@Heike Ritter
Hello Heike, great show! Thank you for having Javier on.
EBA == User and Entity Behavior Analytics
UEBA uses Artificial Intelligence (AI) and Machine Learning (ML) algorithms used to
establish a user and entity baselines and then monitor/identify anomalies, impossible travel,
and/or any other inconsistent behaviors from established baselines. Originated from FinTech as a means to minimize credit card fraud.
SOAR == Security, Orchestration, Automation, and Response is needed as SOC analysts have to do more with less. SOAR can also reduce alert fatigue in Analysts by handling common activities / alert and when a certain threshold is exceeded, alert the SOC Analyst to events they should really focus on. This is a critical capability.
One of my favorite features of Sentinel is the Fusion Analytic correlation engine that uses 10's of trillions of signals (daily) with AI/ML to produce low noise, high fidelity alerts. This dynamic content feeding Sentinel raises the bar from static on-premises manual processes into a continuous cloud powered platform!
I particularly like how Sentinel can bring in visibility from other Defender Security solutions, cloud providers, on-premises infrastructure via Azure Arc and provide dashboards with dynamic displays in a single pane of glass. I also like how Kusto Query Langauge (KQL) can be used in M365 Defender, Sentinel, Log Analytics, and Azure Data Explorer. One common language used to deeply explore, enrich, and correlate information across various Azure security solutions (MDE,MDI,MDC,MDO, etc).
Lastly the automation demonstration through logic apps and the Microsoft 365 Defender connector in Sentinel was great! This cross-functional integration of telemetry woven into and through the Azure security solution stack is impressive and very useful when it comes to event/alert enrichment, correlation, thus illuminating the operational environment folks are responsible for defending.
