{"id":91813,"date":"2020-09-22T07:57:39","date_gmt":"2020-09-22T14:57:39","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=91813"},"modified":"2023-05-15T23:05:28","modified_gmt":"2023-05-16T06:05:28","slug":"microsoft-unified-siem-xdr-modernize-security-operations","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/09\/22\/microsoft-unified-siem-xdr-modernize-security-operations\/","title":{"rendered":"Microsoft delivers unified SIEM and XDR to modernize security operations"},"content":{"rendered":"

The threat landscape continues to increase in both complexity and the level of sophistication of the attacks we observe. Attackers target the most vulnerable resources in an organization and then traverse laterally to target high-value assets. No longer can you expect to stay safe by protecting individual areas such as email or endpoints. Extended detection and response (XDR<\/a>) is a new approach defined by industry analysts that are designed to deliver intelligent, automated, and integrated security across domains to help defenders connect seemingly disparate alerts and get ahead of attackers.<\/p>\n

At today\u2019s virtual Ignite conference, Microsoft is announcing a unique approach<\/a> that empowers security professionals to get ahead of today\u2019s complex threat landscape with integrated SIEM and XDR tools from a single vendor so you get the best of both worlds \u2013 end-to-end threat visibility across all of your resources; correlated, prioritized alerts based on the deep understanding Microsoft has of specific resources and AI that stitches that signal together; and coordinated action across the organization. With the combination of SIEM and XDR, defenders are now armed with more context and automation than ever and can leverage the time saved to apply their unique expertise within their own environment to proactively hunt and implement threat preventions.<\/p>\n

As part of this announcement, we are unifying all XDR technologies under the Microsoft Defender brand. The new Microsoft Defender is the most comprehensive XDR in the market today and prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms. With Microsoft Defender we are both rebranding our existing threat protection portfolio and adding new capabilities, including additional multi-cloud (Google Cloud and AWS) and multi-platform (Windows, Mac, Linux, Android, and iOS) support.<\/p>\n

Microsoft Defender is delivered in two tailored experiences, Microsoft 365 Defender<\/a> for end-user environments and Azure Defender<\/a> for cloud and hybrid infrastructure.<\/p>\n

Microsoft 365 Defender<\/h2>\n

Microsoft 365 Defender delivers XDR capabilities for identities, endpoints, cloud apps, email and documents. It uses artificial intelligence to reduce the SOC\u2019s work items, and in a recent test we consolidated 1,000 alerts to just 40 high-priority incidents. Built-in self-healing technology fully automates remediation more than 70% of the time, ensuring defenders can focus on other tasks that better leverage their knowledge and expertise.<\/p>\n

Today, we are making the following branding changes to unify the Microsoft 365 Defender technologies:<\/p>\n