Microsoft named a Leader in the 2025 Gartner® Magic Quadrant™ for SIEM

We’re honored to share that Microsoft has again been recognized as a Leader in the2025 Gartner® Magic Quadrant™ for Security Information and Event Management SIEM.1 We believe this recognition reinforces Microsoft Sentinel's position as an industry-leading, cloud and AI-powered SIEM—designed to...

Microsoft named a Leader in the 2025 Gartner® Magic Quadrant™ for SIEM

We’re honored to share that Microsoft has again been recognized as a Leader in the2025 Gartner® Magic Quadrant™ for Security Information and Event Management SIEM.1 We believe this recognition reinforces Microsoft Sentinel's position as an industry-leading, cloud and AI-powered SIEM—designed to...

Microsoft raises the bar: A smarter way to measure AI for cybersecurity

ExCyTIn-Bench is Microsoft’s newest open-source benchmarking tool designed to evaluate how well AI systems perform real-world cybersecurity investigations.1 It helps business leaders assess language models by simulating realistic cyberthreat scenarios and providing clear, actionable insights into...

Empowering defenders in the era of agentic AI with Microsoft Sentinel

Microsoft unveils a new wave of security innovation—delivering an agentic platform to protect organizations at scale We are living through a turning point in how organizations work and defend themselves. Across industries, “Frontier Firms” are emerging; these are businesses where humans and AI...

Microsoft Defender delivered 242% return on investment over three years​​

The latest Forrester Total Economic Impact™ TEI study reveals a 242% return on investment ROI over three years for organizations that chose Microsoft Defender. It helps security leaders consolidate tools, reduce overhead, and empower their security operations SecOps teams with operational...

Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI

You can’t protect what you can’t see. Security operations teams have long been faced with the challenge of managing massive, fast-growing datasets, and the cost of scaling traditional data management tools to handle these data volumes has become unsustainable. We’re evolving our industry-leading...

Planning your move to Microsoft Defender portal for all Microsoft Sentinel customers

In November 2023, Microsoft announced our strategy to unify security operations by bringing the best of XDR and SIEM together. Our first step was bringing Microsoft Sentinel into the Defender portal, giving teams a single, comprehensive view of incidents, reducing queue management, enriched threa...

Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025​​

What is a security operations center? Learn more ↗ Microsoft is proud to be named a Leader in The Forrester Wave™: Security Analytics Platforms, Q2 2025—which we believe reflects our deep investment in innovation and commitment to support security operations centers SOCs’s critical mission. This...

Silk Typhoon targeting IT supply chain

Executive summary: Microsoft Threat Intelligence identified a shift in tactics by Silk Typhoon, a Chinese espionage group, now targeting common IT solutions like remote management tools and cloud applications to gain initial access. While they haven't been observed directly targeting Microsoft...

CISA Releases Microsoft Expanded Cloud Logs Implementation Playbook

Today, CISA released the Microsoft Expanded Cloud Logs Implementation Playbook to help organizations get the most out of Microsoft’s newly introduced logs in Microsoft Purview Audit Standard. This step-by-step guide enables technical personnel to better detect and defend against advanced intrusio...

Moderate: Red Hat Security Advisory: ACS 4.6 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security RHACS. The updated image includes new features and bug fixes. This release of RHACS 4.6 provides these new features: Support for ARM architecture in secured clusters Technology Preview Certifications for Red Hat Advanced Clust...

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology OT devices. Internet-exposed OT equipment in water and wastewater systems WWS in the US were targeted in multiple attacks over the past months by different...

Unified security operations with Microsoft Sentinel and Microsoft Defender XDR

Numerous cybersecurity tools exist to help organizations protect their data, people, and systems. There are different tools that check emails for phishing attempts, secure infrastructure and cloud, and provide generative AI to detect threats and uplevel response beyond human ability. While each o...

Fortify your cloud security with Wiz as it integrates with Microsoft Sentinel

Lock down your cloud infrastructure with the new Wiz integration with Microsoft Sentinel. Gain full context, support thorough investigations, and automate your response for ultimate security...

Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks

I recently worked with an enterprise customer who experienced a data exfiltration attack using the characteristics of the BazaCall campaign. BazaCall can be both a ransomware and data exfiltration attack that are used together to increase pressure on and damage to the victim. Microsoft Purview ha...

Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks

I recently worked with an enterprise customer who experienced a data exfiltration attack using the characteristics of the BazaCall campaign. BazaCall can be both a ransomware and data exfiltration attack that are used together to increase pressure on and damage to the victim. Microsoft Purview ha...

Microsoft Inspire: Partner resources to prepare for the future of security with AI

Cybersecurity is one of the most pressing challenges of our time. With an ever-changing threat landscape and siloed data across multiple security point solutions, defenders have limited visibility. It’s difficult to stay current and find cybersecurity professionals amid the global talent shortage...

How Microsoft and Sonrai integrate to eliminate attack paths

Cloud development challenges conventional thinking about risk. A “perimeter” was always the abstraction that security teams could start from—defining their perimeter and exposing the cracks in firewalls and network access. With more and more infrastructure represented as ephemeral code, protectin...

Improve supply chain security and resiliency with Microsoft

Let’s start with the bad news. Cybersecurity breaches can be particularly devastating for supply chains, which involve multiple parties and sensitive information. As operational technology OT devices become increasingly connected, blurring the gap between IT and OT environments, the risk of hacke...

Microsoft Secure: Explore innovations transforming the future of security

Building a more secure future requires an end-to-end approach. There is no question that technology plays an essential role, but security will always be human-centered. That’s what Microsoft Secure is all about. It’s about sharing knowledge, best practices, and technology innovations that empower...