{"id":89105,"date":"2019-03-14T08:00:42","date_gmt":"2019-03-14T15:00:42","guid":{"rendered":"http:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=89105"},"modified":"2023-05-15T23:10:36","modified_gmt":"2023-05-16T06:10:36","slug":"evolution-microsoft-threat-protection-rsa-edition-1","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/03\/14\/evolution-microsoft-threat-protection-rsa-edition-1\/","title":{"rendered":"The evolution of Microsoft Threat Protection, RSA edition part 1"},"content":{"rendered":"

Last week, the Microsoft Security<\/a> team attended the RSA conference in San Francisco, California. We made several key announcements about Microsoft Threat Protection<\/a>, the solution which provides end users optimal security from the moment they log in, use email, work on documents, or utilize cloud applications and<\/em> offers security professionals the benefit of minimal complexity while staying ahead of threats to their organization. As we previously alluded to<\/a>, Microsoft Threat Protection is on a journey to provide organizations seamless, integrated, and comprehensive security across multiple attack vectors. In this RSA edition, we want to share where we are in this journey, the most recent new capabilities launched, and the vision of where we\u2019re going as we continue executing toward our goal of offering best-in-class security for modern organizations.<\/p>\n

The journey taken<\/h3>\n

Microsoft Threat Protection is supported by tremendous investment and focus across multiple engineering teams. Each month, we report discrete enhancements to the solution, but Figure 1 shows the many years of strategic investments and designed capabilities which helped create the solution we offer today. As the timeline demonstrates, each discrete enhancement is tied to the larger vision of Microsoft Threat Protection and our effort to ensure customers are offered the best and most secure threat protection available on the market. The roots of Microsoft Threat Protection stretch back to 2014, with the launch of advanced identity protection capabilities offered in Azure Active Directory Premium<\/a>. Development of the Microsoft Intelligent Security Graph, which weaves our security services together, began shortly thereafter. Building on these strong foundations in identity protection (including security for on-premises identities<\/a>) and intelligence, we then launched services securing email and documents<\/a>, cloud apps<\/a>, endpoints<\/a>, and infrastructure<\/a>. Over the last few years, we have leveraged the connectivity of the Intelligent Security Graph to integrate and seamlessly correlate signals across all our services, to help provide an optimized security experience with minimal complexity for customers.<\/p>\n

\"\"<\/a><\/p>\n

Figure 1. The development timeline of Microsoft Threat Protection.<\/em><\/p>\n

The journey is continuing, as we further enhance and develop capabilities which secure customers with Microsoft Threat Protection. Next, we look at announcements made at RSA this year, which are significant strides on our evolution toward the full potential Microsoft Threat Protection.<\/p>\n

Tomorrow\u2019s SIEM, available today<\/h3>\n

Many organizations leverage Security Information and Events Management (SIEM) products to support their digital transformation. As the value of digital information continues to increase, so does the volume and sophistication of attacks. Several customers have told us their existing SIEM products are unable to keep pace.<\/p>\n

To address this need, at RSA we announced the launch of Microsoft Azure Sentinel<\/a>, which adds the benefits of a next-gen SIEM to the Microsoft Threat Protection solution. Azure Sentinel is a cloud-native solution, providing intelligent security analytics for the entire organization. With Azure Sentinel (Figure 2), collection of security data across the entire hybrid organization from devices, to users, to apps, to servers on any cloud is easy. It includes built-in artificial intelligence (AI) to help ensure threats are identified quickly and significantly reduces the burden of traditional SIEMs by eliminating the need to spend time setting up, maintaining, and scaling infrastructure. Since it is built on Azure, it offers nearly limitless cloud scale and speed to address your security needs. Traditional SIEMs are also expensive to own and operate, often requiring high upfront costs and continued high costs for infrastructure maintenance and data ingestion. With Azure Sentinel there are no upfront costs as you pay for what you use.\u00a0 Additionally, organizations can bring their Office 365 activity data to Azure Sentinel for free<\/em>. It takes just a few clicks to retain your Office 365 data within the Microsoft cloud.\u00a0Learn more<\/a> about Azure Sentinel and opt in for a trial today<\/a>.<\/p>\n

\"\"<\/a><\/p>\n

Figure 2. The Azure Sentinel – Overview portal.<\/em><\/p>\n

Combining artificial intelligence with human expertise for unparalleled security<\/h3>\n

Human expertise will always be pivotal for strong security. However, by 2021, there will be an estimated shortage of 3.5 million<\/a> security professionals. To help organizations benefit from the knowledge of seasoned security analysts, we announced Microsoft Threat Experts<\/a> at RSA adding another significant capability to Microsoft Threat Protection to augment customers Security Operation Centers (SOCs). Microsoft Threat Experts is currently offered as part of our endpoint security service, Windows Defender ATP<\/a> and blends the benefits of human analysts with our industry leading endpoint security service. Soon, Threat Experts will extend to cover more components of Microsoft Threat Protection. It is a new managed threat hunting service providing proactive hunting, prioritization, and additional context and data-driven insights, further helping SOCs identify and respond to threats quickly and accurately. Microsoft Threat Experts enables SOCs to jump-start threat investigations by providing context-rich intelligence. The feature offers:<\/p>\n