By Alice Chambers |
Microsoft Sentinel data lake is now available in preview.
The Security Incidents and Event Management (SIEM) solution has been available since 2020 but Microsoft is now adding a modern, cost-effective data lake that will help to speed up agentic AI adoption and empower security teams to detect and respond to threats faster.
“Microsoft Sentinel data lake is built to help security leaders break through the limitations of traditional SIEMs by putting security data at the centre of the security operations centre, at scale, and without compromise,” said Scott Woodgate, Microsoft’s general manager of threat protection, and Krishna Kumar Parthasarathy, corporate vice president of Microsoft Sentinel data lake, in a Microsoft blog post.
The solution brings together security data from Microsoft and third-party sources to help security teams spot cyberthreats.
“This isn’t just a new product, it’s a new architecture for security operations – one that empowers security teams to hunt cyberthreats across months or years, reconstruct incidents with precision, and unlock the full value of AI,” said Woodgate and Parthasarathy.
Sentinel data lake simplifies data management with a flexible, centralised experience in the Microsoft Defender portal, bringing security data together alongside tools to prevent, detect and respond to cyberthreats every day.
By unifying all security data, Microsoft Sentinel data lake, in public preview, empowers teams to detect and respond faster.
Microsoft is also combining Microsoft Defender Threat Intelligence capabilities into Defender XDR and Sentinel so security teams don’t have to pay extra to access these features.
“With this change, security teams can easily tap into a powerful repository of frontline threat intelligence, sourced from 84 trillion daily signals and backed by the expertise of more than 10,000 Microsoft security specialists,” said Woodgate and Parthasarathy.