Microsoft Upgrades Sentinel with AI-Powered Data Lake for Enhanced Cybersecurity

Microsoft just upgraded Sentinel with an AI-powered data lake - here's how it works

Microsoft is launching a new agentic AI system to help cybersecurity professionals manage and protect their organizations' data, the company said Tuesday. Microsoft Sentinel, a proprietary Security Incidents and Event Management (SEIM) platform, which debuted in 2019, now comes with a data lake -- that is, a centralized repository that can store structured and unstructured data without any kind of reformatting. Also: Microsoft fixes two SharePoint zero-days under attack, but it's not over - how to patch The new-and-improved Sentinel is being promoted by Microsoft as a data organization and aggregation tool that can help cybersecurity teams manage the increasingly vast quantities of data required to build and deploy new AI tools. The company is also tapping into the cultural caché surrounding agents, or AI systems that can interact with external digital tools and autonomously perform tasks without explicit prompting from human users. "This is the paradox of modern security: the more data you have, the harder it becomes to use it effectively," the company said in a press release. "And without unified, long-term visibility, even the most advanced AI models can't deliver to their full potential. Siloed data means missed threats, delayed investigations, and underutilized tools. Microsoft Sentinel data lake was purpose-built to solve this challenge and provides the foundation for agentic defense." The new data lake -- available now in preview -- provides a single interface within Microsoft Defender through which users can view security data from Sentinel, as well as from other third-party providers. The system uses a built-in AI system to analyze security risks across all of these various sources in real time, flagging potential vulnerabilities and iteratively strengthening an organization's cybersecurity infrastructure over time. The goal is to provide cybersecurity professionals with a more expansive and fine-grained level of visibility into the full spectrum of their security data, while at the same time automatically taking action to optimize protection from external threats. Also: How to upgrade an 'incompatible' Windows 10 PC to Windows 11 - 2 free options "This isn't just a new product, it's a new architecture for security operations," the blog post said. The proliferation of powerful AI tools in recent years has produced a cybersecurity arms race: while these systems present new possibilities for fraudsters and scam artists -- who use them to brute-force passwords and mimic the voices of real people, just to name a couple of examples -- they're also being used to strengthen protections against cyberattacks. A recent survey conducted by Mastercard, for example, found that many financial services companies have saved millions of dollars through AI-powered cybersecurity methods. Get the morning's top stories in your inbox each day with our Tech Today newsletter.

Microsoft Sentinel is expanding to tackle all your company's biggest security fears

A layer of AI will improve detection and response time to outpace adversaries Microsoft has launched Sentinel Data Lake as looks to break down silos, lower costs and improve large-scale threat detection with an updated, AI-optimized security data lake. Now in public preview, Microsoft says users will no longer need to choose between retaining critical data and staying within budget, promising to reduce data retention costs to less than 10% of traditional analytics logs. It combines SIEM, XDR and threat intelligence into a single platform, bringing together data from Microsoft and third-party sources with over 350 native connectors, promising to be a whole "new architecture," not "just a new product." In order to democratize threat intelligence and improve coverage, Microsoft Defender Threat Intelligence capabilities will now be available in Defender XDR and Sentinel without adding to the cost. This is on top of the injection of artificial intelligence, which promises "faster detection, smarter response and the ability to outpace even the most sophisticated adversaries." Microsoft says the update allows security teams to uncover attacker behavior without worrying about storage limits, which can significantly improve detection by analyzing company-specific trends. Sentinel Data Lake "enables security teams to proactively detect latent attacks, detect emerging threats with AI-driven models, reconstruct attack timelines in forensic detail, and retroactively uncover indicators of compromise that might otherwise go unnoticed," Microsoft explained. Among the benefits of Microsoft's upgraded Sentinel include the ability for companies to keep raw data for compliance and digital forensics and a lower TCO with faster ROI.