Introducing a Unified Security Operations Platform with Microsoft Sentinel and Defender XDR
Security teams are tasked with more responsibilities than ever before, and the complexity of today’s security tooling landscape doesn’t make their job any easier. They need to sift through vast amounts of data from various sources that can lead to slower threat response and resolution, increased time spent on learning new technologies, more integrations, and less comprehensive insights. Furthermore, managing the costs associated with data handling remains a significant challenge.
Microsoft is committed to empowering these teams by consolidating the multitude of tools necessary for protecting a digital estate into a single, effective solution powered by AI and automation. This addresses a key pain point in the cybersecurity industry: the need for protection of the entire digital estate and boosting SOC efficiency with simplified tooling experience and management.
Today, we enable SOC teams to build robust protection using Microsoft Defender XDR (formerly Microsoft 365 Defender), the market’s most comprehensive XDR platform. It provides unified visibility, investigation, and response across endpoints, hybrid identities, emails, collaboration tools, cloud apps, cloud workloads and data. Additionally, our cloud native SIEM solution, Microsoft Sentinel, offers unparalleled visibility into the overall threat landscape, extending coverage to every edge and layer of the digital environment. These experiences are natively integrated with bidirectional connectors, enabling security operations teams to benefit from the comprehensiveness and flexibility of the SIEM and the threat-driven approach of the XDR.
We believe it’s time to further unify the security toolkit for our customers and deliver a solution that will meet the needs of an increasingly complex security landscape.
SecOps tooling built for defenders.
Today we are announcing an exciting private preview that represents the next step in the SOC protection and efficiency journey by bringing together the power of Microsoft Sentinel, Microsoft Defender XDR and Microsoft Security Copilot into a unified security operations platform with one experience, one data model and unified features, all enhanced with more AI, automation, attack disruption and curated recommendations. The move to a unified security operations platform means a fully integrated toolset for defenders to prevent, detect, investigate, and respond to threats across every layer of their digital estate. The platform blends the best of SIEM, XDR, and Threat Intelligence with advanced generative AI. This allows security teams to work more efficiently and effectively, heralding a transformation in security operations.
With this announcement we will deliver:
With these new capabilities, SOC teams can confidently protect their entire organization and all its components—including hybrid identities, endpoints, cloud apps, business apps, email and docs, IoT, network, business applications, OT, infrastructure and cloud workloads—with the only unified security operations platform that delivers full SIEM and XDR capabilities.
We are offering flexibility in how you adopt this new experience as every organization has its own unique needs, vendor journeys, and budget requirements. You can continue to use just the SIEM solution, just the XDR components, or maximize their benefits with SIEM and XDR together by joining the private preview. There is no change to the business model or the pricing of Microsoft Defender XDR and Microsoft Sentinel and organizations using both will continue to receive existing benefits. Additionally, we are announcing a SIEM migration tool to further simplify and accelerate migrations to Microsoft Sentinel.
In line with our tradition of thoughtful progression, we are meticulously advancing towards consolidation, ensuring a seamless experience for our customers. We will progressively introduce new capabilities, making certain that this enhanced experience can cater to all our customers and address emerging use cases. The existing Microsoft Sentinel experience within Azure will remain available without any impact on operations, ensuring customers have an uninterrupted experience.
Empowering security operations to protect more, easily.
Some vendors deliver XDR, some deliver SIEM. Microsoft believes that customers will benefit most from a solution that harnesses the power of both to strengthen security posture and prevent attacks while providing more automation and intelligence.
We are committed to delivering the best AI with the most integrated experience and the broadest coverage of resources so you can defend at machine speed. Thank you for your continued partnership and invaluable input on this journey to deliver the most comprehensive threat protection to our global customers. To learn more about these announcements please make sure to tune into Ignite this week.
Microsoft is committed to empowering our customers with modern security tools and platforms to enable critical protection for your organization and users. See additional resources below.
What else is new with Microsoft Sentinel?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.