Today, I’m excited to announce the general public preview of our unified safety operations platform. When we introduced a restricted preview in November 2023, it was one of many first safety operations heart platforms that introduced collectively the complete capabilities of an industry-leading cloud-native safety data and occasion administration (SIEM), complete prolonged detection and response (XDR), and generative AI constructed particularly for cybersecurity. This highly effective combination of capabilities delivers a very unified analyst expertise within the safety operations heart (SOC).
And final month at Microsoft Secure, we added unified publicity administration capabilities that present steady, proactive end-to-end visibility of belongings and cyberattack paths. Together, these totally built-in, complete capabilities give safety leaders and SOC groups what they should handle cyberthreats throughout their group—from prevention to detection and response.
After gaining insights from the preliminary buyer suggestions, we’re excited to increase the platform’s availability to public preview. Customers with a single Microsoft Sentinel workspace and no less than one Defender XDR workload deployed can begin having fun with the advantages of a unified expertise, in a manufacturing surroundings, now. Onboarding a Microsoft Sentinel workspace solely takes a couple of minutes, and prospects can proceed to make use of their Microsoft Sentinel in Azure. Need another excuse to get began as we speak? Microsoft Sentinel prospects utilizing Microsoft Copilot for Security can now leverage the embedded expertise within the Defender portal, serving to them to stage up their safety observe additional.
Unified safety operations platform
The new platform brings collectively the capabilities of XDR and SIEM. Learn find out how to onboard your Microsoft Sentinel workspace to the Microsoft Defender portal.
Knock down safety silos and drive higher safety outcomes
SOCs are buried below mountains of alerts, safety indicators, and initiatives. Analysts are spending an excessive amount of time sifting by way of low-level alerts, leaping between portals, and navigating complicated workflows to grasp what occurred, find out how to resolve it, and find out how to stop it from taking place once more. This leaves little time for analysts to give attention to high-value duties—like remediating multistage incidents totally and even lowering the chance of future assaults by lowering the assault floor. With an ever-growing hole in provide and demand of expertise—in truth, there are solely sufficient cybersecurity professionals to fulfill 82% of the United States demand—one thing should change.1
At the guts of this problem is siloed information—SOCs have an excessive amount of safety information saved in too many locations and most SOC groups lack the instruments to successfully carry all of it collectively, normalize it, apply superior analytics, enrich with risk intelligence, and act on the insights throughout the whole digital property. This is why we constructed the safety operations platform—by bringing collectively the complete capabilities of SIEM, XDR, publicity administration, generative AI, and risk intelligence collectively, safety groups might be empowered with unified, complete options that work throughout use circumstances, not safety device siloes.
The new analyst expertise is constructed to create a extra intuitive workflow for the SOC, with unified views of incidents, publicity, risk intelligence, belongings, and safety reporting. This is a real single pane of glass for safety throughout your complete digital property. Beyond delivering a single expertise, unifying these options all on one platform delivers extra strong capabilities throughout the whole cyberattack lifecycle.
“Security teams need a single pane of glass to manage today’s IT environments. Long gone are the days when teams could operate in silos and protect their environments. With today’s announcement Microsoft is moving another step forward in helping businesses protect their systems, customers and reputations,” stated Chris Kissel, IDC Research Vice President, Security and Trust. “Microsoft combining the full capabilities of an industry-leading cloud-native SIEM and XDR with the first generative AI built specifically for cybersecurity is a game changer for the industry.”
Capabilities throughout Microsoft Sentinel and Microsoft Defender XDR merchandise are actually extending, making each Microsoft Sentinel and Defender XDR extra precious. XDR prospects can now take pleasure in extra flexibility of their reporting, their capability to deploy automations, and higher perception throughout information sources. With the brand new capability to run customized safety orchestration, automation, and response (SOAR) playbooks on an incident supplied by Microsoft Sentinel, Defender XDR prospects can scale back repetitive processes and additional optimize the SOC. They may also now hunt throughout their XDR and SIEM information in a single place. Further, XDR detection and incident creation will now open to information from SIEM. SIEM prospects can now get extra out of the field worth, enhancing their capability to give attention to the duties at hand and achieve extra proactive safety towards threats, liberating them to spend extra time on novel threats and the distinctive wants of their surroundings.
Prevent breaches with end-to-end visibility of your assault floor
During the previous 10 years, the enterprise assault surfaces have expanded exponentially with the adoption of cloud providers, bring-your-own gadget, more and more complicated provide chains, Internet of Things (IoT), and extra. Approximately 98% of assaults could be prevented with fundamental cybersecurity hygiene, highlighting the significance of hardening all programs.2 Security silos make it harder and time-consuming to uncover, prioritize, and remove exposures.
Fortunately, the Microsoft Security Exposure Management resolution, constructed proper into the brand new unified platform expertise, consolidates silos right into a contextual and risk-based view. Within the unified platform, safety groups achieve complete visibility throughout a myriad of exposures, together with software program vulnerabilities, management misconfigurations, overprivileged entry, and evolving threats resulting in delicate information publicity. Organizations can leverage a single supply of reality with unified publicity insights to proactively handle their asset threat throughout the whole digital property. In addition, assault path modeling helps safety professionals of all talent ranges predict the potential steps adversaries could take to infiltrate your essential belongings and attain your delicate information.
Shut down in-progress assaults with computerized assault disruption
In as we speak’s risk panorama, the place multistage assaults are the brand new regular, automation is now not optionally available, however a necessity. We’ve seen complete ransomware campaigns that solely wanted two hours to finish, with attackers shifting laterally in as little as 5 minutes after preliminary compromise—the median time for attackers to entry delicate information is simply 72 minutes.3 This functionality is important to counter the fast, persistent assault strategies like an AKIRA ransomware assault. Even the most effective safety groups have to take breaks and with mere seconds separating 1000’s versus hundreds of thousands of {dollars} spent on an assault, the pace of response turns into essential.
This platform harnesses the ability of XDR and AI to disrupt superior assaults like ransomware, enterprise electronic mail compromise, and adversary-in-the-middle assaults at machine pace with computerized assault disruption, a game-changing expertise for the SOC that is still unique to Microsoft Security. Attack disruption is a robust, out-of-the-box functionality that routinely stops the development and limits the influence of probably the most subtle assaults in close to real-time. By stopping the assault development, valuable time is given again to the SOC to triage and resolve the incident.
Attack disruption works by taking a large breadth of indicators throughout endpoints and IoT, hybrid identities, electronic mail and collaboration instruments, software program as a service (SaaS) apps, information, and cloud workloads and making use of AI-driven, researcher-backed analytics to detect and disrupt in-progress assaults with 99% confidence.3 With greater than 78 trillion indicators fueling our AI and machine studying fashions, we will quickly detect and disrupt distinguished assaults like ransomware in solely three minutes, saving 1000’s of units from encryption and restoration prices. Using our distinctive capability to acknowledge the intention of the attacker, which means precisely predict their subsequent transfer, Microsoft Defender XDR takes an automatic response akin to disabling a consumer account or isolating a tool from connecting to every other useful resource within the community.
Built on the assault disruption expertise in our Defender XDR resolution, our unified platform now extends this dynamic safety to new options by way of Microsoft Sentinel—beginning with SAP. When an SAP account assault is detected, our platform will routinely reply to chop off entry in SAP. This means unprecedented safety for a platform that homes extremely delicate information, making it a main goal for attackers.
Investigate and reply sooner
Multiple dashboards and siloed searching experiences can actually decelerate the meantime to acknowledge and reply. The effectiveness of the SOC is measured by these essential metrics. Microsoft delivers a single incident queue, geared up with strong out-of-the-box guidelines, that saves time, reduces alert noise, and improves alert correlation, in the end delivering a full view of an assault. During our personal preview, prospects noticed as much as an 80% discount in incidents, with improved correlation of alerts to incidents throughout Microsoft Sentinel information sources, accelerating triage and response.4 Further, unified searching helps prospects to cut back investigation time by eliminating the necessity to know the place information is saved or to run a number of queries on completely different tables.
We’re not stopping at computerized assault disruption and unified incident queues—we’re on a mission to uplevel analysts of all expertise ranges. Microsoft Copilot for Security helps safety analysts speed up their triage with complete incident summaries that map to the MITRE framework, reverse-engineer malware, translate complicated code to native language insights, and even full multistage assault remediation actions with a single click on.
Copilot for Security is embedded within the analyst expertise, offering analysts with an intuitive, clever assistant than can information response and even create incident experiences routinely—saving analysts important time. Early adopters are seeing their analysts transfer a mean of 22% sooner and speed up time to decision.5 Copilot for Security is greater than a chatbot—it’s a real clever assistant constructed proper into their workflow, serving to them use their instruments higher, stage up their expertise, and get suggestions related to their work at hand.
If you’d like to hitch the general public preview, view the conditions and find out how to join your Microsoft Sentinel office.
Learn extra
Learn extra about Microsoft SIEM and XDR options.
To study extra about Microsoft Security options, go to our web site. Bookmark the Security weblog to maintain up with our knowledgeable protection on safety issues. Also, observe us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the newest information and updates on cybersecurity.
1Cybersecurity Supply and Demand Heat Map, CyberSeek. 2024.
2Microsoft Digital Defense Report, Microsoft. 2023.
3Microsoft Digital Defense Report, Microsoft. 2022.
4Microsoft Internal Research.
5Microsoft Copilot for Security randomized managed trial (RCT) with skilled safety analysts performed by Microsoft Office of the Chief Economist, January 2024.