Just an excuse for more slurping by MSFT
Microsoft has wheeled out two new enterprise security tools – Azure Sentinel, a cloud-based SIEM, and Microsoft Threat Experts, an infosec advice-as-a-service bundled with a panic button. The two services are part of Redmond's ongoing invasion of the cloud security market. It will be showing off the technology at the RSA …
This post has been deleted by its author
...nearly limitless cloud speed and scale...
It's early and I had to break this down to process because not enough caffeine:
So it has limits. Check!
It's the new Project Tartan cloud. It moves at the speed of plaid. Check!
And it's a fish. Got it!
If it's anything like O365, they'll expect you to pipe all that data over the Internet directly without the protection of a web proxy.
And, don't forget, Microsoft sales reps are the like the Priors of Ori; they'll pressure your organization into signing the contract before any feasibility or security studies can be done. Remember, they don't care if you want to define your security policies or perform risk analysis yourself; all your policies become what they dictate. Microsoft is Origin.
"Azure Operations Management Suite and Security Centre lacked the event correlation and automation that market leaders like Splunk and Alienvault know is needed for a SIEM to be anything other than an irritating source of noise." - its not about correlation, its simpler than that. The tools will always be noisy - whether that noise is irritating or not depends on the effort put into understanding business data flows and configuring alerts.
And on that subject, looks like they rolled out their new Telepathic SIEM that can figure out how the business intended to utilise TCP/IP for their apps, just from reading the minds of app architects, and configure alerts accordingly. I can't see how this solution can possibly work. I'm not seeing the 'I' part of AI here.
Biting the hand that feeds IT © 1998–2020