Simbian debuts AI Threat Hunt Agent with Microsoft Sentinel link
Simbian has launched its AI Threat Hunt Agent, which integrates with the Microsoft Sentinel data lake to enable Microsoft 365 E5 customers to enhance and scale their threat hunting capabilities.
The announcement marks the availability of Simbian's automated threat hypothesis validation tool, intended to improve organisations' abilities to detect and address cybersecurity threats across their digital environments. By expanding the integration with Microsoft Sentinel data lake, Simbian is also enhancing the capability of its AI Security Operations Centre (SOC) Agent to access and process vast amounts of security-related information from a wide range of sources.
Automating threat hunting
Simbian's AI Threat Hunt Agent is designed to automate the process of validating threat hunt hypotheses using artificial intelligence. Security analysts can employ natural language to describe the tactics and tools they suspect threat actors of using, as well as their possible locations within the organisation's infrastructure. The AI Threat Hunt Agent then analyses security data from multiple tools to find any supporting evidence. If a potential malicious activity chain is detected, the agent conducts an in-depth investigation, delivering prompt feedback to security analysts.
According to Simbian, this represents the first and only threat hunting solution that can automate hypothesis validation at scale across an enterprise.
Leveraging the Microsoft Sentinel data lake
With the integration, Simbian's solution is capable of drawing on months' worth of logs from across the enterprise, enabling it to identify prolonged attacks or conduct targeted investigations. Microsoft Sentinel data lake provides a cloud-native, open-format platform for storage and analysis of large, diverse security datasets.
The AI SOC Agent has been updated to utilise Microsoft Sentinel data lake for deeper investigation and response to security alerts issued by major tools such as Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) platforms. This expansion follows earlier integration between Simbian products and Microsoft Sentinel, now encompassing Sentinel data lake's full capabilities.
"Sentinel data lake delivers on Microsoft's vision of being the best security platform for security in the AI era," said Krishna Kumar Parthasarathy, Corporate Vice President, Microsoft Sentinel Platform. "We are excited to have partners like Simbian demonstrating the power of this platform and show a path towards more autonomous security capabilities."
Simbian's approach is centred on automating both the procedural and analytical components of threat hunting, relieving human analysts of repetitive tasks and allowing them to focus on strategic analysis.
"Simbian is honoured to work with Microsoft to take advantage of the wide breadth of data provided by Sentinel data lake and provide autonomous solutions for our mutual customers' pain points in threat hunting," said Ambuj Kumar, Simbian Co-founder and CEO. "By automating the mechanical and reasoning aspects of threat hunting across large volumes of data from Sentinel data lake, customers can hunt broader and deeper to uncover threats that matter and focus on the creative side of threat hunting."
Lifecycle of threat hunting
The collaboration of the new Threat Hunt Agent with the existing AI SOC Agent is intended to provide a comprehensive approach to the lifecycle of threat hunting. Security teams are enabled to generate hypotheses based on contextual information, automatically validate these through the AI-powered agent, and use the SOC Agent to investigate and respond to detected threats.
This combination supports security departments in identifying and addressing critical threats while streamlining the investigative process.
Product availability
Simbian's AI Threat Hunt Agent is currently accessible via private preview. The AI SOC Agent and Simbian's Context Lake platform are generally available to customers.
