ESET, the global cybersecurity firm, has announced the extension of its ongoing collaboration with Microsoft. The new phase of their partnership involves incorporating ESET’s six threat intelligence data feeds into Microsoft Sentinel, the cloud-based security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution.
By utilising Microsoft Sentinel's built-in TAXII client, the integration enables security operations centre (SOC) analysts across organisations to explore and inspect customer threat environments effectively, ESET states.
The ESET data derives from its highly-regarded Malware and Threat Research background, featuring unique telemetry from its broad installed user base, including areas typically underserved by most rivals in the cybersecurity industry.
ESET data has played a vital role in many significant research projects and exclusive detections, such as GreyEnergy, BlackEnergy, Industroyer, NotPetya, and much of the wiper malware discovered at the outset of the Russian engagement in Ukraine.
The six threat data feeds integrated with Sentinel contain pertinent, curated data that has already passed in-house data review, curation, sorting, scoring, and processing.
These feeds comprise an APT feed, malicious files feed, botnet feed, domain feed, URL feed, and IP feed. The quality of the data is also reflected in ESET Research's high regard within the cybersecurity community and its experts' collaborations with organisations like MITRE ATT&CK, CISA, Europol, and the FBI.
"Integrating with Microsoft Sentinel allows us to demonstrate focus on strengthening security now. With our security-first, customer-centric mindset front and centre, the integration will allow ESET and Microsoft's joint customers to immediately benefit from a more holistic view of their security posture by combining ESET's real-time threat data with customers' wider security operations," said Trent Matchett, ESET Director of Global Strategic Accounts.
Besides, the integration showcases ESET's progress towards using industry-standard APIs (TAXII 2.1 and STIX 2.1) to deliver Threat Intelligence products.
ESET’s highly actionable data can have an immediate impact on combating unique threats, thanks to the company’s notable low false positive rates. Matchett added that ESET's data indeed holds high value for "SOC teams, CERTs, MSSPs or TIPs that come across this integration."
Microsoft Sentinel users can now benefit from these diverse, actionable feeds from ESET. They can significantly enhance their threat intelligence (TI) information, consequently improving their overall security posture and better countering potential threats such as ransomware attacks and malicious software campaigns.