Microsoft Corp. today expanded its presence in the cybersecurity market with the introduction of Azure Sentinel, a cloud-based threat detection service for enterprises.

Azure Sentinel is what’s known as a security information and event management platform, or SIEM for short. SIEM products enable companies to centrally analyze activity data from different systems to look for threats. Pooling the data this way makes it possible to find useful patterns, such if two separate systems start exhibiting suspicious activity at the same time.

Microsoft is positioning Azure Sentinel as a unified hub for tracking security events across an enterprise. The product can monitor not only Azure environments, but also rival clouds such as Amazon Web Services Inc. and a company’s on-premises infrastructure.

This cross-platform support is facilitated by extensive set of integrations. Azure Sentinel can pull data from a long list of enterprise security tools and combine it with outside threat intelligence as well as Office 365 user logs. Over recent months, Microsoft has added several features to its productivity suite that enable companies to keep a lookout for potential misuse of sensitive documents.

Azure Sentinel uses machine learning to processes security data. The platform’s algorithms filter out unnecessary logs, correlate activity patterns across systems and condense the anomalous activity they come across into neatly organized alerts for administrators.

“These built-in machine learning models are based on the learnings from the Microsoft security team over many years of defending our customer’s cloud assets,” Eliav Levi, project manager for Azure Sentinel, wrote on the Microsoft Azure blog. “If you are a data scientist and you want to customize and enrich the detections then you can bring your own models to Azure Sentinel using the built-in Azure Machine Learning service.”

In addition to detecting potential breaches, the platform can automate parts of the threat response workflow. It’s capable of performing tasks such as sending an email to administrators when the underlying machine learning models detect a high-priority security event.

Microsoft has also added in tools for performing manual threat analysis. An incident investigation console enables administrators to visualize suspicious activity patterns and run queries to fetch relevant system data.

Azure Sentinel is hardly the first cloud-based SIEM offering, but according to Microsoft, it’s the first to run natively on a major cloud infrastructure-as-a-service platform. That’s quite significant given the fierce competition in this market. The introduction of the service may lead rivals AWS and Google LLC, which have also been investing in new security features, to launch competing offerings.

Azure Sentinel debuted today alongside another new security offering called Threat Experts. It lets companies send security data from their infrastructure to Microsoft, which promises to flag potential breaches and provide diagnostics information for corporate customers’ internal network protection teams.

“Through this service, Microsoft will proactively hunt over your anonymized security data for the most important threats, such as human adversary intrusions, hands-on-keyboard attacks, and advanced attacks like cyberespionage — helping your team prioritize the most important risks and respond quickly,” said Ann Johnson, the head of Microsoft’s cybersecurity solutions group.

Image: TheDigitalArtist/Pixabay