Microsoft has launched a new service, providing customers a direct line to the top security experts from the company when the threat is bad enough that it can't be dealt with by the customer alone.
Threat hunting service, Threat Experts on Demand is now a part of Microsoft Defender Advanced Threat Protection (ATP) and will be available to the customers with Windows 10 Enterprise E5 and the Microsoft 365 bundle subscription. The venture is basically for large organizations that although have good and strong security but may encounter a sticky problem such as NotPetya outbreak, insider threats, and cyber-espionage threats.
This is a development and adds on to Microsoft security services for customers, complimenting targeted attack notifications and Azure Sentinel cloud-SIEM service, which became available in September.
Microsoft says, that once clicking the button, the security team will send the problem to Microsoft's incident response services and it also promises technical consultation to customers on adversaries and relevant issues by their threat experts.
"Customers do what they can to deal with these threats but sometimes they need additional help," said Brian Hooper, senior research lead at the Microsoft Defender research group. "Sometimes they just want a trusted partner. Microsoft has visibility of over a billion machines worldwide and we're able to use that to bring out and deeply understand the threats that enterprises face. We help them become aware of those threats in their environment, reduce dwell time, and give them visibility into those critical threats so they can prioritize and respond with confidence."
He also said Threat Experts on Demand does allow enterprise customers to "tap into the 3,500-plus security professionals Microsoft has globally". After receiving a threat, which the customer can't deal with, he/she can contact Threat Experts with a click of a button and there will be a full-time Microsoft employee to handle each and every request for help.
"This is our managed threat hunting capability. It combines expert human hunters with our own artificial intelligence and automation to help our enterprise customers deal with those critical threats", said Hooper.
ZDNet explains that the Experts on Demand human element includes:
1.Additional clarification on alerts, including the root cause or scope of the incident.
2. Clarity into suspicious machine behavior and recommended next steps if faced with an advanced attacker.
3. Determines risk and protection regarding threat actors, campaigns, or emerging attacker techniques.
4. Seamlessly transitions to Microsoft Incident Response (IR) services when necessary.