51CTO blog address: https://blog.51cto.com/14669127blog
garden blog address: https://www.cnblogs.com/Nancy1983
Microsoft Ignite will be held online from March 2 to March 4, 2021, sharing many new features for developers. 2020 is a year full of challenges, opportunities, and hardships for each of us. Data security is of paramount importance to us. Obviously, the epidemic has accelerated the formation of a distributed environment. It requires extensive visibility of many data sources. The increasingly advanced network*** has proven the importance of using artificial intelligence and analytics to transform this visibility into actionable insights. Since the mission of the security operations team is to protect these huge environments, it has integrated Solutions and complex automation systems to react faster are more important than ever.
In order to address these needs, Microsoft announced on Ignite: Azure Sentinel has been more deeply integrated with Microsoft 365 Defender, so you can investigate and respond to complex threats faster through the breadth of SIEM and the depth of XDR. Azure Sentinel is extensive The connector portfolio has been significantly expanded, no matter which source it comes from, it can help you simplify data collection and enable security operations to efficiently stay ahead of evolving threats.
- Microsoft 365 integrates SIEM and XDR extensively and deeply
Take advantage of the breadth of SIEM and the depth of XDR to further integrate Azure Sentinel and Microsoft 365 Defender. To provide a seamless experience in response to security threats, with just one click, incidents from Microsoft 365 Defender will automatically appear in Azure Sentinel's incident queue and can be classified by other data and insights. You can go deep into the deeper environment of Microsoft 365 Defender through a direct link to Azure Sentinel, so you can use the same event status and tasks to stay in sync, allowing you to manage and update all events in Azure Sentinel.
The picture below is from Microsoft 365 Defender, showing the new event synchronization
- Simplify data collection with new connectors
Azure Sentinel provides a growing catalog of more than 100 built-in connectors for Microsoft 365, Azure and other clouds, networks, users, etc. This week, Microsoft released more than 30 new data connectors, including: Cisco Umbrella, Cisco Meraki, Salesforce Cloud, and more demanding connectors. At the same time, several new Azure connectors have been released to provide a deeper and more seamless data collection experience in Azure workloads. These connectors have been published in Public Review. , Including Azure Storage, Azure SQL, Azure Kubernetes Service and Azure Key Vault.
- Automation to simplify incident response operations
Automation is the key to improving the speed and efficiency of incident response, enabling analysts to quickly respond to threats. In Ignite, Microsoft announced some new features that can simplify the automation of common incident response operations and additional advanced automated workflows.
The new automated rules enable a series of common operations to be applied to security incidents. You can specify when to apply the conditions of the rule, and select one or more predefined operations (such as assigning to users or changing the severity) and logic applications, In order to run sequentially, you can also run multiple automation rules in turn. For example, you can set an automation rule to solve a certain type of incident, then close the incident, find the next analysis and assign the incident, and then use this information to increase or decrease the number of incidents. Severity, or any other single or multiple step operation.
The figure below shows the new automation rules in Azure Sentinel, which provides a new way to automate common tasks.
In addition to the powerful new features mentioned above, Microsoft is continuing to increase the number of built-in logic application connectors and automation. Now that there is a new connector for Azure Network Solutions, it will continue to release new solutions to support automation. Workflows, such as Azure firewall blocking suspicious IP addresses, using Microsoft Defender for endpoint to isolate endpoint devices, or Azure Active Directory identity protection to update users’ risk status.
- Analyze your security data with Notebooks
On Ignite last September, Microsoft showed the experience of redesigned Notebooks on Azure Sentinel. The experience is driven by Azure Machine Learning. We will launch Notebooks in Azure Sentinel, which provides a highly customized Notebook experience. For analyzing secure data, all of this is done in a secure Azure cloud environment. Azure machine learning provides easy-to-use IntelliSense, supports existing Jupyter and Jupyterlab experiences, and convenient point-in-time notebook snapshots and notebook files for collaboration Browser.
In addition, we have added a new Notebook Machine Learning to help a wider range of users access machine learning. The Notebook template guides you to use time series analysis to detect abnormal network activity, use clustering to highlight abnormal login sessions, and use Markov Chain analysis to identify the abnormal sequence in the event.
Related information:
• learn more and view the full list of new connectors .