Microsoft is presenting a public preview of its unified security operations platform announced in November. This platform connects SIEM and XDR from Microsoft Sentinel and Defender XDR with GenAI features from Microsoft Copilot for Security. It aims to give SOCs more agency to directly disrupt attacks.
In particular, the new platform should enable SOC staff to more effectively target the entire spectrum of security threats. This ranges from preventive measures to forming a clear strategy for addressing threats.
Moreover, this unified platform avoids the various silos and an overwhelming amount of alerts that security teams struggle with. A multitude of tools exacerbates this problem for teams. Within the Microsoft unified security platform, separate solutions for SIEM and XDR are therefore housed in one location. As a result, the solution provides clear management of various security operations and streamlines daily workflows. In this way, this platform improves the efficiency of security teams within companies, Microsoft claims.
Core is early disruption
The raison d’être for the platform, according to Microsoft, is to enable real-time disruption of attacks. This is especially important at a time when cyber threats are not only becoming increasingly complex, but can also be executed very quickly.
By integrating security technology for rapid detection and mitigation, the platform acts faster against threats. This also reduces the number of resources used to handle incidents and threats. To do this, the platform can pull any data from more than 300 sources, including the three major cloud platforms, Oracle, CrowdStrike and Cisco, as well as from SAP or mobile operating systems such as Android and iOS.
GenAI via Copilot for Security
The integration with the GenAI functionality of Microsoft Copilot for Security further allows security specialists to accelerate malware triage based on incident summaries that map to the MITRE framework.
Furthermore, the GenAI tool helps reverse-engineer malware, translate complex code into plain-language insights and simply perform resolution actions for multistage attacks.
The public preview of Micosoft’s unified security operations platform is now available to customers who have a Microsoft Sentinel work environment and have deployed at least one Microsoft Defender XDR workload.
Also read: Microsoft Sentinel and Defender XDR come together in new SOC platform
This post was originally published on 3rd party site mentioned in the title of this site
