In addition to releasing it’s Azure-based AI threat investigation and reporting tool, Azure Sentinel, today Microsoft has also announced a new managed threat hunting service for Office 365 tenants. But, unlike Azure Sentinel which relies heavily on AI, this other service for Office 365 has a deeply human component.
Called Microsoft Threat Experts, the service allows companies to partner with Microsoft security workers to head-off potentially damaging intrusions. This initial release offers the following two components (with more coming):
- Targeted attack notifications: Alerts that are tailored to organizations provide as much information as can be quickly delivered to bring attention to critical threats in their network, including the timeline, scope of the breach, and the methods of intrusion.
- Experts on demand: When a threat exceeds the SOC’s capability to investigate, or when more actionable information is needed, security experts provide technical consultation on relevant detections and adversaries. In cases where a full incident response becomes necessary, seamless transition to Microsoft incident response (IR) services is available.
Microsoft calls this an additional layer of expertise and optics for security, but it’s essentially security outsourcing.