Microsoft’s latest security service uses human intelligence, not artificial

by
Peter Bright
from Ars Technica - All content on (#4A3F7)
microsoft-security-center-800x565.jpg

Enlarge / Microsoft security experts monitoring the world, looking for hackers. (credit: Microsoft)

Microsoft has announced two new cloud services to help administrators detect and manage threats to their systems. The first, Azure Sentinel, is very much in line with other cloud services: it's dependent on machine learning to sift through vast amounts of data to find a signal among all the noise. The second, Microsoft Threat Experts, is a little different: it's powered by humans, not machines.

Azure Sentinel is a machine learning-based Security Information and Event Management that takes the (often overwhelming) stream of security events-a bad password, a failed attempt to elevate privileges, an unusual executable that's blocked by anti-malware, and so on-and distinguishes between important events that actually deserve investigation and mundane events that can likely be ignored.

Sentinel can use a range of data sources. There are the obvious Microsoft sources-Azure Active Directory, Windows Event Logs, and so on-as well as integrations with third-party firewalls, intrusion-detection systems, endpoint anti-malware software, and more. Sentinel can also ingest any data source that uses ArcSight's Common Event Format, which has been adopted by a wide range of security tools.

Read 5 remaining paragraphs | Comments

index?i=PTocITbgV9A:Rl9f7EofTRo:V_sGLiPB index?i=PTocITbgV9A:Rl9f7EofTRo:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments