{"id":91813,"date":"2020-09-22T07:57:39","date_gmt":"2020-09-22T14:57:39","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=91813"},"modified":"2023-05-15T23:05:28","modified_gmt":"2023-05-16T06:05:28","slug":"microsoft-unified-siem-xdr-modernize-security-operations","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/09\/22\/microsoft-unified-siem-xdr-modernize-security-operations\/","title":{"rendered":"Microsoft delivers unified SIEM and XDR to modernize security operations"},"content":{"rendered":"
The threat landscape continues to increase in both complexity and the level of sophistication of the attacks we observe. Attackers target the most vulnerable resources in an organization and then traverse laterally to target high-value assets. No longer can you expect to stay safe by protecting individual areas such as email or endpoints. Extended detection and response (XDR<\/a>) is a new approach defined by industry analysts that are designed to deliver intelligent, automated, and integrated security across domains to help defenders connect seemingly disparate alerts and get ahead of attackers.<\/p>\n At today\u2019s virtual Ignite conference, Microsoft is announcing a unique approach<\/a> that empowers security professionals to get ahead of today\u2019s complex threat landscape with integrated SIEM and XDR tools from a single vendor so you get the best of both worlds \u2013 end-to-end threat visibility across all of your resources; correlated, prioritized alerts based on the deep understanding Microsoft has of specific resources and AI that stitches that signal together; and coordinated action across the organization. With the combination of SIEM and XDR, defenders are now armed with more context and automation than ever and can leverage the time saved to apply their unique expertise within their own environment to proactively hunt and implement threat preventions.<\/p>\n As part of this announcement, we are unifying all XDR technologies under the Microsoft Defender brand. The new Microsoft Defender is the most comprehensive XDR in the market today and prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms. With Microsoft Defender we are both rebranding our existing threat protection portfolio and adding new capabilities, including additional multi-cloud (Google Cloud and AWS) and multi-platform (Windows, Mac, Linux, Android, and iOS) support.<\/p>\n Microsoft Defender is delivered in two tailored experiences, Microsoft 365 Defender<\/a> for end-user environments and Azure Defender<\/a> for cloud and hybrid infrastructure.<\/p>\n Microsoft 365 Defender delivers XDR capabilities for identities, endpoints, cloud apps, email and documents. It uses artificial intelligence to reduce the SOC\u2019s work items, and in a recent test we consolidated 1,000 alerts to just 40 high-priority incidents. Built-in self-healing technology fully automates remediation more than 70% of the time, ensuring defenders can focus on other tasks that better leverage their knowledge and expertise.<\/p>\n Today, we are making the following branding changes to unify the Microsoft 365 Defender technologies:<\/p>\n New features within Microsoft 365 Defender will also be available:<\/p>\n <\/p>\n Microsoft 365 Defender Azure Defender delivers XDR left capabilities\u00a0to protect multi-cloud and hybrid workloads, including virtual machines, databases, containers, IoT, and more. Azure Defender<\/a> is an evolution of the Azure Security Center<\/a> threat protection capabilities and is accessed from within Azure Security Center.<\/p>\n Aligned with the Microsoft 365 brand changes, today we are announcing brand changes for these capabilities under Azure Defender, for example:<\/p>\n We are also announcing new features will also be available within Azure Defender:<\/p>\n <\/p>\n Defender<\/em><\/p>\n The XDR capabilities of Microsoft Defender delivered through Azure Defender and Microsoft 365 Defender provides rich insights and prioritized alerts, but to gain visibility across your entire environment and include data from other security solutions such as firewalls and existing security tools, we connect Microsoft Defender to Azure Sentinel, our cloud-native SIEM.<\/p>\n Azure Sentinel<\/a> is deeply integrated with Microsoft Defender so you can integrate your XDR data in only a few clicks and combine it with all your security data from across your entire enterprise.<\/p>\n Today, we are announcing new features within Azure Sentinel:<\/p>\n <\/p>\n Azure Sentinel<\/em><\/p>\n Some vendors deliver XDR, some deliver SIEM. Microsoft believes that defenders can benefit from using deeply integrated SIEM and XDR for end-to-end visibility and prioritized actionable insights across all your enterprise assets. We are committed to delivering the best-integrated experience with the broadest coverage of resources to help simplify your world.<\/p>\n Thank you for your continued partnership and invaluable input on this journey to deliver the most comprehensive threat protection to our global customers.<\/p>\n <\/a><\/p>\n YouTube video: Microsoft Defender, Extended Detection and Response (XDR) | Microsoft Ignite 2020<\/em><\/a><\/p>\n Stay healthy. Stay safe.<\/p>\n -Rob & our entire Microsoft Security Team<\/p>\n To learn more about Microsoft Security solutions visit our website.<\/a>\u00a0 Bookmark the\u00a0Security blog<\/a>\u00a0to keep up with our expert coverage on security matters. Also, follow us at\u00a0@MSFTSecurity<\/a>\u00a0for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":" The new Microsoft Defender is the most comprehensive XDR in the market today and prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms. <\/p>\n","protected":false},"author":96,"featured_media":91903,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3684,3685],"products":[3690,3693,3726],"threat-intelligence":[],"tags":[3742],"coauthors":[1935],"class_list":["post-91813","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","topic-security-operations","topic-siem-and-xdr","products-microsoft-defender","products-microsoft-defender-xdr","products-microsoft-sentinel","tag-azure"],"yoast_head":"\nMicrosoft 365 Defender<\/h2>\n
\n
\n
\n<\/em><\/p>\nAzure Defender<\/h2>\n
\n
\n
Azure Sentinel<\/h2>\n
\n
Modernize your security operations<\/h2>\n