Navigation
Search
|
Microsoft’s latest security service uses human intelligence, not artificial
Thursday February 28, 2019. 06:21 PM , from Ars Technica
Enlarge / Microsoft security experts monitoring the world, looking for hackers. (credit: Microsoft)
Microsoft has announced two new cloud services to help administrators detect and manage threats to their systems. The first, Azure Sentinel, is very much in line with other cloud services: it's dependent on machine learning to sift through vast amounts of data to find a signal among all the noise. The second, Microsoft Threat Experts, is a little different: it's powered by humans, not machines. Azure Sentinel is a machine learning-based Security Information and Event Management that takes the (often overwhelming) stream of security events—a bad password, a failed attempt to elevate privileges, an unusual executable that's blocked by anti-malware, and so on—and distinguishes between important events that actually deserve investigation and mundane events that can likely be ignored. Sentinel can use a range of data sources. There are the obvious Microsoft sources—Azure Active Directory, Windows Event Logs, and so on—as well as integrations with third-party firewalls, intrusion-detection systems, endpoint anti-malware software, and more. Sentinel can also ingest any data source that uses ArcSight's Common Event Format, which has been adopted by a wide range of security tools. Read 5 remaining paragraphs | Comments
https://arstechnica.com/?p=1466151
|
25 sources
Current Date
Nov, Fri 22 - 18:03 CET
|