You may’t shield what you possibly can’t see. Safety operations groups have lengthy been confronted with the problem of managing huge, fast-growing datasets, and the price of scaling conventional knowledge administration instruments to deal with these knowledge volumes has change into unsustainable. We’re evolving our industry-leading Safety Incidents and Occasion Administration resolution (SIEM), Microsoft Sentinel, to incorporate a contemporary, cost-effective knowledge lake. By unifying all of your safety knowledge, Microsoft Sentinel knowledge lake, now in public preview, accelerates agentic AI adoption and drives unparalleled visibility, empowering groups to detect and reply sooner. With Sentinel knowledge lake, you’re now not compelled to decide on between retaining vital knowledge and staying inside price range.
Microsoft Sentinel began on this journey 5 years in the past with the introduction of the primary cloud-native SIEM to simplify knowledge onboarding and convey the facility of AI to menace detection.¹ Since then, we’ve built-in Sentinel with Microsoft Defender and enriched it with real-time menace intelligence, guided suggestions, and automatic response capabilities. Microsoft Sentinel knowledge lake is the following step in that journey—constructed to assist safety leaders break by the restrictions of conventional SIEMs by placing safety knowledge on the middle of the safety operations middle (SOC), at scale, and with out compromise. Now, you possibly can proceed your individual journey and onboard Microsoft Sentinel knowledge lake.
Breaking down knowledge silos for higher safety
With safety log volumes rising quick, groups are compelled into making painful tradeoffs: scale back logging by risking blind spots, shorten retention by compromising forensic depth, or soak up unsustainable prices when aiming to handle all their safety knowledge inside a SIEM. That is the paradox of contemporary safety: the extra knowledge you could have, the tougher it turns into to make use of it successfully. And with out unified, long-term visibility, even probably the most superior AI fashions can’t ship to their full potential. Siloed knowledge means missed cyberthreats, delayed investigations, and underutilized instruments.
Microsoft Sentinel knowledge lake was purpose-built to resolve this problem and gives the inspiration for agentic protection. It brings collectively all of your safety knowledge, from Microsoft and third-party sources, right into a single, cost-effective knowledge lake, with greater than 350 native connectors. With knowledge retention priced at lower than 15% of conventional analytics logs, it permits seamless enrichment with menace intelligence and AI-powered detection throughout your whole surroundings. This isn’t only a new product, it’s a brand new structure for safety operations—one which empowers safety groups to hunt cyberthreats throughout months or years, reconstruct incidents with precision, and unlock the total worth of AI.
Microsoft’s imaginative and prescient for Sentinel knowledge lake displays what issues most in cybersecurity: readability, scale, and real-world affect. With greater than 1,200 Sentinel deployments worldwide, BlueVoyant has seen the necessity firsthand. Giant scale knowledge challenges at the moment are the norm. Sentinel knowledge lake marks a pure evolution of the SIEM and SOAR mannequin, one which critically helps fashionable analytics, knowledge science, and versatile ingestion technique. It’s a vital step ahead for purchasers seeking to modernize their safety operations.
—Milan Patel, Chief Income Officer at BlueVoyant
To additional assist defenders get probably the most out of their knowledge, we’re democratizing menace intelligence by converging Microsoft Defender Risk Intelligence (MDTI) capabilities into Defender XDR and Sentinel at no further price; which means safety groups will now not want to purchase a separate SKU to entry these highly effective options. MDTI worth shall be merged in Sentinel and Defender XDR over time, beginning in October 2025 when all Microsoft first-party menace reviews, together with intel profiles and indicators of compromise (IoCs), shall be out there in Defender XDR. Moreover, IoCs shall be included into Sentinel case administration so prospects can collaborate and share menace intelligence throughout groups inside their group. The remaining options will change into out there over time.
With this variation, safety groups can simply faucet into a strong repository of frontline menace intelligence, sourced from 84 trillion each day alerts and backed by the experience of greater than 10,000 Microsoft safety specialists. Learn extra about how this added worth in Sentinel and Defender will significantly improve capabilities with real-time, high-quality menace knowledge.
Empowering safety groups to do extra
The promise of AI in cybersecurity has all the time been daring: sooner detection, smarter response, and the flexibility to outpace even probably the most refined cyberattackers. However most safety groups are held again by fragmented knowledge and incomplete context. Centralizing your knowledge in a menace intel-enriched knowledge lake eliminates silos and ensures AI fashions like Safety Copilot have the total context they should detect refined cyberattack patterns, correlate alerts throughout time and area, and floor high-fidelity alerts. This creates the inspiration for the way forward for agentic protection the place AI doesn’t simply help, it acts. This shift now empowers safety groups to:
Uncover cyberattacker conduct going again years with out worrying as a lot about storage limits
Handle pre-breach and post-breach use instances by correlating asset, exercise, and TI knowledge
Make the most of real-time menace intel to triage sooner and retroactively hunt over historic knowledge
Set off detections routinely based mostly on the newest IoCs and ways, methods, and procedures (TTPs)
Use Kusto Question Language (KQL) and Apache Spark to question throughout prolonged time horizons and detect refined cyberattack patterns
Assist regulatory and compliance wants with scalable, cost-efficient knowledge retention
These are the roles that matter most in fashionable safety operations and now they’re simpler, sooner, and less expensive to execute.
For cyber groups, the huge proliferation of knowledge can misdirect focus or delay responses to real (cyber)threats. Microsoft Sentinel knowledge lake is usually a helpful software for knowledge centralization and visibility and for historic evaluation throughout giant volumes of datasets. Along with Microsoft, Accenture can assist our purchasers leverage the info lake to increase the facility of Microsoft Sentinel to supercharge assault detection and proactive remediation.
—Rex Thexton, Chief Expertise Officer, Accenture Safety
Simplifying operations whereas being AI-ready
Microsoft Sentinel knowledge lake simplifies knowledge administration with a versatile, centralized expertise within the Microsoft Defender portal—bringing your safety knowledge collectively alongside the instruments your defenders use to stop, detect, and reply to cyberthreats daily. Analysts can transfer seamlessly between the analytics and knowledge lake tiers, enabling real-time response and deep investigation from a single interface. Whereas doing that every one your knowledge saved within the analytics tier is routinely out there within the knowledge lake tier, and since it’s constructed on open codecs, organizations can tailor analytics workflows, construct customized machine studying (ML) fashions, and leverage acquainted instruments, over a single copy of their safety knowledge, to increase the worth of the info lake to fulfill their distinctive wants. Whether or not you’re consolidating instruments, scaling your SOC, or making ready for AI-powered protection, Sentinel knowledge lake adapts to your safety technique and journey.
Sentinel knowledge lake permits SOC groups into the following period of safety operations. With the ability to guarantee protection of your safety property—throughout all safety knowledge sources and huge time horizons—permits safety groups to proactively detect latent cyberattacks, detect rising cyberthreats with AI-powered fashions, reconstruct cyberattack timelines in forensic element, and retroactively uncover indicators of compromise which may in any other case go unnoticed.
The (cyber)assault floor is increasing with each software and AI software deployed throughout hybrid cloud environments, and AI-powered assaults are evolving simply as quick. What many organizations nonetheless lack isn’t simply higher instruments—it’s real-time visibility of their IT property, their configurations and enterprise context. To know their full publicity, organizations want the proper asset intelligence and a shared {industry} effort. The brand new Microsoft Sentinel knowledge lake represents a helpful step in that path; IBM is dedicated to working throughout the ecosystem to assist resolve that problem.
—Srini Tummalapenta, IBM Distinguished Engineer, Chief Expertise Officer for IBM Consulting Cybersecurity Companies
This launch marks greater than a product evolution enabling safety operations groups to reply sooner and with most visibility. Microsoft Sentinel is continuous to push the boundaries with a scalable structure that mixes SIEM, prolonged detection and response (XDR), and menace intelligence right into a single, built-in expertise. Sentinel knowledge lake is the inspiration of this evolution, enabling safety groups to purpose over extra knowledge, extra intelligently, and extra affordably than ever earlier than.
Get began right this moment
Microsoft Sentinel knowledge lake is now in preview. Be part of us as we redefine what’s attainable in safety operations:
To study extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our skilled protection on safety issues. Additionally, comply with us on LinkedIn (Microsoft Safety) and X (@MSFTSecurity) for the newest information and updates on cybersecurity.
¹Saying new cloud-based know-how to empower cyber defendersOfficial Microsoft Weblog. Ann Johnson. Feb 28, 2019.
