The latest SIEM and SOAR tool combines the power of Azure and AI to reduce alert fatigue by 90 percent
January 16, 2020, Hong Kong –– Security can be a never-ending saga — a chronicle of increasingly sophisticated attacks, volumes of alerts, and long resolution timeframes where today’s Security Information and Event Management (SIEM) products cannot keep pace. Recent insight from ESG Research revealed that 70 percent of organizations still anchor their security analytics and operations with traditional SIEM systems.
Machine learning enhanced with Artificial Intelligence (AI) holds great promise in addressing many of the global cyber challenges we see today, giving our cyber defenders the ability to identify, detect, and block malware, almost instantaneously.
Today, Microsoft announced Microsoft Azure Sentinel, one of the world’s first cloud-native SIEM solution, is officially available in Hong Kong. Bringing together the power of Azure and AI, this latest cyber security solution is designed to give companies which operate security operations centers (SOCs) a more modern approach to detecting and defending against threats.
“We are in a unique position to help companies leverage our complete security portfolio, take full advantage of our new SIEM and SOAR [security orchestration, automation and response] tool to improve their security analytics, respond to incidents rapidly with built-in orchestration and automation, and keep their SIEM costs under control,” said Fred Sheu, National Technology Officer, Microsoft Hong Kong. “Azure Sentinel provides a proactive and responsive cloud-native SIEM that will help customers simplify their security operations and scale as they grow.”
Leveraging built-in AI and machine learning to analyze large volumes of data across an enterprise rapidly, Azure Sentinel empowers security operations (SecOps) professionals through reducing alert fatigue by 90 percent – this includes the noise, false alarms, time consuming tasks and complexity that are weighing SecOps experts down so that they can prioritize the most critical tasks.
Deeply integrated with Microsoft 365 services, Azure Sentinel takes security to the next level and gives organizations a comprehensive view of their entire threat landscape and a holistic protection. It joins the broad portfolio of Microsoft Threat Protection solutions including Microsoft Defender Advanced Threat Protection, Office 365 Advanced Threat Protection and Azure Advanced Threat Protection.
“Microsoft is committed to creating holistic protection solutions within a single framework which provide hassle-free, simple and fully integrated protection that empowers organizations and their SecOps teams with optimal and cost-effective security,” added Sheu.
CRN has also named Azure Sentinel as one of the Top 10 Hottest Cybersecurity Tools in 2019.
Key features of Azure Sentinel
Collect data across enterprise easily
With Azure Sentinel SecOps professionals can aggregate all security data with built-in connectors, native integration of Microsoft signals, and support for industry standard log formats like common event format and syslog. Users can import their Microsoft Office 365 data for free and combine it with other security data for analysis in just a few clicks. Azure Sentinel uses Azure Monitor which is built on a proven and scalable log analytics database that ingests more than 10 petabytes every day and provides a very fast query engine that can sort through millions of records in seconds.
Analyze and detect threats quickly with AI within organizations
Azure Sentinel leverages scalable machine learning algorithms to correlate millions of low fidelity anomalies to present a few high fidelity security incidents to the security analyst, addressing the challenge of triaging facing analysts as they sift through a sea of alerts, and correlate alerts from different products manually or using a traditional correlation engine. Azure Sentinel helps reduce up to 90 percent in alert fatigue during evaluations.
Automate common tasks and threat response
Azure Sentinel provides built-in automation and orchestration with pre-defined or custom playbooks to solve repetitive tasks and to respond to threats quickly. Azure Sentinel will augment existing enterprise defense and investigation tools, including best-of-breed security products, homegrown tools, and other systems like HR management applications and workflow management systems like ServiceNow.
Azure Sentinel protects e-commerce leader ASOS against cyberthreats
Based in the United Kingdom, ASOS has used e-commerce to reach the top of this thriving industry and become one of the world’s largest fashion retailers. The online retailer sells approximately 85,000 items — including 5,000 new items every week — to more than 20 million customers around the world, resulting in £2.4 billion in annual sales.
In the past, it was difficult to move data between an offsite, on-premises operation center and an onsite, cloud-enabled center that used cloud-generated data. It was difficult for ASOS to gain a comprehensive view of cyberthreat activity.
ASOS now has created a bird’s-eye view of everything it needs to spot threats early, allowing it to proactively safeguard its business and its customers.
“There are a lot of threats out there,” said Stuart Gregg, Cyber Security Operations Lead at ASOS. “You’ve got insider threats, account compromise, threats to our website and customer data, even physical security threats. We’re constantly trying to defend ourselves and be more proactive in everything we do.”
In the first six months of deployment, ASOS used Azure Sentinel to analyze 3.7 billion potential security events, generate 3,100 alerts, and resolve 519 incidents. The cyber security team also has reduced the time spent on case management and resolution of alerts by approximately 50 percent.
 ESG Research Survey, Security Analytics and Operations: Industry Trends in the Era of Cloud Computing, September 2019
Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.