A mix of human and AI cooperation. Sound like a sci-fi novel? It’s actually Microsoft’s new security approach.
If you’re an admin, Microsoft has announced two new cloud services to help detect and manage threats to your systems. The first is all machine learning, like most cloud security offerings. The second, however, is human powered.
The First Service: Azure Sentinel
The word “Sentinel” may, once again, conjure images of machines that track down Keanu Reeves in The Matrix. The truth is more benign; Azure Sentinel is a machine learning-based Security and Event Management that takes a steam of security events and distinguishes between the important events, and the mundane ones that can be ignored.
These events might be things like bad passwords, failed attempts to escalate privileges, unusual executables, and so on.
It is designed to minimize false positives and collect data at a cloud scale. It draws data from things like Azure Active Directory, Windows Event Logs, third-party firewalls, endpoint anti-malware software, and so on.
Azure Sentinel is currently available in preview within the Azure Dashboard. It’s free for now, with no word on how it will be commoditized when it goes live.
The Second Service: Threat Experts
Threat Experts is a new feature for Windows Defender Advanced Threat Detection (ATP). It has two parts. The first is targeted attack notifications, which uses a mix of machine-learning systems and human oversight to alert admins to targeted malicious activity. For example, an employee trying to break into a system they shouldn’t have access to.
This is different from a broader-style attack (e.g. self-perpetuating ransomware). And Microsoft states the human oversight only involves anonymous data.
The second is an “Ask a Threat Expert” button which is located in the Windows Defender Security Center. If you’re noticing something suspicious that your anti-malware defenses aren’t picking up, you can reach out to a real human and get some advice. If necessary, you’ll be transitioned to Microsoft’s Incident Response Service.
How Well Will ‘Threat Experts’ Go?
One of the reasons organizations prefer AI is because they don’t require manpower. It will be interesting to see how Microsoft’s efforts to have real computer security experts on the clock work out in practice. Of course, it’s a good thing for anyone looking to get hold of a real person to not just identify a security threat, but investigate it.