Microsoft Corp. today announced the public preview of its new unified security operations platform, which offers cloud-native security information and event management, extended detection and response, and generative artificial intelligence tailored for cybersecurity.

Announced in November, the platform integrates diverse security capabilities to offer a unified, streamlined analyst experience across the board. The integrated suite of features has been designed to empower security leaders and security operations center teams to tackle the full spectrum of cyber threats, from prevention and detection to a comprehensive response strategy.

Microsoft argues that a need for the new unified platform comes from the current challenges faced by SOCs. Burdened by an avalanche of alerts and the often cumbersome tasks of navigating through disparate security tools, Microsoft claims SOC teams struggle to manage security threats. Added into the mix is the significant talent gap in the cybersecurity industry, with demand far outstripping supply.

Microsoft’s platform aims to dismantle the barriers and challenges facing SOCs by providing a consolidated view and management of security operations, streamlining workflows and enhancing the efficiency of security teams.

At the core of the new unified platform is “attack disruption,” a feature that leverages AI and machine learning to thwart advanced attacks automatically in real time. The company says the feature is critical in an era where cyberthreats are not only becoming more sophisticated but also capable of executing at super-fast speeds. By integrating technology capable of rapid detection and response, Microsoft claims, the platform significantly reduces the time and resources required to manage security incidents.

The platform also includes Microsoft Copolit for Security, which helps security analysts accelerate malware triage with comprehensive incident summaries that map to the MITRE framework. Copilot for Security can also assist in reverse-engineering malware, translating complex code to native language insights and completing multistage attack remediation actions with a single click.

“This platform harnesses the power of XDR and AI to disrupt advanced attacks like ransomware, business email compromise and adversary-in-the-middle attacks at machine speed with automatic attack disruption, a game-changing technology for the SOC that remains exclusive to Microsoft Security,” Rob Lefferts, corporate vice president for Microsoft Threat Protection, said in a blog post.

The new unified security operations platform is now available in public preview to Microsoft customers with a single Microsoft Sentinel workspace and at least one Defender XDR workload deployed.

Image: DALL-E 3