AI-powered cybersecurity with Azure SentinelAzim Ahmad
The changed world we’ve found ourselves living in since the global pandemic struck has been particularly helpful to cybercriminals. Nothing illustrates this so well as the SolarWinds hack, described by Microsoft president Brad Smith as the most sophisticated cyberattack of all time, the reverberations of which have been felt throughout 2021.
Homeworking, the ongoing digitalisation of society, and the increasingly online nature of our lives mean opportunities are about for phishers, hackers, scammers, and extortionists. As we head into 2022, there is, unfortunately, no sign of this letting up. This is why it’s essential for individuals and organisations to be aware of the ever-growing avenues of attack as well as what can be done to mitigate the risks.
So let’s take a look at the most important and significant trends affecting our online security in the next year and beyond while throwing in some practical steps we recommend to avoid becoming victims:
Similar to the way in which it is used in financial services for fraud detection, artificial intelligence (AI) can counteract cybercrime by identifying patterns of behaviour that signify something out-of-the-ordinary may be taking place. Crucially, AI means this can be done in systems that need to cope with thousands of events taking place every second, which is typically where cybercriminals will try to strike.
A product we recommend and work with is the Azure Sentinel Solution for all cloud security needs.
Azure Sentinel will help you deliver cloud-native security operations as mentioned below:
Cloud-native security operations
- Easily gather data across your enterprise
Using Azure Sentinel, you can aggregate all security data. For example, you can download a customer’s Office cloud data and combine it with security information to find threats. Azure Sentinel can be integrated with Microsoft Graph Security API, which enables you to import your own threat intelligence feeds. So, you can customize threat detection and alert rules.
- AI power to analyse and identify threats quickly
Sentinel uses highly scalable machine learning algorithms to associate a large number of low fidelity anomalies to present a few high fidelity security incidents to the analyst. Using machine learning, you can quickly derive values from large amounts of security data that you have consumed, thus helping you easily connect the dots. Azure Sentinel has the ability to connect to user activity and behaviour data from Microsoft 365 security products. This information can be used in combination with other sources to gain better visibility into an entire attack sequence.
- Track any suspicious activities
By using graphical and AI-based investigation, you can reduce the time taken to understand the entire scope of an attack and its impact on your whole system. It’s possible to automate the process by which SecOps collect and analyse data (which is a repeatable process). Azure Sentinel provides capabilities that enable you to automate your analysis by building hunting queries and Azure Notebooks (based on Jupiter notebooks). Microsoft has developed a set of queries and Azure Notebooks based on proactive hunting performed by their Incident Response and Threat Analysts teams. The queries and Azure Notebooks will evolve along with the threat landscape.
- Automate repetitive tasks and threat response
AI obviously sharpens your focus on discovering problems. But once you solve a particular kind of issue, you don’t expect to keep finding the same problems again and again. Azure Sentinel provides built-in automation and orchestration with pre-defined or custom playbooks to solve repetitive tasks and to respond to threats quickly. It can enhance the existing enterprise defence and tools used for probe including security products, native tools, various applications like workflow management systems or HR management applications.
Why we recommend Azure Sentinel to our clients
Azure Sentinel offers scalable, cloud-based intelligent security analytics for your entire enterprise. Most of the traditional SIEMS have proven to be expensive to own and operate, and requires you to pay upfront and incur high cost for infrastructure maintenance and data ingestion. With Azure Sentinel there are no upfront costs, you pay for what you use.
In my next article, I’m covering the growing threat of ransomware, so stay tuned for more insights on what should be your organisation’s security priorities in 2022.