{"id":23737,"date":"2024-01-17T13:01:05","date_gmt":"2024-01-17T21:01:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/01\/17\/news-17467\/"},"modified":"2024-01-17T13:01:05","modified_gmt":"2024-01-17T21:01:05","slug":"news-17467","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/01\/17\/news-17467\/","title":{"rendered":"Unified security operations with Microsoft Sentinel and Microsoft Defender XDR"},"content":{"rendered":"<p><strong>Credit to Author: Rob Lefferts| Date: Tue, 16 Jan 2024 17:00:00 +0000<\/strong><\/p>\n<p>Numerous cybersecurity tools exist to help organizations protect their data, people, and systems. There are different tools that check emails for phishing attempts, secure infrastructure and cloud, and provide generative AI to detect threats and uplevel response beyond human ability. While each of these tools is valuable on its own, each just tells one part of a more comprehensive security story. The most effective approach to safeguarding your organization is to implement a unified security operations center (SOC) platform that combines all these cybersecurity features in one. Microsoft has prioritized efforts to unify these tools and we\u2019re now taking the next step in consolidation.<\/p>\n<div class=\"wp-block-msxcm-kicker-container align-right\">\n<div class=\" wp-block-msxcm-kicker wp-block-msxcm-kicker--align-right\" data-bi-an=\"Kicker Right\">\n<p class=\"wp-block-msxcm-kicker__title text-neutral-600 text-uppercase\"> \t\t\tWhat is Microsoft Sentinel?\t\t<\/p>\n<p> \t\t<a \t\t\tclass=\"wp-block-msxcm-kicker__cta btn btn-link p-0 text-decoration-none\" \t\t\thref=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/overview\" \t\t\ttarget=\"_blank\"> \t\t\t<span>Learn more<\/span>&nbsp;<span class=\"glyph-append glyph-append-xsmall wp-block-msxcm-kicker__glyph glyph-append-go\"><\/span> \t\t<\/a> \t<\/div>\n<\/p><\/div>\n<p>At Microsoft Ignite 2023, we announced that we\u2019re bringing <a href=\"https:\/\/www.microsoft.com\/security\/business\/siem-and-xdr\/microsoft-sentinel\">Microsoft Sentinel<\/a>, which delivers intelligent security analytics and threat intelligence, and <a href=\"https:\/\/www.microsoft.com\/security\/business\/siem-and-xdr\/microsoft-defender-xdr\">Microsoft Defender XDR<\/a>, our extended detection and response (XDR) solution, into a unified security operations platform\u2014providing more comprehensive features, automation, guided experiences, and curated threat intelligence.<\/p>\n<ul>\n<li>During the session <a href=\"https:\/\/ignite.microsoft.com\/en-US\/sessions\/e9838476-e106-4293-bd3d-ad75b0f2e201?source=sessions\" target=\"_blank\" rel=\"noreferrer noopener\">\u201cMicrosoft Sentinel: A modern approach to security operations,\u201d<\/a> we explored the SOC capabilities of Microsoft Sentinel, our scalable, cloud-native solution that provides both security information and event management (SIEM) and security orchestration, automation, and response (SOAR).<\/li>\n<li>And during the session <a href=\"https:\/\/ignite.microsoft.com\/en-US\/sessions\/3dc391ad-8455-43e7-ad80-e5ed78e61f83?source=sessions\" target=\"_blank\" rel=\"noreferrer noopener\">\u201cUnifying XDR + SIEM: A new era in SecOps,\u201d<\/a> we discussed the latest technology around Microsoft\u2019s integrated SIEM and XDR solution and how it can protect your environment and protect you from adversaries.<\/li>\n<li>In both sessions, we shared that Microsoft Security Copilot is an embedded experience in the platform, benefiting organizations with its generative AI capabilities.<\/li>\n<\/ul>\n<p>But what does it mean to combine multiple cybersecurity tools in one unified security operations platform, and how can it benefit your modern SOC? Throw our generative AI solution Microsoft Security Copilot into the mix and the platform is truly transformative. In this blog post, you\u2019ll learn three ways that a unified security platform\u2014like how we combine Microsoft Sentinel, Security Copilot, and Defender XDR\u2014can strengthen your cybersecurity and support your security team in their important work.<\/p>\n<div class=\"wp-block-msxcm-cta-block\" data-moray data-bi-an=\"CTA Block\">\n<div class=\"card d-block mx-ng mx-md-0\">\n<div class=\"row no-gutters\">\n<div class=\"d-flex col-md\">\n<div class=\"card-body align-self-center p-4 p-md-5\">\n<h2>Microsoft Sentinel<\/h2>\n<div class=\"mb-3\">\n<p>See and stop\u00a0cyberthreats across your entire enterprise with intelligent security analytics.<\/p>\n<\/p><\/div>\n<div class=\"link-group\"> \t\t\t\t\t\t\t<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/siem-and-xdr\/microsoft-sentinel\" class=\"btn btn-primary\" > \t\t\t\t\t\t\t\t<span>Learn more<\/span> \t\t\t\t\t\t\t\t<span class=\"glyph-append glyph-append-chevron-right glyph-append-xsmall\"><\/span> \t\t\t\t\t\t\t<\/a> \t\t\t\t\t\t<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"col-md-4\"> \t\t\t\t\t<img fetchpriority=\"high\" width=\"1024\" height=\"683\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/09\/MicrosoftTeams-image-18-1024x683.jpg\" class=\"card-img img-object-cover\" alt=\"A man sitting at a computer holding a tablet.\" decoding=\"async\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/09\/MicrosoftTeams-image-18-1024x683.jpg 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/09\/MicrosoftTeams-image-18-300x200.jpg 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2023\/09\/MicrosoftTeams-image-18-768x512.jpg 768w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/>\t\t\t\t<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<h2 class=\"wp-block-heading\" id=\"what-is-a-unified-soc-platform\">What is a unified SOC platform?<\/h2>\n<p>A unified SOC platform is a fully integrated toolset for security teams to prevent, detect, investigate, and respond to threats across their entire environment. For Microsoft, this means delivering the best of <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/microsoft-sentinel-blog\/introducing-a-unified-security-operations-platform-with\/ba-p\/3983341\" target=\"_blank\" rel=\"noreferrer noopener\">SIEM, XDR, posture management, and threat intelligence<\/a> with advanced generative AI as a single platform. Our objective is to empower security teams to protect more, easily, because we recognize the numerous challenges you face as security teams.<\/p>\n<p>This empowers you to better protect your organization and all its components\u2014including hybrid identities, endpoints, cloud apps, business apps, email and docs, Internet of Things (IoT), network, business applications, operational technology (OT), infrastructure, and cloud workloads\u2014with the capabilities of a unified security platform. And this enables you to protect all that more efficiently. Ours is&nbsp;<a href=\"https:\/\/techcommunity.microsoft.com\/t5\/microsoft-sentinel-blog\/introducing-a-unified-security-operations-platform-with\/ba-p\/3983341\">the only unified security operations platform<\/a> that delivers full SIEM and XDR capabilities.<\/p>\n<h2 class=\"wp-block-heading\" id=\"1-unify-your-insights\">1. Unify your insights<\/h2>\n<p>A major challenge of a non-unified approach to cybersecurity is that your data is scattered across multiple security tools and logs. This presents a stumbling block when trying to extract insights from data in a timely enough manner to better anticipate cyberthreats and defend against them. Another hurdle of not having a unified solution is that it\u2019s almost impossible to view how a cyberattacker moves across vectors. Since cyberattackers can move laterally, it\u2019s imperative to detect them quickly.<sup>1<\/sup><\/p>\n<p>By unifying hunting, incidents, data models, and other threat protection capabilities across SIEM and XDR, you can search everything in one place\u2014no need to remember where data is stored, run two different search queries, or normalize data across tools. Unified incidents give you a holistic view of all threats since all your information is in one place, meaning more threat intelligence. The result of gaining this insight into what is happening in your organization is saved analyst time and higher confidence in your protection.<\/p>\n<p>Keep your organization safe while your analysts benefit by maintaining their focus on risk signs, spending less time correlating alerts, and speeding the mean time to repair. Time is of the essence when you are keeping your organization safe, and a unified solution equips analysts to stay in front of cyberattacks.&nbsp;<\/p>\n<h2 class=\"wp-block-heading\" id=\"2-gain-more-out-of-the-box-protection\">2. Gain more out-of-the-box protection<\/h2>\n<p>With a unified approach, you get the best of both worlds. Gain all the flexibility of a SIEM with the depth of protection and out-of-the-box value of an XDR. This flexibility aspect begins with your choice of how you implement a unified platform, doing so in a way that works for your needs, priorities, and budget. When your available security capabilities expand across multiple solutions in a platform, your organization stays safer as you gain storage flexibility and automatic attack disruption.&nbsp;<\/p>\n<p>Plus, SOC optimization is a new feature that provides recommendations to ensure you are maximizing the security value; for instance, storing data at the most affordable log tier, getting detections on all your data, and maintaining strong posture.<\/p>\n<div class=\"wp-block-msxcm-kicker-container align-right\">\n<div class=\" wp-block-msxcm-kicker wp-block-msxcm-kicker--align-right\" data-bi-an=\"Kicker Right\">\n<p class=\"wp-block-msxcm-kicker__title text-neutral-600 text-uppercase\"> \t\t\tMicrosoft Sentinel solution for SAP\u00ae applications\u00a0\t\t<\/p>\n<p> \t\t<a \t\t\tclass=\"wp-block-msxcm-kicker__cta btn btn-link p-0 text-decoration-none\" \t\t\thref=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/sap\/solution-overview\" \t\t\ttarget=\"_blank\"> \t\t\t<span>Read overview<\/span>&nbsp;<span class=\"glyph-append glyph-append-xsmall wp-block-msxcm-kicker__glyph glyph-append-go\"><\/span> \t\t<\/a> \t<\/div>\n<\/p><\/div>\n<p>Once you implement a unified platform, look for one that offers flexibility in data storage and security features. With Microsoft Sentinel data storage, you have flexibility in data retention, with a default of 90 days when data is ingested here.&nbsp;Expanding Microsoft Defender XDR&#8217;s unique attack disruption to data being introduced through Microsoft Sentinel, starting with SAP\u00ae, increases your immunity to cyberattacks, \u201cfreezing\u201d cyberattacks before they can move across your organization.&nbsp;&nbsp;<\/p>\n<h2 class=\"wp-block-heading\" id=\"3-empower-and-uplevel-threat-investigation-with-generative-ai\">3. Empower and uplevel threat investigation with generative AI<\/h2>\n<p>With the number and complexity of cyberattacks increasing, security teams can feel overwhelmed. That\u2019s where AI assistance can come into play, detecting the threats that might be missed by security teams. A unified platform that includes generative AI can help your security team achieve better security outcomes. For example, generative AI can assist with guided investigations, hunting with natural language, and easy summaries. &nbsp;<\/p>\n<div class=\"wp-block-msxcm-kicker-container align-left\">\n<div class=\" wp-block-msxcm-kicker wp-block-msxcm-kicker--align-left\" data-bi-an=\"Kicker Left\">\n<p class=\"wp-block-msxcm-kicker__title text-neutral-600 text-uppercase\"> \t\t\tWhat is Microsoft Security Copilot?\t\t<\/p>\n<p> \t\t<a \t\t\tclass=\"wp-block-msxcm-kicker__cta btn btn-link p-0 text-decoration-none\" \t\t\thref=\"https:\/\/learn.microsoft.com\/en-us\/security-copilot\/microsoft-security-copilot\" \t\t\ttarget=\"_blank\"> \t\t\t<span>Learn more<\/span>&nbsp;<span class=\"glyph-append glyph-append-xsmall wp-block-msxcm-kicker__glyph glyph-append-go\"><\/span> \t\t<\/a> \t<\/div>\n<\/p><\/div>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/business\/ai-machine-learning\/microsoft-security-copilot\">Microsoft Security Copilot<\/a>, our generative AI-powered security solution, <strong>is available for additional purchase to further strengthen the unified SOC platform<\/strong>. Security Copilot harnesses AI to support analysts with complex and time-consuming daily workflows, including:<\/p>\n<ul>\n<li>End-to-end incident investigation and response with clearly described cyberattack stories.<\/li>\n<li>Step-by-step actionable remediation guidance.<\/li>\n<li>Incident activity summarized reports, natural language Kusto Query Language (KQL) hunting, and expert code analysis\u2014optimizing on SOC efficiency across Microsoft Sentinel and Defender XDR data.&nbsp;<\/li>\n<\/ul>\n<p>Security Copilot makes it easier than ever for seasoned professionals to take every necessary security step, speed up tasks like writing KQL and decoding scripts, and helps uplevel new employees with intuitive, step-by-step guidance.<\/p>\n<h2 class=\"wp-block-heading\" id=\"try-microsoft-s-unified-soc-platform-for-yourself\">Try Microsoft\u2019s unified SOC platform for yourself<\/h2>\n<p>Protect yourself without significant setup or additional work required. You can gain the out-of-the-box integration of SIEM and XDR, expanded attack disruption onto your SAP data, and the breadth of Microsoft Sentinel&#8217;s out-of-the-box, customizable content (more than 300 pieces of content!).<\/p>\n<p>The pricing of Microsoft Defender XDR and Microsoft Sentinel and business model will remain the same; if you use both, you\u2019ll continue to enjoy your benefits. A recently announced SIEM migration tool will simplify and accelerate migrations to Microsoft Sentinel.<\/p>\n<p>If a unified platform approach to modern SecOps sounds intriguing, make sure you have Microsoft Sentinel, Defender XDR, and Security Copilot and can benefit from a comprehensive security approach. <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/get-started\/contact-us\">Contact us<\/a> for more information.<\/p>\n<h2 class=\"wp-block-heading\" id=\"learn-more\">Learn more<\/h2>\n<p>Learn more about <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/siem-and-xdr\/microsoft-sentinel\">Microsoft Sentinel<\/a> and <a href=\"https:\/\/www.microsoft.com\/security\/business\/siem-and-xdr\/microsoft-defender-xdr\">Microsoft Defender XDR<\/a>.<\/p>\n<p>To learn more about Microsoft Security solutions, visit our&nbsp;<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\" target=\"_blank\" rel=\"noreferrer noopener\">website.<\/a>&nbsp;Bookmark the&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/blog\/\" target=\"_blank\" rel=\"noreferrer noopener\">Security blog<\/a>&nbsp;to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (<a href=\"https:\/\/www.linkedin.com\/showcase\/microsoft-security\/\">Microsoft Security<\/a>) and X (<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noreferrer noopener\">@MSFTSecurity<\/a>)&nbsp;for the latest news and updates on cybersecurity.<\/p>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n<p><sup>1<\/sup><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/soc-future-is-a-security-platform\" target=\"_blank\" rel=\"noreferrer noopener\">The SOC&#8217;s Future Is a Security Platform<\/a>, Darkreading. December 4, 2023.<\/p>\n<p>The post <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/01\/16\/unified-security-operations-with-microsoft-sentinel-and-microsoft-defender-xdr\/\">Unified security operations with Microsoft Sentinel and Microsoft Defender XDR<\/a> appeared first on <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\">Microsoft Security Blog<\/a>.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/01\/16\/unified-security-operations-with-microsoft-sentinel-and-microsoft-defender-xdr\/\" target=\"bwo\" >https:\/\/blogs.technet.microsoft.com\/mmpc\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Rob Lefferts| Date: Tue, 16 Jan 2024 17:00:00 +0000<\/strong><\/p>\n<p>A unified security operations center (SOC) platform that combines all the benefits of multiple security tools offers several advantages. Read on for three of them.<\/p>\n<p>The post <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/01\/16\/unified-security-operations-with-microsoft-sentinel-and-microsoft-defender-xdr\/\">Unified security operations with Microsoft Sentinel and Microsoft Defender XDR<\/a> appeared first on <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\">Microsoft Security Blog<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10759,10378],"tags":[],"class_list":["post-23737","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23737","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=23737"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23737\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=23737"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=23737"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=23737"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}