sb-au logo
Story image

Microsoft bolsters threat prevention capabilities for enterprises

28 Feb 2020

Microsoft has recently announced new capabilities in automation and artificial intelligence (AI) designed to provide cloud-based protection to organisations’ cybersecurity defences.

These capabilities centre around Microsoft Threat Protection, Azure Sentinel, and Insider Risk Management.

According to Microsoft’s Cybersecurity Solutions Group corporate vice president Ann Johnson, organisations can ‘turn the tide’ in cybersecurity by using the cloud and the right mix of human and AI intelligence.

“Cybersecurity always comes down to people – good and bad. Our optimism is grounded in our belief in the potential for good people and technology to work in harmony to accomplish amazing things. After years of investment and engineering work, the data now shows that Microsoft is delivering on the potential of AI to enable defenders to protect data and manage risk across the full breadth of their digital estates,” says Johnson.

Microsoft adds that its AI-enabled security solutions are trained on 8 trillion daily threat signals, as well as 3500 human security experts. These solutions are now able to automate 97% of tasks that took up human defenders’ time two years ago.

Microsoft Threat Protection uses automation and AI to monitor for threats across applications, emails, and endpoints. It also uses identity protection as one of its core components, which means it is designed for Zero Trust.

“Microsoft Threat Protection breaks down security silos so security professionals can automatically detect, investigate and stop coordinated multi-point attacks. It weeds out the unimportant and amplifies signals that might have been missed, freeing defenders to work on the incidents that need their attention,” explains Johnson.

The solution builds on the core Microsoft Defender Advanced Threat Protection for endpoint security. Microsoft Defender Advanced Threat Protection is also generally available across Windows, Linux, and macOS. Microsoft plans to develop the solution for iOS and Android in future.

The Azure Sentinel platform now has two separate additional capabilities. The first is a new Sentinel connector for IoT, which allows organisations to onboard data from Azure IoT Hub-managed deployments into Azure Sentinel.

“Customers can now monitor alerts across all IoT Hub deployments along with other related alerts in Azure Sentinel, inspect and triage IoT incidents, and run investigations to track an attacker’s lateral movement within their enterprise,” explains Microsoft principal group program manager Sarah Fender and partner director program manager Eliav Levi.

The second Azure Sentinel Capability allows organisations to import AWS CloudTrail Logs into Azure Sentinel at no additional cost for a limited time (February-April 2020).

Insider Risk Management, part of Microsoft 365, allows organisations to solve a problem without the need for agents or ingestions. It is now generally available and is rolling out to customers’ tenants.

Story image
Interview: Checkmarx on the state of software security in Asia Pacific
"While the benefits of software are obvious, this proliferation also creates a massive and ever-evolving attack surface,” says Checkmarx A/NZ country manager Raygan Flores.More
Story image
Australians ignoring cybersecurity policies in favour of productivity
Trend Micro has found that 67% of remote workers have increased their cybersecurity awareness during COVID-19 related lockdowns. However, despite greater awareness people may still engage in risky behaviour, the survey finds.More
Story image
Fortinet: Distributed networks driving enterprises towards consistent security
Jon McGettigan, Fortinet A/NZ Regional Director, explains how consistent security services can protect and help manage distributed networks.More
Story image
Businesses move to cloud-based security solutions in a bid to support remote working
Cloud-based security tools are becoming increasingly popular following the rise in remote working during COVID-19, including a marked increase in businesses using such tools to protect of corporate financial information.More
Story image
Okta, CrowdStrike, Netskope and Proofpoint create shared zero trust security strategy
Okta, CrowdStrike, Netskope and Proofpoint have joined forces to develop and launch an integrated, zero trust security strategy, stating that this is crucial for today’s digital and remote working environments.More
Story image
Not enough being done to combat email fraud in A/NZ - report
New research from SMX has revealed neither private companies nor government agencies have done enough to stamp out phishing and spoofing campaigns throughout Australia and New Zealand.More