{"id":17788,"date":"2020-02-20T13:00:45","date_gmt":"2020-02-20T21:00:45","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2020\/02\/20\/news-11521\/"},"modified":"2020-02-20T13:00:45","modified_gmt":"2020-02-20T21:00:45","slug":"news-11521","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/02\/20\/news-11521\/","title":{"rendered":"Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals"},"content":{"rendered":"

Credit to Author: Todd VanderArk| Date: Thu, 20 Feb 2020 14:00:43 +0000<\/strong><\/p>\n

Cybercrime is as much a people problem as it is a technology problem. To respond effectively, the defender community must harness machine learning to compliment the strengths of people. This is the philosophy that undergirds Azure Sentinel. Azure Sentinel is a cloud-native SIEM that exploits machine learning techniques to empower security analysts, data scientists, and engineers to focus on the threats that matter. You may have heard of similar solutions from other vendors, but the Fusion technology that powers Azure Sentinel<\/a> sets this SIEM apart for three reasons:<\/p>\n

    \n
  1. Fusion finds threats that fly under the radar, by combining low fidelity, \u201cyellow\u201d anomalous activities <\/strong>into high fidelity \u201cred\u201d incidents<\/strong>.<\/li>\n
  2. Fusion does this by using machine learning to combine disparate data\u2014network, identity, SaaS, endpoint\u2014from both Microsoft and Partner data sources<\/strong>.<\/li>\n
  3. Fusion incorporates graph-based machine learning and a probabilistic kill chain to reduce alert fatigue by 90 percent.<\/li>\n<\/ol>\n
    \n
    \t\t\t\t \t\t\t<\/div>\n
    \n

    Azure Sentinel<\/h3>\n

    Intelligent security analytics for your entire enterprise.<\/p>\n

    \t\t\t\tLearn more<\/a> \t\t\t<\/div>\n

    \t\t<\/div>\n

    \t\t <\/p>\n

    You can get a sense of how powerful Fusion is by looking at data from December 2019. During that month, billions of events flowed into Azure Sentinel from thousands of Azure Sentinel customers. Nearly 50 billion anomalous alerts were identified and graphed. After Fusion applied the probabilistic kill chain, the graph was reduced to 110 sub graphs. A second level of machine learning reduced it further to just 25 actionable incidents. This is how Azure Sentinel reduces alert fatigue by 90 percent.<\/p>\n

    \"Infographic<\/a><\/p>\n

    New Fusion scenarios\u2014Microsoft Defender ATP + Palo Alto firewalls<\/h3>\n

    There are currently 35 multi-stage attack scenarios<\/a> generally available through Fusion machine learning technology in Azure Sentinel. Today, Microsoft has introduced several additional scenarios\u2014in public preview\u2014using Microsoft Defender Advanced Threat Protection (ATP)<\/a> and Palo Alto logs. This way, you can leverage the power of Sentinel and Microsoft Threat Protection as complementary technologies for the best customer protection.<\/p>\n