SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
India
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Microsoft
#
SIEM
ESET's threat intelligence data feeds enhance Microsoft Sentinel's security capabilities
Thu, 14th Dec 2023
Author image
By Catherine Knowles, Journalist
Follow us

ESET, the global cybersecurity firm, has announced the extension of its ongoing collaboration with Microsoft. The new phase of their partnership involves incorporating ESET’s six threat intelligence data feeds into Microsoft Sentinel, the cloud-based security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution.

By utilising Microsoft Sentinel's built-in TAXII client, the integration enables security operations centre (SOC) analysts across organisations to explore and inspect customer threat environments effectively, ESET states.

The ESET data derives from its highly-regarded Malware and Threat Research background, featuring unique telemetry from its broad installed user base, including areas typically underserved by most rivals in the cybersecurity industry.

ESET data has played a vital role in many significant research projects and exclusive detections, such as GreyEnergy, BlackEnergy, Industroyer, NotPetya, and much of the wiper malware discovered at the outset of the Russian engagement in Ukraine.

The six threat data feeds integrated with Sentinel contain pertinent, curated data that has already passed in-house data review, curation, sorting, scoring, and processing.

These feeds comprise an APT feed, malicious files feed, botnet feed, domain feed, URL feed, and IP feed. The quality of the data is also reflected in ESET Research's high regard within the cybersecurity community and its experts' collaborations with organisations like MITRE ATT&CK, CISA, Europol, and the FBI.

"Integrating with Microsoft Sentinel allows us to demonstrate focus on strengthening security now. With our security-first, customer-centric mindset front and centre, the integration will allow ESET and Microsoft's joint customers to immediately benefit from a more holistic view of their security posture by combining ESET's real-time threat data with customers' wider security operations," said Trent Matchett, ESET Director of Global Strategic Accounts.

Besides, the integration showcases ESET's progress towards using industry-standard APIs (TAXII 2.1 and STIX 2.1) to deliver Threat Intelligence products.

ESET’s highly actionable data can have an immediate impact on combating unique threats, thanks to the company’s notable low false positive rates. Matchett added that ESET's data indeed holds high value for "SOC teams, CERTs, MSSPs or TIPs that come across this integration."

Microsoft Sentinel users can now benefit from these diverse, actionable feeds from ESET. They can significantly enhance their threat intelligence (TI) information, consequently improving their overall security posture and better countering potential threats such as ransomware attacks and malicious software campaigns.

Related stories
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
Jason Haddix joins Flare as Field Chief Information Security Officer
AI tools linked to data exposure in 1 in 5 UK organisations
Trend Micro introduces AI-driven cyber risk management features
Top stories
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity
Record ransomware attacks in March 2024, report finds