To help defend against today’s evolving threats, SecOps teams need sophisticated tooling that provides both breadth of visibility across the entire enterprise and the depth needed to investigate threats. At Microsoft, we have a unique vision for the future of threat protection. While other vendors offer only a SIEM or XDR, Microsoft’s perspective is that SecOps can benefit from both. A SIEM delivers visibility into the full kill chain across the entire organization, including third party data, while XDR delivers deeper insights with contextual alerts for multi-cloud and multi-platform resources to reduce false alerts.
At Microsoft Ignite 2021 in March, we announced an important step in bringing you the most integrated SIEM and XDR on the market with the release of incident sharing between Microsoft 365 Defender and Azure Sentinel. Today, we are continuing the journey by announcing the public preview of incident sharing for Azure Defender and Azure Sentinel. Now, Microsoft delivers the only integrated SIEM and XDR with incident sharing across the full set of components.
Using this new capability, customers can use Azure Sentinel as their single pane of glass for incident triage, leverage Microsoft 365 Defender or Azure Defender for incident investigation and remediation, and stay seamlessly in-sync across all three products. This new capability helps reduce the overall time you spend on responding to incidents – giving you more time to focus on what’s important.
Azure Defender & Sentinel bi-directional status sync will automatically sync alerts and incidents statuses between the products:
We are excited about these new capabilities and will continue our mission to help you protect your companies. Stay tuned for more SIEM and XDR integration!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.