Microsoft now a Leader in three major analyst reports for SIEM

by Contributed | Oct 31, 2024 | Technology

This article is contributed. See the original author and article here.

We’re excited and honored to be positioned in the Leaders Category in the IDC MarketScape: Worldwide SIEM (security information and event management) for Enterprise 2024 Vendor Assessment (doc #US51541324, September 2024)—our third major analyst report in SIEM to name Microsoft as a Leader. We were recognized in the most recent reports as a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management and as a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022. We believe this position validates our vision and continued investments in Microsoft Sentinel, making it a best-in-class, cloud-native SIEM solution. It’s always a rewarding experience when trusted analysts recognize the continued work we’ve put into helping our customers modernize their operations, improve their security posture, and work more efficiently. 

A Leader in the market with an innovative solution for the SOC

Microsoft Sentinel provides a unique experience for customers to help them act faster and stay safer while managing the scaling costs of security. Customers choose our SIEM in order to:  

• Protect everything with a comprehensive SIEM solution. Microsoft Sentinel is a cloud-native solution that supports detection, investigation, and response across multi-cloud and multi-platform data sources with 340+ out-of-the-box connectors A strength of Microsoft’s offering is its breadth, which includes user entity and behavior analytics (UEBA), threat intelligence and security orchestration, automation, and response (SOAR) capabilities, along with native integrations into Microsoft Defender threat protection products. 
  
  


• Enhance security with a unified security operations platform. Customers get the best protection when pairing Microsoft Sentinel with Defender XDR in Microsoft’s unified security operations platform. The integration not only brings the two products together into one experience but combines functionalities across each to maximize efficiency and security. One example is the unified correlation engine which delivers 50% faster alerting between first- and third-party data, custom detections and threat intelligence.3 Customers can stay safer with a unified approach, with capabilities like automatic attack disruption—which contains attacks in progress, limiting their impact at machine speed.   

• Address any scenario. As the first cloud-native SIEM, Microsoft Sentinel helps customers observe threats across their digital estate with the flexibility required for today’s challenges. Our content hub offerings include over 200 Microsoft- created solutions and over 280 community contributions. The ability to adapt to the unique use cases of an organization is something called out in both the Forrester and Gartner reports.  

• Scale your security coverage with cloud flexibility. Compared with legacy, on-premises SIEM solutions, Microsoft Sentinel customers see up to a 234% return on investment (ROI).1 This makes it an attractive option for customers looking for a scalable offering to meet the evolving needs of their business while managing the costs of data. We’ve recently launched a new, low-cost data tier called Auxiliary Logs to help customers increase the visibility of their digital environment, while keeping their budgets in check. In addition, Microsoft’s SOC Optimizations feature, a first of its kind offering, provides targeted recommendations to users on how to better leverage their security data to manage costs and maximize their protection, based on their specific environment and using frameworks like the MITRE attack map  

• Respond quickly to emergent threats with AI. Security Copilot is a GenAI tool that can help analysts increase the speed of their response, uplevel their skills, and improve the quality of their work. 92% of analysts reported using Copilot helped make them more productive and 93% reported an improvement in the quality of their work.
  

What’s next in Microsoft Security 

Microsoft is dedicated to continued leadership in security through ongoing investment to provide customers with the intelligence, automation, and scalability they need to protect their businesses and work efficiently. New and upcoming enhancements include more unified features across SIEM and XDR, exposure management and cloud security in the unified security operations platform, and our SIEM migration tool—which now supports conversion of Splunk detections to Microsoft Sentinel analytics rules and additional Copilot skills to help analysts do their job better.  

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

Skill up to strengthen your organizations cybersecurity posture

by Contributed | Oct 30, 2024 | Technology

This article is contributed. See the original author and article here.

Today, cybersecurity is everyone’s job. Although specialized engineers are vital, the best defense is from the ground up and from end to end.

You’re not imagining it—the number of major cybersecurity incidents is increasing. And according to Forbes Advisor Cybersecurity Stats: Facts And Figures You Should Know, “The repercussions of cyberattacks are far-reaching and costly. A data breach costs $4.88 million on average in 2024. In 2023, compromised business emails accounted for more than $2.9 billion in losses. These alarming figures emphasize the danger of cyber vulnerabilities and highlight the need for skilled cybersecurity professionals.”

Even small and medium-sized organizations can inadvertently provide cybercriminals with a pathway to bigger targets, which means that every organization needs to skill up its teams to protect against ransomware, data breaches, and other security incidents.

National Cybersecurity Awareness Month is an ideal time for organizations of all sizes to refocus and make a plan to build strong, year-round defenses. Microsoft Learn for Organizations can help your teams build skills to protect and secure your data, information, and systems.

Apply security first, across the board

Even the most sophisticated cyber defense is built on the basics. The US Federal Trade Commission’s (FTC’s) Cybersecurity Basics include using strong passwords and multifactor authentication, keeping all software and systems updated, securing backups, and of course, remaining on the alert against phishing.

Another good start is Microsoft Security 101, which explains security-related vocabulary, core concepts, and best practices. Or check out the Security hub on Microsoft Learn, which offers technical guidance and resources for aspiring and experienced cybersecurity professionals.

Beyond these foundations, organizations should cultivate a true security-first culture, as embodied by the Microsoft Security First Initiative (SFI). Upskilling across all roles and teams can minimize weak links in the protective chain, empowering your entire organization to prevent, detect, and mitigate issues.

Microsoft Learn for Organizations includes Plans on Microsoft Learn that cover security training for various job roles, such as:

• Learning for Microsoft cybersecurity architects


• Learning for Microsoft data security administrators


• Learning for Microsoft identity and access administrators


• Learning for Microsoft security operations analysts


• Microsoft Security for business leaders and chief information security officers

Build skills with cybersecurity training from Microsoft Learn

Microsoft Learn offers self-paced, on-demand security training for many roles, skill levels, and products, and Microsoft Learn for Organizations curates this content for you and your teams to make it easier to reach your goals. The new Microsoft Security Technical Training poster highlights key offerings—whether you’re just starting out or you want to earn an expert Certification.

Get started with cybersecurity basics

Begin your learning journey with self-paced training on the essentials:

• Describe the basic concepts of cybersecurity examines how you and your team can protect your organization from cyberattacks.


• Implement information protection and data loss prevention by using Microsoft Purview explores how to govern and protect your organization’s sensitive information.


• Course SC-900: Microsoft Security, Compliance, and Identity Fundamentals covers foundational knowledge, along with the capabilities of the cloud-based identity and access management solution Microsoft Entra. It can also help you prepare to earn the Microsoft Certified: Security, Compliance, and Identity Fundamentals Certification.

Build core skills

The core security training on the new poster dives deeper with self-paced offerings that help you skill up to earn Microsoft Certifications:

• Course SC-200: Microsoft Security Operations Analyst teaches you to investigate, search for, and mitigate threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender.


• Course SC-300: Microsoft Identity and Access Administrator covers configuring and managing identities for users, devices, Azure resources, and applications. Use Microsoft Entra to design, implement, and operate your organization’s identity and access management.


• Course SC-400: Administering Information Protection and Compliance in Microsoft 365 teaches the skills needed to fill the role of information protection and compliance administrator.


• Course AZ-500: Microsoft Azure Security Technologies prepares you to fill the role of Azure security engineer, as you implement security controls, maintain your organization’s security posture, and identify and remediate security vulnerabilities.


• Learning path SC-100: Design solutions that align with security best practices and priorities offers expert training for real-world cybersecurity skills to protect your organization’s assets, business, and operations.

Earn scenario-based credentials

Microsoft Applied Skills credentials focus on validating in-demand technical skills in specific scenarios, proving your readiness to take on new tasks and projects for your team. Security-focused Applied Skills scenarios include:

• Configure SIEM security operations using Microsoft Sentinel. Demonstrate your ability to create and configure a workspace, deploy a content hub solution, configure analytics rules, and configure automation in Microsoft Sentinel.


• Secure Azure services and workloads with Microsoft Defender for Cloud regulatory compliance controls. Show that you can mitigate risks in network security, data protection, endpoint security, and posture and vulnerability management.


• Implement information protection and data loss prevention by using Microsoft Purview. Validate your ability to discover, classify, and protect sensitive data in Microsoft 365, effectively implementing data security by using Microsoft Purview.

Be cybersmart—always vigilant and always learning

Technology is ever evolving, and so is cybercrime. And building a strong cybersecurity defense is a journey. You and your teams can build your skills anytime—not just during National Cybersecurity Awareness Month! The resources, offerings, and opportunities on Microsoft Learn—curated for teams on Microsoft Learn for Organizations—can help you and your organization build the skills needed to address today’s security requirements and empower your teams to better meet tomorrow’s cybersecurity challenges.