Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3


February 28, 2019 |

Microsoft Introduces SIEM and “Managed Hunting” Solutions

Called Azure Sentinel and Microsoft Threat Experts, the new offerings are designed to help overwhelmed IT departments and MSSPs cope with a continually shifting threat landscape.

Microsoft has unveiled a cloud-hosted, machine learning-powered SIEM solution and a “managed hunting” service for users of its Windows Defender Advanced Threat Protection (ATP) system.

Both products debuted on the eve of the 2019 RSA Conference, one of the security industry’s biggest events of the year, which takes place next week in San Francisco.

Called Azure Sentinel, the new SIEM offering is available in public preview via the Microsoft Azure portal. According to Microsoft, it’s “the first cloud-native SIEM within a major cloud platform.”

The system allows users to aggregate and analyze data from Azure, Office 365, Microsoft 365, and other cloud-based Microsoft offerings. Embedded connectors to products from Check Point, Cisco, F5, Fortinet, and Palo Alto Networks, among others, allow organizations to import data from a wide range of third-party solutions as well. Support for Common Event Format, Syslog, and other industry-standard log formats further enable organizations to keep tabs on all of their devices, applications, and infrastructure through a single administrative console.

“In just a few clicks, they can bring their Office 365 data for free as well as combine it with their other data for analysis, and they’ll be able to take advantage of Microsoft’s vast threat intelligence and years of experience of protecting some of the biggest enterprises on the planet,” says Ann Johnson, corporate vice president of Microsoft’s Cybersecurity Solutions Group.

Azure Sentinel targets corporate IT departments and managed security service providers struggling to spot evidence of danger in a perpetually shifting and expanding sea of security telemetry. “They can’t keep pace with the volume of data or the agility of our adversaries,” says Johnson. Indeed, Microsoft itself sifts through some 6.5 trillion signals from PCs, servers, mobile devices, and cloud solutions a day.

Built-in artificial intelligence technology in Azure Sentinel is designed to make log analysis simpler by filtering out time-consuming false alarms. “It helps reduce noise drastically, with an overall reduction of up to 90 percent in alert fatigue,” Johnson says. The new system has helped early adopters complete threat hunts in milliseconds versus hours, she continues, and automates 80 percent of an organization’s most common security-related tasks.

The solution lets users capitalize on the Azure platform’s power and efficiencies as well, Johnson adds. “Our customers’ defenders can take advantage of limitless cloud speed and scale and invest their time in security, not servers.”

Microsoft partners using Azure Sentinel already include powerhouse MSSPs like CyberProof, Insight, and New Signature.

The managed hunting service, called Microsoft Threat Experts, is designed to help Windows Defender ATP users leverage the knowledge and experience of Microsoft’s in-house security specialists.

“Even as we look to arm our defenders with the latest technologies, we also recognize that technology alone can’t solve the challenges that this landscape poses,” Johnson says. “Microsoft is now offering our security experts as an extension of our customers’ teams.”

The service proactively sends alerts about newly spotted dangers to subscribers through the Microsoft 365 security center. Users can also click a new “Ask a Threat Expert” button in their Windows Defender ATP interface to submit ad hoc questions.

“These experts deeply understand the security landscape,” Johnson says. “They understand attacker techniques, they have intimate knowledge of operating systems, and they know how to get the most out of Windows Defender ATP features and capabilities.”

Like Azure Sentinel, Microsoft Threat Experts is currently in public preview. According to Johnson, the service can help short-handed end users and partners meet ever-rising demand for security know-how.

“With an estimated shortfall of over three million security professionals by 2021, there simply are not enough defenders to keep pace with the growing profit opportunity that cybercrime offers,” she says. “With Microsoft Threat Experts, we are empowering defenders and sec-ops teams to take advantage of Microsoft’s unique industry experience.”

According to Accenture, which is an early adopter of Azure Sentinel, cybercrime could cost businesses worldwide $5.2 trillion in additional costs and lost revenue over the next five years. In response, global outlays on security hardware, software, and services will climb at a 9.9 percent CAGR through 2022 to $133.7 billion, according to IDC.

Figures like that have many industry leaders rolling out managed security offerings. Master MSP Continuum, for example, added managed SIEM services to its growing security portfolio last June through its acquisition of CARVIR, a provider of security solutions for MSPs. SolarWinds MSP introduced a solution that combines SIEM functionality with intrusion detection and the threat intelligence functionality the following month, and added the ability to run the system on an outsourced as-a-service basis in September.

Distributor Ingram Micro, meanwhile, added a SOC-as-a-service offering of its own in partnership with Arctic Wolf in January. Two of Ingram’s leading competitors, Tech Data Corp. and SYNNEX Corp., offer extensive selections of managed security solutions as well.

Editor’s Choice

Deepfakes + Generative AI = Major Problems for Business

May 14, 2024 |

Deepfakes that can’t be distinguished from reality threaten to shatter the fundamental hierarchy of human trust and impact businesses.

Deep Dives and Round Ups: Why MSPs are Lining up for Online Events Again

May 9, 2024 |

Discover how MSPs can leverage ChannelPro’s online events to enhance industry knowledge, participate in engaging tech discussions, and drive business success.

Built for the Channel: How AI and Deep Learning are Transforming the SOC for Partner Ecosystems

April 30, 2024 | Tony Pietrocola

The rise of AI-driven attacks has increased the need for an AI-driven response to allow MSPs and SMBs to move at the speed of an attack – not just in response to one.

Related News

Growing the MSP

Explore ChannelPro


Reach Our Audience