faster than was possible just 12 months ago. Today, Microsoft Security solutions are able to automate 97% of the routine tasks that occupied defenders’ valuable time just two years ago.

Microsoft Threat Protection, generally available today, does the heavy lifting for defenders by proactively hunting across users, email, applications and endpoints — including Mac and Linux. It brings together alerts and takes action using AI and automation. Microsoft Threat Protection breaks down security silos so security professionals can automatically detect, investigate and stop coordinated multi-point attacks. It weeds out the unimportant and amplifies signals that might have been missed, freeing defenders to work on the incidents that need their attention. With identity protection as a core component, it is the only solution of its type that is designed for Zero Trust. More details on the Microsoft Threat Protection announcement can be found on the Microsoft Security Blog.

It also builds upon solutions recognized as leaders in their categories, like Microsoft Defender Advanced Threat Protection (ATP) for endpoint security. Microsoft Defender ATP offers preventive protection, post-breach detection and automated investigation and response for Windows and macOS. Today we’re announcing support for Linux and plans for iOS and Android as well.

Azure Sentinel, the first cloud-native SIEM with fusion AI technology turns huge volumes of low fidelity signals into a few important incidents for security professionals to focus on. In December 2019 alone, within Microsoft, Azure Sentinel evaluated nearly 50 billion suspicious signals that in practical terms would be impossible for people to manually analyze and emitted just 25 high-confidence incidents for SecOps teams to investigate.

Microsoft was the first major cloud company to embrace the reality of the hybrid and multi-cloud enterprise, with more than 60% of enterprises using two or more cloud platforms. We’re committed to helping SecOps defend the entire stack, not only Microsoft workloads, and that’s why Azure Sentinel brings together events generated by security products from leading vendors such as Palo Alto Networks with the signals generated by cloud platforms such as AWS, providing security teams with visibility across their estates. To further help our customers secure their entire multi-cloud estates, today we are announcing the general availability of the Azure Sentinel connector for IoT and the ability to import AWS CloudTrail logs into Azure Sentinel at no additional cost from Feb. 24, 2020 until June 30, 2020. With this offer AWS customers now have seamless access to the best in-class, cloud-native security information and event management (SIEM) technology from a major cloud provider. More on the details of the Azure Sentinel announcements can be found on the Microsoft Security blog.

Image

An example of Azure Sentinel machine learning activity from the 30-day period of December 2019.

Securing the enterprise is not just about external attackers, but also managing insider risk — which has become a top concern of CISOs. Insider Risk Management in Microsoft 365 — the first born-in-the-cloud, integrated insider risk management solution — helps customers tackle the problem with no agents to deploy and no data ingestions to configure. Extending the same Microsoft Information Protection technology that already classifies and protects more than 50 billion documents for Microsoft customers, machine learning in Insider Risk Management brings together signals, sensitivity labels and content together in a single view, which saves security teams time by allowing them to quickly make informed risk decisions and take action. The general availability of Insider Risk Management is rolling out to customers’ tenants over the coming days.

When people and technology come together, we can accomplish amazing things. The world is indeed getting more complicated, but the public cloud combined with human expertise and industry collaboration are delivering innovation that gives the advantage back to the defenders of cyberspace. We have never been more optimistic about the potential for technology to support and scale your most precious cybersecurity assets — your people.

**used with permission from Microsoft
by Ann Johnson