SlideShare a Scribd company logo

07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel Overview.pptx

Download as PPTX, PDF
C
carlitocabana

This document provides an overview and summary of Microsoft Sentinel, a cloud-native security information and event management (SIEM) tool powered by artificial intelligence. The summary highlights that Microsoft Sentinel allows organizations to harness the scale of the cloud to optimize security operations, detect evolving threats using machine learning, and expedite incident response. It collects security data from any source at cloud scale, provides analytics and hunting capabilities, integrates threat intelligence, and enables automated incident response through orchestration and playbooks.

Technology
1 of 38
Defend Against Threats with SIEM Plus XDR​ Workshop Microsoft Sentinel Overview Presenter name Date Always make sure you have the latest version of this presentation before you start a new engagement!
Security Operations Team Expanding digital estate
Security operations challenges 76% report increasing security data* Too many disconnected products Sophistication of threats 3.5M unfilled security jobs in 2021** IT deployment and maintenance Lack of automation 44% of alerts are never investigated*
Security Operations Team Cloud + Artificial Intelligence
Microsoft Sentinel Optimize security operations with cloud-native SIEM powered by AI and automation Harness the scale of the cloud Detect evolving threats Expedite incident response Get ahead of attackers
Harness the scale of cloud-native SIEM  Eliminate infrastructure setup or maintenance  Put no limits to compute or storage resources and scale at will  Collect and analyze data across your entire organization at cloud scale  Pay only for what you use—resulting in a SIEM 48% less expensive than traditional SIEMs*
Detect evolving threats  Harness ML based on decades of Microsoft security experience and learnings  Leverage threat intelligence from Microsoft’s expert security team, or bring in your own  Dive deeper with XDR with Microsoft 365 Defender and Microsoft Defender for Cloud integration
Expedite investigation and response  Focus on what matters with AI that reduces false positives by 79%*  Easily understand the scope of an attack with incidents that automatically map related entities  Integrate automation into your day-to-day operations workflow
Stay ahead of attackers  Rapidly hunt for threats with the speed of the cloud with robust threat hunting tooling  Get advanced insights into entities fueled by built-in User and Entity Behavior Analytics (UEBA)  Conduct advanced, custom hunting with built-in Jupyter notebooks
An empowered SecOps team:
“Microsoft roars into the security analytics market… The vendor’s entry into the security analytics space captivated security buyers. Microsoft’s bold move to allow the ingestion of Microsoft Azure and Microsoft Office 365 activity logs into Sentinel at no cost makes the solution attractive to enterprises invested in Azure and Microsoft 365.” - The Forrester Wave™: Security Analytics Platforms, Q4 2020 report The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.
Microsoft Sentinel has more than 10,000 paying customers analyzing 5 petabytes of data per month
An end-to-end solution for security operations
Visibility
Collect security data at cloud scale from any source Azure + Microsoft 365 Security Alerts, Activity Data Collectors CEF, Syslog, Windows, Linux TAXII + Microsoft graph Threat Indicators APIs Custom Logs Proven log platform with more than 10 petabytes of daily ingestion
Integrate out-of-the-box with your existing tools in Azure, on-premises, or in other clouds 150+ out-of-the-box integrations, with more on the way
Get interactive dashboards for powerful insights  Choose from a gallery of workbooks  Customize or create your own workbooks using queries  Take advantage of rich visualization options  Gain insight into one or more data sources
Analytics
Reducing alert fatigue Analyzing activities across multiple cloud services into high-fidelity security cases 300B Identity logins 4.1B Office 365 actions 3.2B Azure admin actions 28M Identity detections 20M Anomalous Office 365 actions 2M Anomalous Azure actions 320 Subgraphs 18 Cases
Leverage extensive library of detections or build your own  Choose from more than 100 built-in analytics rules  Customize and create your own rules using KQL queries  Correlate events with your threat intelligence and now with Microsoft URL intelligence + network data  Democratize machine learning with code-free, customizable ML anomaly detections
Improve insider and unknown threat detection with User and Entity Behavior Analytics  Use behavioral insights to detect anomalies, understand the relative sensitivity of entities, and evaluate potential impact  Get baseline behavioral profiles of entities across time and peer group horizons Powered by the proven Microsoft User and Entity Behavior Analytics (UEBA) engine
Hunting
Start hunting over security data with fast, flexible queries  Run built-in threat hunting queries—no prior query experience required  Customize and create your own hunting queries using KQL  Integrate hunting and investigations  Use bookmarks and live stream to manage your hunts
Use Jupyter notebooks for advanced hunting  Run in Azure Machine Learning  Use sample templates to help you get started  Save as sharable HTML/JSON  Query Microsoft Sentinel data and bring in external data sources  Use your language of choice—Python, SQL, KQL, R, …
Intelligence
Monitor and manage threat intelligence  Create, view, search, filter, sort, and tag all your threat indicators in a single pane  Use alert metrics to help understand top threats targeting your organization  Use automation playbooks for leading threat intelligence providers to enrich alerts
Use Watchlists to integrate business insights  Create collections of data for threat hunting and detection (e.g. restricted IPs, trusted systems, critical assets, risky users, vulnerable hosts)  Incorporate watchlists into analytic rules, hunting queries, workbooks, and more—create allow/deny lists, add context, and add enrichments  Upload a CSV file, create automation playbooks upload
Access unified insights with entity profiles  Get a complete view of a host or user by bringing together data from multiple sources, including UEBA  View timeline information across the most relevant data sources​  Use Insights to quickly identify activities of interest  Customize timeline to tune results and add other data sources​  Link directly to Microsoft 365 and Microsoft Defender for Cloud where relevant for more information
Incidents
Start and track investigations from prioritized, actionable security incidents  Use incident to collect related alerts, events, and bookmarks  Manage assignments and track status, with automation at your fingertips  Collaborate easily with built-in Microsoft Teams integration
Visualize the entire attack to determine scope and impact  Navigate the relationships between related alerts, bookmarks, and entities  Expand the scope using exploration queries  Gain deep insights into related entities—users, domains, and more 80% reduction in investigation effort compared to legacy SIEMs1 Commissioned study-The Total Economic Impact™ of Microsoft Sentinel
Gain deeper insight with built-in automated detonation  Configure URL Entities in analytics rules  Automatically trigger URL detonation  Enrich alerts with Verdicts, Final URLs and Screen Shots (e.g. for phishing sites)
Automation
Respond rapidly with built-in orchestration and automation Build automated and scalable playbooks that integrate across tools Security products Ticketing systems (ServiceNow) Additional tools
Automate and orchestrate security operations using integrated Azure Logic Apps  Build automated and scalable playbooks that integrate across tools  Choose from a library of samples  Create your own playbooks using 200+ built-in connectors  Trigger a playbook from an alert or incident investigation
Take actions today: Get started with Microsoft Sentinel Start Microsoft Azure trial Open Microsoft Sentinel dashboard in Azure portal Connect data sources To learn more, visit https://aka.ms/MicrosoftSentinel
Q&A
Thank you.

Recommended

introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure Sentinel
BGA Cyber Security
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
AmrMousa51
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
Mohit Chhabra
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint
Cheah Eng Soon
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 

Recommended

introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure Sentinel
BGA Cyber Security
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
AmrMousa51
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
Mohit Chhabra
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint
Cheah Eng Soon
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
Sagar Joshi
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfee
Cristian Garcia G.
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
Elliott Franklin
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
IBM Qradar
IBM QradarIBM Qradar
IBM Qradar
Coenraad Smith
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
David J Rosenthal
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure Sentinel
Cheah Eng Soon
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
arnaudlh
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and Compliance
David J Rosenthal
 
Security operation center
Security operation centerSecurity operation center
Security operation center
MuthuKumaran267
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations Center
Dragos, Inc.
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
Priyanka Aash
 
Azure Sentinel with Office 365
Azure Sentinel with Office 365Azure Sentinel with Office 365
Azure Sentinel with Office 365
Cheah Eng Soon
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
Matt Soseman
 

More Related Content

What's hot

Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
Sagar Joshi
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfee
Cristian Garcia G.
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
Elliott Franklin
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
IBM Qradar
IBM QradarIBM Qradar
IBM Qradar
Coenraad Smith
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
David J Rosenthal
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure Sentinel
Cheah Eng Soon
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
arnaudlh
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and Compliance
David J Rosenthal
 
Security operation center
Security operation centerSecurity operation center
Security operation center
MuthuKumaran267
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations Center
Dragos, Inc.
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
Priyanka Aash
 

What's hot (20)

Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfee
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
IBM Qradar
IBM QradarIBM Qradar
IBM Qradar
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure Sentinel
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and Compliance
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations Center
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 

Similar to 07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel Overview.pptx

Azure Sentinel with Office 365
Azure Sentinel with Office 365Azure Sentinel with Office 365
Azure Sentinel with Office 365
Cheah Eng Soon
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
Matt Soseman
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinel
Samik Roy
 
Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinel
Adam Ochs
 
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
azuredayit
 
Azure Sentinel
Azure SentinelAzure Sentinel
Azure Sentinel
Cheah Eng Soon
 
Security management
Security managementSecurity management
Security management
Dean Iacovelli
 
FireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the CloudFireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the Cloud
Amazon Web Services
 
L400-P1 Overview.pdf
L400-P1 Overview.pdfL400-P1 Overview.pdf
L400-P1 Overview.pdf
FadhilMuhammad80
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptx
JustineGarcia32
 
Microsoft Sentinel and Its Components.pptx
Microsoft Sentinel and Its Components.pptxMicrosoft Sentinel and Its Components.pptx
Microsoft Sentinel and Its Components.pptx
Infosectrain3
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
karlhennesey
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips
Mario Worwell
 
ExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATPExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATP
Tim De Keukelaere
 
Microsoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewMicrosoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 Overview
David J Rosenthal
 
Splunk Discovery Day Düsseldorf 2016 - Splunk für Security
Splunk Discovery Day Düsseldorf 2016 - Splunk für SecuritySplunk Discovery Day Düsseldorf 2016 - Splunk für Security
Splunk Discovery Day Düsseldorf 2016 - Splunk für Security
Splunk
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
Kangaroot
 
Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security Center
Microsoft Österreich
 
Elastic Security Brochure
Elastic Security BrochureElastic Security Brochure
Elastic Security Brochure
Joseph DeFever
 

Similar to 07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel Overview.pptx (20)

Azure Sentinel with Office 365
Azure Sentinel with Office 365Azure Sentinel with Office 365
Azure Sentinel with Office 365
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinel
 
Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinel
 
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
 
Azure Sentinel
Azure SentinelAzure Sentinel
Azure Sentinel
 
Security management
Security managementSecurity management
Security management
 
FireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the CloudFireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the Cloud
 
L400-P1 Overview.pdf
L400-P1 Overview.pdfL400-P1 Overview.pdf
L400-P1 Overview.pdf
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptx
 
Microsoft Sentinel and Its Components.pptx
Microsoft Sentinel and Its Components.pptxMicrosoft Sentinel and Its Components.pptx
Microsoft Sentinel and Its Components.pptx
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips
 
ExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATPExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATP
 
Microsoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewMicrosoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 Overview
 
Splunk Discovery Day Düsseldorf 2016 - Splunk für Security
Splunk Discovery Day Düsseldorf 2016 - Splunk für SecuritySplunk Discovery Day Düsseldorf 2016 - Splunk für Security
Splunk Discovery Day Düsseldorf 2016 - Splunk für Security
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security Center
 
Elastic Security Brochure
Elastic Security BrochureElastic Security Brochure
Elastic Security Brochure
 

Recently uploaded

Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 

Recently uploaded (20)

Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 

07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel Overview.pptx

  • 1. Defend Against Threats with SIEM Plus XDR​ Workshop Microsoft Sentinel Overview Presenter name Date Always make sure you have the latest version of this presentation before you start a new engagement!
  • 3. Security operations challenges 76% report increasing security data* Too many disconnected products Sophistication of threats 3.5M unfilled security jobs in 2021** IT deployment and maintenance Lack of automation 44% of alerts are never investigated*
  • 4. Security Operations Team Cloud + Artificial Intelligence
  • 5. Microsoft Sentinel Optimize security operations with cloud-native SIEM powered by AI and automation Harness the scale of the cloud Detect evolving threats Expedite incident response Get ahead of attackers
  • 6. Harness the scale of cloud-native SIEM  Eliminate infrastructure setup or maintenance  Put no limits to compute or storage resources and scale at will  Collect and analyze data across your entire organization at cloud scale  Pay only for what you use—resulting in a SIEM 48% less expensive than traditional SIEMs*
  • 7. Detect evolving threats  Harness ML based on decades of Microsoft security experience and learnings  Leverage threat intelligence from Microsoft’s expert security team, or bring in your own  Dive deeper with XDR with Microsoft 365 Defender and Microsoft Defender for Cloud integration
  • 8. Expedite investigation and response  Focus on what matters with AI that reduces false positives by 79%*  Easily understand the scope of an attack with incidents that automatically map related entities  Integrate automation into your day-to-day operations workflow
  • 9. Stay ahead of attackers  Rapidly hunt for threats with the speed of the cloud with robust threat hunting tooling  Get advanced insights into entities fueled by built-in User and Entity Behavior Analytics (UEBA)  Conduct advanced, custom hunting with built-in Jupyter notebooks
  • 11. “Microsoft roars into the security analytics market… The vendor’s entry into the security analytics space captivated security buyers. Microsoft’s bold move to allow the ingestion of Microsoft Azure and Microsoft Office 365 activity logs into Sentinel at no cost makes the solution attractive to enterprises invested in Azure and Microsoft 365.” - The Forrester Wave™: Security Analytics Platforms, Q4 2020 report The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.
  • 12. Microsoft Sentinel has more than 10,000 paying customers analyzing 5 petabytes of data per month
  • 13. An end-to-end solution for security operations
  • 15. Collect security data at cloud scale from any source Azure + Microsoft 365 Security Alerts, Activity Data Collectors CEF, Syslog, Windows, Linux TAXII + Microsoft graph Threat Indicators APIs Custom Logs Proven log platform with more than 10 petabytes of daily ingestion
  • 16. Integrate out-of-the-box with your existing tools in Azure, on-premises, or in other clouds 150+ out-of-the-box integrations, with more on the way
  • 17. Get interactive dashboards for powerful insights  Choose from a gallery of workbooks  Customize or create your own workbooks using queries  Take advantage of rich visualization options  Gain insight into one or more data sources
  • 19. Reducing alert fatigue Analyzing activities across multiple cloud services into high-fidelity security cases 300B Identity logins 4.1B Office 365 actions 3.2B Azure admin actions 28M Identity detections 20M Anomalous Office 365 actions 2M Anomalous Azure actions 320 Subgraphs 18 Cases
  • 20. Leverage extensive library of detections or build your own  Choose from more than 100 built-in analytics rules  Customize and create your own rules using KQL queries  Correlate events with your threat intelligence and now with Microsoft URL intelligence + network data  Democratize machine learning with code-free, customizable ML anomaly detections
  • 21. Improve insider and unknown threat detection with User and Entity Behavior Analytics  Use behavioral insights to detect anomalies, understand the relative sensitivity of entities, and evaluate potential impact  Get baseline behavioral profiles of entities across time and peer group horizons Powered by the proven Microsoft User and Entity Behavior Analytics (UEBA) engine
  • 23. Start hunting over security data with fast, flexible queries  Run built-in threat hunting queries—no prior query experience required  Customize and create your own hunting queries using KQL  Integrate hunting and investigations  Use bookmarks and live stream to manage your hunts
  • 24. Use Jupyter notebooks for advanced hunting  Run in Azure Machine Learning  Use sample templates to help you get started  Save as sharable HTML/JSON  Query Microsoft Sentinel data and bring in external data sources  Use your language of choice—Python, SQL, KQL, R, …
  • 26. Monitor and manage threat intelligence  Create, view, search, filter, sort, and tag all your threat indicators in a single pane  Use alert metrics to help understand top threats targeting your organization  Use automation playbooks for leading threat intelligence providers to enrich alerts
  • 27. Use Watchlists to integrate business insights  Create collections of data for threat hunting and detection (e.g. restricted IPs, trusted systems, critical assets, risky users, vulnerable hosts)  Incorporate watchlists into analytic rules, hunting queries, workbooks, and more—create allow/deny lists, add context, and add enrichments  Upload a CSV file, create automation playbooks upload
  • 28. Access unified insights with entity profiles  Get a complete view of a host or user by bringing together data from multiple sources, including UEBA  View timeline information across the most relevant data sources​  Use Insights to quickly identify activities of interest  Customize timeline to tune results and add other data sources​  Link directly to Microsoft 365 and Microsoft Defender for Cloud where relevant for more information
  • 30. Start and track investigations from prioritized, actionable security incidents  Use incident to collect related alerts, events, and bookmarks  Manage assignments and track status, with automation at your fingertips  Collaborate easily with built-in Microsoft Teams integration
  • 31. Visualize the entire attack to determine scope and impact  Navigate the relationships between related alerts, bookmarks, and entities  Expand the scope using exploration queries  Gain deep insights into related entities—users, domains, and more 80% reduction in investigation effort compared to legacy SIEMs1 Commissioned study-The Total Economic Impact™ of Microsoft Sentinel
  • 32. Gain deeper insight with built-in automated detonation  Configure URL Entities in analytics rules  Automatically trigger URL detonation  Enrich alerts with Verdicts, Final URLs and Screen Shots (e.g. for phishing sites)
  • 34. Respond rapidly with built-in orchestration and automation Build automated and scalable playbooks that integrate across tools Security products Ticketing systems (ServiceNow) Additional tools
  • 35. Automate and orchestrate security operations using integrated Azure Logic Apps  Build automated and scalable playbooks that integrate across tools  Choose from a library of samples  Create your own playbooks using 200+ built-in connectors  Trigger a playbook from an alert or incident investigation
  • 36. Take actions today: Get started with Microsoft Sentinel Start Microsoft Azure trial Open Microsoft Sentinel dashboard in Azure portal Connect data sources To learn more, visit https://aka.ms/MicrosoftSentinel
  • 37. Q&A

Editor's Notes

  1. Previous versions: 1.0 Initial Release of Security Workshop with or without Threat Check, July 2019 2.0 Initial Release of Security Workshop with Azure Sentinel Add-on module, July 2020 2.1 Updated Microsoft Defender product names and added the Endpoint Protection optional module. Added customer cost savings optional module, October 2020 2.2 Initial Release as Security Workshop without Azure Sentinel Add-on module, February 2021 2.3 Added Hybrid Identity Protection optional module, April 2021 3.0 Name changed to Threat Protection Workshop, July 2021 3.1 Added Attack Simulation, April 2022
  2. Today, organizations are faced with the incredibly difficult task of trying to protect their expanded digital estate from increasing cyber threats. The move to the cloud and a mobile workforce have pushed the border of your estate beyond the boundary of your physical network. You data and users and systems are everywhere. Meanwhile the frequency and sophistication of attacks are ever growing. Regardless of the size of your organization or the industry, you are a target.​ This is the challenge that we all struggle with in IT security. And it's a challenge we at Microsoft think that we can uniquely help with.
  3. This creates significant challenges for your security operations teams who are tasked with defending your extended estate.   Security data explosion As your digital estate grows, so does the volume of security data. In fact 76% of organizations report an increase. And much of it is coming from in the cloud. So pumping it into legacy, on-premises systems (with all the deployment and maintenance overhead that comes with that) just doesn’t make a ton of sense. And that volume is just going to keep growing. Data is the fuel for ML models that have become so critical to threat detection. The models need both more signals and more diverse signals. To shore up their defenses, enterprise have deployed dozens of security products, each producing a large volume of alerts. In isolation, these products may have high false positive rates and poor response prioritization, resulting in deafening alert noise. As a result, organizations report that nearly half of alerts (44%) are never investigated.   Part of the reason for these alerts to fall through the cracks is a massive shortage in security professionals. A recent report by CSO magazine showed that this global talent shortage will increase to 3.5 million unfilled security jobs by 2021.  
  4. The cloud can help manage that complexity of the expanding digital estate. It simplifies and makes security easy to manage. Harnessing the power of cloud will set your SecOps teams free of IT work and help them focus on security work with no limits. Next generation of AI and automation in the cloud helps to super-charge your work. It will leverage the large-scale intelligence available in the cloud and make it work for you.
  5. This is where Microsoft Sentinel comes in. Microsoft Sentinel offers a new, modern approach to SIEM, entirely cloud-native and powered by AI and automation to help optimize security operations. Microsoft Sentinel’s cloud-native nature empowers you with the scale, flexibility, and speed of the cloud, while eliminating the time and money spent on managing infrastructure. It detects complex, evolving threats across massive volumes of low-fidelity signals using built-in machine learning developed by Microsoft security experts. It gives you everything you need to expedite incident response, streamlining investigations with robust incidents and equipping you with built-in automation. And finally, with these efficiency gains, Microsoft Sentinel gives you the ability to finally be proactive about finding and stopping threats. It includes robust threat hunting tools to help you get ahead of attackers.
  6. It all starts with the cloud. Microsoft Sentinel gives you the power and flexibility of cloud-native SIEM. Eliminate infrastructure setup and maintenance, enabling you to focus on what really matters – protecting the organization. You have no limits to compute or storage resources, and can scale up or down at will. Microsoft Sentinel gives you everything you need to take advantage of this unmatched scale – you can collect and analyze data from all clouds, users, devices, and solutions, all powered by the speed and scale of a leading cloud platform. And all of this also results in much greater cost effiency than traditional SIEM. According to the 2020 Total Economic Impact™ of Microsoft Sentinel study by Forrester Consulting, Microsoft Sentinel is 48% less expensive in licensing and infrastructure costs than traditional SIEMs.
  7. What do you do with all of that data? Microsoft Sentinel uses machine learning created by Microsoft’s security experts to filter all of those low-fidelity signals into actionable threat detection. Our machine learning is based off of Microsoft’s extensive experience and insights as a major $10B/year security vendor. Microsoft Sentinel also includes built-in user and entity behavioral analytics fully integrated into the platform for deep understanding of behavioral anomalies. Leverage threat intelligence from Microsoft’s security expertise, or bring your own with flexible TI management capabilities. Plus, Microsoft Sentinel integrates natively with Microsoft 365 Defender and Microsoft Defender for Cloud, Microsoft’s XDR solutions, for integrated threat protection. --- Get deep understanding of behavioral anomalies with built-in UEBA.
  8. Conduct investigations and response more efficiently than ever. Microsoft Sentinel’s AI reduces false positives by 79%, already ensuring that you only spend some on incidents that actually need your attention. With incidents, Microsoft Sentinel automatically maps related entities, allowing you to easily see and understand the full scope of an attack. And with built-in automation, you can streamline day-to-day operations and accelerate your response.
  9. All of these factors lead to massive efficiency gains, and with that saved times, you finally are enabled to shift from reactive to proactive. Many Microsoft Sentinel customers are finally able to strategically and proactively hunt for threats after years of being stuck in an endless loop of reactive response. Microsoft Sentinel includes robust tooling for threat hunting, allowing you to rapidly search over massive amounts of data with the speed enabled by cloud-native SIEM. You can leverage built-in UEBA for deeper insights into individual entities. And Microsoft Sentinel includes everything you need for advanced, custom hunting, like built-in Jupyter Notebooks.
  10. What’s the result of all of these things in sum? A SecOps team that’s empowered, efficient, and better equipped to protect the organization. Here are just a few examples of the efficiency gains Microsoft Sentinel brings to your security operations: It is more cost effective, shown to be 48% less expensive than traditional SIEMs. It results in a 79% decrease in false positives over three years. It is 67% quicker to deploy than legacy SIEMs, helped by its extensive pre-built content and out-of-the-box functionality It results in a 56% reduction in management effort by eliminating infratstructure management. Its AI capabilities and investigation tooling result in an 80% reduction in investigation labor effort
  11. Talk track: In its first year to market, Microsoft Sentinel has been recognized as a leader in the latest Forrester Wave™: Security Analytics Platform report, Q4 2020. The report highlights Sentinel’s ease of integration across other Microsoft technologies, automation, and the ability to ingest Microsoft Azure and Microsoft 365 activity logs at no cost as some of the key benefits that help make it a leader in this evaluation. Of the vendors evaluated, Microsoft also received the highest score in the Strategy category.
  12. It’s not only analysts recognizing these benefits. Microsoft Sentinel today has more than 10,000 paying customers who are analyzing an average of five petabytes of data per month. Our customers include leading organizations across a broad spectrum of verticals.
  13. Talk track: It all starts with visibility. With Microsoft Sentinel, you can collect data from any source with more than 150 out of the box integrations, no matter whether those data sources are coming from Azure, other clouds, or on-prem. You can easily visualize all of this data with customizable visualizations.
  14. One-click integration with Microsoft solutions Data connectors for growing list of other technologies – on-premises and cross-cloud Support for standard log formats (CEF/Syslog and WEF) Specialized TAXII and Graph connectors for threat intelligence data REST API for connecting to cloud solutions Proven log analytics platform with more than 10Pb of daily data ingestion
  15. We’re constantly adding more out of the box connectors. Today, Microsoft Sentinel includes more than 150 out of the box integrations, with more always on the way.
  16. Interactive dashboards Combines multiple kinds of visualizations – including graphs and maps Provides deep insights into a single data source or combining multiple sources Powered by KQL queries, making workbooks easy to build and customize
  17. Talk track: Now that we’ve shown you how we secure your identities and use authentication, let’s discuss how we further secure your organization from today’s evolving threat landscape with Microsoft’s threat protection solutions.   In today’s complex organizations, Microsoft’s industry-leading threat protection solutions help you defend across modern attack vectors. Microsoft’s threat protection empowers your organization’s defenders by putting the right tools and intelligence in the hands of the right people. The nature of attacks is constantly evolving. The way we think about defense must keep up. Stay ahead of attackers with a unified SecOps experience: Threat-protection solutions from Microsoft deliver best-in-suite, integrated, automated security to help defend against modern attacks Gain insights across your entire organization, end-to-end, with our cloud-native Security Information and Event Management tool (SIEM) Microsoft Sentinel Detect and respond across attack vectors with Microsoft 365 Defender and Microsoft Defender for Cloud, our extended detection and response (XDR) solutions Let’s take a closer look at how these integrated threat protection solutions work together.
  18. We ingest raw activities from various cloud services such as O365 and Azure, along with the anomalous signals from security products like M365 Defender We analyze millions of these anomalous signals to produce hundreds of suspicious candidates using advanced graph powered machine learning and probabilistic kill chain, To reduce noise further, we apply one more round of machine learning analysis that yields high fidelity security incidents It uses machine learning and a basic probability model to constrain edges. It builds connections using a stochastic process similar to how epidemics and outbreaks are modeled. It calculates the kill-chain connectivity metric which is then used for scoring. In the 320 subgraphs example, we include: Identity detection, Credential access, New service principal created, SP added as admin Persistance
  19. More than 100 built-in alert rules were developed by Microsoft and community security experts A wizard enables you to create your own analytics rules using KQL queries Thresholds can be set to alert when activity levels exceed normal patterns Correlation events with your threat intelligence and now with Microsoft intel about malicious URLs. Microsoft has unparalleled view of evolving threat landscape Customers can now match Microsoft URL TI with network logs Matched MS indicators are added to the TI table for use like any other indicator Retrospective lookbacks that match TI against historical event data and more TI types will be coming soon. Alerts can be used to trigger automated playbooks
  20. In September, Microsoft Sentinel launched User and Entity Behavioral Analytics. Microsoft Sentinel’s UEBA builds comprehensive entity profiles across time and peer group, identifying anomalies that indicate never-before-seen threats and insider risks Leverage these entity analytics insights for threat hunting and detection using built-in queries and analytics rules Unlike other UEBA solutions, you can onboard data sources in minutes. Plus, get a unified view of a user or host with new entity profiles: See UEBA insights for a particular entity Get contextual information See a timeline of activities and alerts across the most relevant data sources Make decisions based on informed insights
  21. Talk track:
  22. Built-in threat hunting queries developed by Microsoft and community experts Run threat hunting queries and see the results without prior query experience Create your own threat hunting queries unique to your environment using KQL Start investigations directly from hunting queries
  23. You can now launch Azure Notebooks directly from Microsoft Sentinel, making it easy to create and execute Jupyter notebooks to analyze your data. Notebooks combine live code, graphics, visualizations, and text, making them a valuable tool for threat hunters. Choose from a built-in gallery of notebooks developed by Microsoft security analysts or import others from GitHub to get started. These notebooks are the same professional-strength hunting solutions Microsoft’s own threat hunters use every day. Hosted in the Azure cloud so accessible anytime from anywhere Investigation workflow and data can be saved as sharable HTML/JSON document Query Microsoft Sentinel data directly in the notebook Bring external data sources such as threat Intelligence into your investigations Supports Python, SQL, KQL, R, and other languages
  24. Container for alerts, events, and bookmarks related to a particular security threat Automatically created from alerts or initiated by a security analyst when threat hunting Can be assigned to analysts for further investigation and status can be tracked Analysts can easily tag incidents and add comments Trigger automated playbooks from incidents
  25. Automatically correlate entities across different data sources and alerts Expand the scope of your investigation using built-in exploration queries View a timeline of related alerts, events, and bookmarks Click on any node to see detailed information Gain deep insights into related entities – users, domains, and more
  26. Automatically detonate URLs to speed investigation Microsoft Sentinel customers can now use the power of URL detonation to enrich alerts and quickly discover threats related to malicious URLs. When creating scheduled alerts, any URL data in the query results can be mapped to a new URL entity type. Whenever an alert containing a URL entity is generated, the mapped URL will be automatically detonated, and the investigation graph will be immediately enriched with the detonation results. A verdict, final URL and screen shot (especially useful for identifying phishing) can be used to quickly assess a potential threat. To use this feature, make sure you’ve enabled URL logging (e.g. threat logging) for your secure web gateways, web proxies, firewalls or legacy IDS/IPS. You can try this feature during the preview at no cost. Microsoft Sentinel is introducing URL Entities Use alert rules to automatically trigger URL detonation Enrich alerts with Verdicts, Final URLs and Screen Shots (e.g. for phishing sites)
  27. Talk track: Now that we’ve shown you how we secure your identities and use authentication, let’s discuss how we further secure your organization from today’s evolving threat landscape with Microsoft’s threat protection solutions.   In today’s complex organizations, Microsoft’s industry-leading threat protection solutions help you defend across modern attack vectors. Microsoft’s threat protection empowers your organization’s defenders by putting the right tools and intelligence in the hands of the right people. The nature of attacks is constantly evolving. The way we think about defense must keep up. Stay ahead of attackers with a unified SecOps experience: Threat-protection solutions from Microsoft deliver best-in-suite, integrated, automated security to help defend against modern attacks Gain insights across your entire organization, end-to-end, with our cloud-native Security Information and Event Management tool (SIEM) Microsoft Sentinel Detect and respond across attack vectors with Microsoft 365 Defender and Microsoft Defender for Cloud, our extended detection and response (XDR) solutions Let’s take a closer look at how these integrated threat protection solutions work together.
  28. While AI sharpens your focus on finding problems, once you have solved the problem you don’t want to keep finding the same problems over and over – rather you want to automate to address common issues. Microsoft Sentinel provides built-in automation with pre-defined or custom playbooks to solve repetitive tasks and to respond to threats quickly. Microsoft Sentinel will augment existing enterprise defense and investigation tools, including best-of-breed security products, homegrown tools, and other systems like HR management applications and workflow management systems like ServiceNow.
  29. Powered by Azure Logic Apps and fully integrated with Microsoft Sentinel Build automated and scalable playbooks that integrate across tools Choose from a library of samples or create your own using more than 200+ built-in connectors plus generic connectors like HTTPS Trigger a playbook from an alert or incident investigation