Understanding Microsoft Sentinel Fusion for Advanced Threat Detection

Slide Note
Embed
Share

Threat intelligence plays a crucial role in Microsoft Sentinel solutions, enabling the detection of multi-stage attacks, ransomware activities, and emerging threats. Fusion technology combines Graph-powered Machine Learning and probabilistic kill chain analysis to detect anomalies and high-fidelity incidents across cloud services, providing a new level of security for organizations. With extensive data coverage and customizable analytics rules, Fusion empowers security teams to monitor and respond to threats effectively.


Uploaded on May 18, 2024 | 4 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Agenda Threat Intelligence Overview Fusion Incident Investigation

  2. Threat intelligence is used throughout Microsoft Sentinel Solutions Data Connectors Incidents Analytics Investigations Playbooks Notebooks Workbooks

  3. Microsoft Sentinel Fusion Advanced Multistage Attack Detection Analyzing activities across multiple cloud services into high-fidelity security cases using Graph-powered Machine Learning Activity Anomalous signals Graph-powered ML + probabilistic kill chain Further ML analysis 2.4 . 1.5 2.3 1.1 + Identity (millions of events) Office 365 activity (millions of events) Security alerts (thousands) Azure / AWS / GCP activities (millions of events) Suspicious candidates (hundreds) High Fidelity Incidents Anomalies (thousands) Host activities (millions of events) Firewall (multi-billion events)

  4. Fusion Detects 122 multi-stage attack scenarios covering kill chain stages from initial access to impact. Potential ransomware activities at defense evasion and execution stages A new set of ML algorithms that detects emerging threats Extended source signal coverage for all the assets monitored by the SOC team in a Sentinel workspace A new configuration UI to fine tune the input and output of Fusion

  5. Fusion Data Coverage Fusion for emerging threats Fusion multistage attack Fusion for ransomware Azure Active Directory Identity Protection Microsoft Defender for Cloud Microsoft Defender for Cloud Apps Microsoft Defender for Endpoint Palo Alto Networks 8 scheduled analytics rules* Microsoft Defender for Cloud Microsoft Defender for Cloud Apps Microsoft Defender for Endpoint Microsoft Defender for Identity Alerts from scheduled analytics rules, both built-in and those created by your security analysts. * Customizable anomalies Azure Active Directory Identity Protection Microsoft 365 Defender Microsoft Defender for Cloud Microsoft Defender for Cloud Apps Microsoft Defender for Endpoint Microsoft Defender for Identity Microsoft Defender for IoT Microsoft Defender for Office 365 Alerts from scheduled analytics rules, both built-in and those created by your security analysts. * * Scheduled analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion

Related


More Related Content