Blog Post

Microsoft Sentinel Blog
5 MIN READ

Microsoft Sentinel introduces enhancements in machine learning and productivity at Ignite 2021

Sarah Fender's avatar
Sarah Fender
Icon for Microsoft rankMicrosoft
Nov 02, 2021

Conferences give us an opportunity to share our continued innovation with customers. Last year we announced our SIEM and XDR strategy to protect the world against evolving threats, in our new digital format of the conference. Although we cannot meet in person for another year, we have some exciting new capabilities to share with you.

 

Today, we are taking the next step in advancing Microsoft Sentinel, formerly Azure Sentinel, using the power of Machine Learning (ML) to help you stay ahead of emerging threats while also increasing the productivity of security operations teams. In addition, we are making it easier for anyone to try Microsoft Sentinel with a new 31-day trial.

 

Detect unknown threats, reduce noise, and speed investigation

Microsoft Sentinel's advanced analytics capabilities, powered by Machine Learning algorithms, help you detect unknown threats, reduce noise, and speed investigation.

 

Today, we are introducing additional UEBA models to identify threats based on behavioral anomalies. Powered by machine learning, anomalies are trained using your data and can be easily tuned by you to reduce noise. UEBA can also be customized using new Watchlist templates to provide rich, contextual insights relevant to your organization.

 

In addition, we added new ML algorithms to our Fusion analytics and extended coverage to a broader scope of anomalous signals, including customizable anomalies and alerts from scheduled analytics rules created by your security analysts. With this extended capability, Fusion detections can go beyond the known attack scenarios. The new set of Fusion ML algorithms constantly learn from existing attacks, apply analysis based on how the real security analysts think, and find the threats we have not seen previously from millions of signals across the kill-chain in your environment. In the event a benign pattern emerges, you can create an exclusion to eliminate noisy incidents. Learn more.

 

To power you own big data analytics, Azure Synapse is now built-in to Azure Sentinel, enabling customers to build and run custom advanced analytics and machine learning models on data in Azure Sentinel and other data stores. Out-of-the-box templates, developed by Microsoft security and data scientist, help you get started. Use Azure Synapse to hunt for anomalous behaviors, such as network beaconing patterns, using data stored in your Azure Data Lake, build custom classifiers using your asset inventory to inform incident prioritization in Microsoft Sentinel, develop custom baselines for threat detection, such as using a model for identifying algorithmically generated domain names, and much more. Learn more.

 

With ML at the core of innovation in Microsoft Sentinel, your scheduled analytics rules can now benefit from new benefit new ML-powered tuning recommendations. By analyzing your incidents over time and deducing patterns, Microsoft Sentinel can provide you with actionable recommendations and insights to significantly improve the quality of your detections so you can spend less time responding to false alarms. Learn more.

 

To further reduce the threat response time, we are also announcing the availability of near-real-time analytics in Microsoft Sentinel. The new near-real-time analytics rules offer faster detection by running queries at intervals just one minute apart. Learn more.

 

To optimize threat hunting for speed and efficiency, the refreshed hunting dashboard, now generally available, helps you focus on specific MITRE ATT&CK techniques and changes over time. And, threat intelligence enrichments have been added, so GeoIP and WhoIs data is readily available to inform threat hunting and investigation.

 

Get instant value with out-of-the-box solutions

Microsoft Sentinel now offers nearly 100 solutions in its Content Hub for easy discovery and deployment. Solutions can contain one or many data connectors, workbooks, analytics, hunting queries, playbooks and parsers so you can quickly deploy a complete solution for a specific product, such as your firewall, or for a particular use case, like compliance monitoring. Learn more.

 

Some notable additions include an updated Security Monitoring Solution for SAP with UEBA that is coming soon, a new OT Monitoring Solution for Microsoft Defender, a Deception Solution that integrates insights from Honeytokens in Azure Key Vault, as well as solutions for leading threat intelligence feeds, XDR solutions and cloud platforms like Google and Oracle.

 

In addition to Solutions, we offer hundreds more standalone content, including data connectors, workbooks, analytic rules and more to help you quickly get value from Microsoft Sentinel. A new automation playbook gallery offers an extensive collection and an easy deployment experience of more than 200 playbook templates to help you quickly automate SOC processes workflows for increased efficiency, ranging from simple orchestration tasks to complex automated investigation. Learn more.

 

As you customize content and create your own, connected code repositories enable you to streamline management and continuous deployment of analytic rules, workbooks and more from your GitHub and Azure DevOps repositories. Maintain content centrally (like you would source code) and automatically deploy to all Microsoft Sentinel instance for significant time savings. Learn more.

 

Integrate with Microsoft XDR solutions to enhance security intelligence

Microsoft was recently positioned as a leader in the Forrester XDR Wave™: Extended Detection and Response (XDR), Q4, 2021 and we continue to innovate to bring the best of SIEM and XDR together to empower defenders with an integrated toolset and rich security intelligence. Microsoft delivers the only integrated SIEM and XDR with incident sync across the full set of components. Our customers can leverage Microsoft 365 Defender and Microsoft Defender for Cloud, formally Azure Defender, for integrated detection and response across endpoints, identities, apps, and infrastructure and Microsoft Sentinel for unified incident triage, correlation, and enrichment with other signals. For more information read our Microsoft Defender for Cloud blog. Microsoft Sentinel also integrates with Microsoft Defender for IoT, expanding the breadth of signal to IoT and OT devices. For more information on Microsoft Defender for IoT enhancements you can read our IoT security blog.

 

Try Microsoft Sentinel for Free

To help you more easily onboard to Microsoft Sentinel, we are introducing a new free trial: Log Analytics customers can use both Log Analytics and Microsoft Sentinel free on new workspaces for a maximum of 10GB/day for the first 31 days.  In addition, you can still add Microsoft Sentinel to your existing Log Analytics for free for first 31 days. A new solution includes sample data and a training guide to help you quickly try out Microsoft Sentinel without having to connect your own data sources and simulate attacks.

 

In addition, we are announcing that on December 1st the free data grant for M365 E5 customers, previously offered as a time limited promotion, will become a sustained benefit for E5 customers and extended to A5 and G5 customers: you can save up to USD1500/month on a typical 3,500 seat deployment of Microsoft 365 E5 with up to 5MB per user/day of free data ingestion into Microsoft Sentinel1.

 

Get started with next steps

Ready to dig deeper? All of these new capabilities and features are available in Microsoft Sentinel today. To see them in action for yourself, all you have to do is start a trial.

 

If you would like to learn more about these new announcements and about Microsoft Sentinel in general, I also encourage you to attend our Microsoft Ignite sessions or sign up for our Tech Community webinar. There, you can see demos of new features and ask Microsoft Sentinel experts questions in a live Q&A.

 

1Calculation based on pay-as-you-go prices for Azure Sentinel and Azure Monitor Log Analytics for US East region.

Updated Nov 12, 2021
Version 5.0