As technology advances, cloud solutions are becoming more and more common, and with that the need for better solutions for cloud cybersecurity is also increasing. In this aspect, machine learning has helped by reducing the costs and the response time required for managing these threats.
A prime example of this would be Microsoft Sentinel. Sentinel is a scalable, cloud-native solution that delivers intelligent security analytics and threat intelligence across the enterprise. With Microsoft Sentinel, you get a single solution for attack detection, threat visibility, proactive hunting, and threat response.
Sentinel comes with a set of functionalities such as an easy way to gather the data across the enterprise. You can collect the data at cloud scale, across all users and combine it with security information in order to find threats. Almost all the solutions provided by Microsoft are connected via data connectors that are used for real-time integration.
Sentinel uses highly scalable machine learning algorithms to detect threats and reduce the number of false positives. At Ignite 2021, Microsoft introduced Fusion analytics which, based on ML, constantly learn from past attacks, apply analysis and find threats that wouldn’t be possible to find automatically. Besides that, there have been UEBA (User and Event Behavior Analytics) models to better identify threats based on behavioral anomalies.
To understand the scope of an attack, Sentinel is using AI-based investigation and also provides a way to automate it by building hunting queries and Azure Notebooks. The built-in queries are one of the best features that Microsoft Sentinel provides because it allows you to “hunt” for security threats across your data, even before an alert is triggered.
Talking about automation, you can build playbooks, a cloud service that helps you schedule, automate, and orchestrate tasks and workflows across systems throughout the enterprise, or use the ones that are already provided by Microsoft to solve repetitive tasks and to respond to threats quickly.
Sources: - https://learn.microsoft.com/en-us/azure/sentinel/
- https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/microsoft-sentinel-introduces-enhancements-in-machine-learning/ba-p/2897871
Niciun comentariu:
Trimiteți un comentariu