As the threat landscape continues to evolve and grow, it is critical for security operations teams to uncover the full scope of an incident and respond to threats as quickly as possible. For this reason, we continue to invest in innovations to help SOC analysts do their work more efficiently. We are proud to announce several exciting enhancements empowering our customers to ingest and store more data, respond to threats more quickly, and ultimately; to do more with less.
This year’s announcements at Microsoft Ignite include:
- Store and search high volumes of data: General Availability of new options for security data ingestion include basic logs and archived logs, providing customers with low-cost options for secondary data sources, compliance data storage and historical data for threat hunting.
- Manage incidents with increasing efficiency: new tools to create, track and respond to incidents that will empower your SecOps team to manage escalating threats.
- Monitor IoT and OT: the first native SOC experience for IT and OT environments. Now, you can bring together IoT/OT and IT security operations within one platform.
- Accelerate migration to Microsoft Sentinel: a program that will support customers by simplifying and accelerating their migration of legacy SIEM tools to Microsoft Sentinel.
- Integrate with the tools and data you need: more additions to our growing content hub that allow our customers to address the use cases most important to them.
Read on for more details.
Store and search high volumes of data
Log collection is critical for threat investigation and hunting. The more data you can ingest and search, the better you can detect, diagnose and respond to issues. Solutions include:
- Basic logs. This new log type offers a cost effective and efficient way to ingest high-volume secondary log sources. These are useful for expanding the breadth of an investigation or hunting specific or sophisticated threats.
- Archived logs: A low-cost option for long-term storage, Archive logs allows users to bring up to seven years of historical data back to life with log restore. Users can investigate long running incidents with high performance analytic queries and in-depth searches. Archived logs also provide customers with a storage solution to meet legal data retention compliance requirements.
- Enhanced Search: Security analysts can search across all log data types, including analytics, basic and archived logs and to hunt threats faster. This can be done from one powerful user experience using search jobs. These capabilities will soon be extended to other data stores including ADX or disparate data lakes for a more complete search experience.
Manage workflows efficiently with an updated incident experience
Every second counts when under attack. Customers will soon enjoy a revamp of the incident management experience that provides greater context, insights, and automations within a single page and greater incident workflow management. We have also introduced additional options for creating new incidents.
- Updated incident management experience: The new user interface offers a single experience for triaging, investigating, and responding to incidents. Analysts can now easily surface important information without pivoting to other pages. The new incidents experience provides:
- Expanded context for analysts to triage incidents, enriched by network and threat intelligence, watchlists, and other sources.
- Ability to act on entities quickly, including running playbooks for enrichment and response, or adding an entity to your TI repository.
- Full incident audit for tracking and reporting.
- New incident creation: Create incidents in Microsoft Sentinel, either manually, through LogicApps or email, to track incidents all you’ve captured in one place. This allows users to track and contextualize issues that were identified outside of Microsoft Sentinel.
Monitor IT and OT environments
IoT and OT devices are increasingly becoming a major attack vector for organizations of all sizes and industries. Defending against these attacks has traditionally involved disparate tools that suffer from poor integration with the overall security program. With the release of IoT and OT entity pages in Microsoft Sentinel, all OT-related alerts, compromised assets, events, and packet capture access are now part of one analyst workflow, providing customers with complete control across all devices and assets. Together, Microsoft Sentinel and Microsoft Defender for IoT bridges the gap between IT and OT security challenges, empowering SOC teams with out-of-the-box capabilities to detect and respond to multi-stage threats.
Accelerate migration to Microsoft Sentinel
The Migration and Modernization Program will help customers move to Microsoft Sentinel by simplifying and accelerating their migration from legacy SIEM tools. As part of the program, we will offer a mix of best practice guidance, resources, and expert support at every stage of migration. To learn more please reach out to your account team for details.
Integrate with the tools you need
Over the last year we released a variety of product, domain and industry solutions in The Microsoft Sentinel Content Hub. This helps customers accelerate and simplify their onboarding. The marketplace continues to be a priority and we are excited to highlight the following new integrations:
- Rubrik: With this integration customers can better manage the risk of business disruption and financial impact of ransomware. Rubrik provides comprehensive data security that safeguards data so it can be quickly recovered.
- Tanium: This solution will bring data from Tanium’s converged endpoint management solution into Microsoft Sentinel to provide more comprehensive coverage across devices.
Learn More
Microsoft is committed to empowering our customers with modern security tools and platforms to enable critical protection for your organization and users. To learn more about Microsoft Sentinel capabilities and new announcements see:
- Microsoft Sentinel: https://aka.ms/microsoftsentinel
- Blogs: Microsoft Sentinel Blog - Microsoft Tech Community
- Plan your migration to Microsoft Sentinel: Plan your migration to Microsoft Sentinel | Microsoft Learn
- Protect critical systems within SAP systems: Protect critical information within SAP systems against cyberattacks - Microsoft Tech Community
- Anomaly detection in SAP audit logs: Anomaly detection on SAP’s Audit Log Using Microsoft Sentinel
- Microsoft Defender for IoT: Microsoft Defender for IoT documentation | Microsoft Learn