Securing Microsoft Azure on all fronts: Maximizing use of threat intelligence and defensive tools

Year to year and even day to day, cybersecurity threats are continually evolving. As attackers adopt more sophisticated methods, defenders need to catch up—and ideally stay ahead of the curve.

Microsoft offers Azure Sentinal as a tool to spot potential attacks without overwhelming security admins with alerts. But, says Paul Keely, CEO of Born in the Cloud, a Gold Azure partner, many Microsoft customers still aren't taking advantage of the power of Sentinel or the latest new threat intelligence libraries, privileged admin workspace and other systems. Keely spoke with MSDW about how he leverages Azure Sentinel and other Microsoft tools to safeguard clients from phishing, advanced persistent threats and other serious risks to security.

Adapting to a changing security landscape

Attackers use the power of public cloud and its automation templates to deploy attacks against infrastructure in one cloud service, quickly migrating to new infrastructure in the same provider with new IPs or to a totally different cloud provider. To build better defenses, security experts are looking to machine learning to identify and avert attacks.

Since founding Born in the Cloud in 2010, Keely has focused on security information and event management needs, or SIEM, building a system with capabilities similar to Sentinel for Office 365, called Office 365 Security Insights.

"We found a way to connect to log providers and put [log data] into Log Analytics and provide automation—a lot of what Sentinel does," he said. Keely explained that Sentinel's use of ML opens up more opportunities ...