Microsoft has announced two new cloud services to help administrators detect and manage threats to their systems. The first, Azure Sentinel, is very much in line with other cloud services: it's dependent on machine learning to sift through vast amounts of data to find a signal among all the noise. The second, Microsoft Threat Experts, is a little different: it's powered by humans, not machines. Azure Sentinel is a machine learning-based Security Information and Event Management that takes the (often overwhelming) stream of security events--a bad password, a failed attempt to elevate privileges, an unusual executable that's blocked by anti-malware, and so on--and distinguishes between important events that actually deserve investigation and mundane events that can likely be ignored. Sentinel can use a range of data sources.
Mar-2-2019, 08:01:40 GMT