Today’s IT operations and security teams are tasked with managing highly complex environments which are being targeted by a growing number of sophisticated cyber-attacks. These teams have an obligation to identify and remediate security vulnerabilities and threats before they impact the business.
To solve these challenges, today we announced general availability of the updated Operations Management Suite (OMS) Security solution. OMS Security is an easy-to-use cloud solution designed to monitor security for any IT environment. With this new solution, Microsoft has enabled IT operations and security teams to more quickly and easily understand their overall security posture, detect security threats, and respond quickly.
Since the preview of the new capabilities for OMS Security in February, we are seeing over 1,000 new customers per week using the service. Customers from a diverse set of businesses have benefited from the solution, with many of them ingesting several terabytes of security data per day. OMS Security continues to help businesses defend against cyber-attacks by providing visibility into the security of their entire IT environment, detecting active threats, and enabling rapid search for further remediation.
OMS Security features available now include:
- Enhanced Security dashboard, which makes it easier to visualize and analyze security state, enables security monitoring for Linux servers, adds built-in notable issues to prioritize vulnerabilities and detections that require attention, and the ability to create custom notable issues:
- Antimalware assessment to show the status of installed antimalware protection on servers, and any malware detected:
- Threat Intelligence map and breakdown to detect servers communicating with malicious actors, along with insights into the source of the attack:
- Security Configuration Baseline Assessment to identify vulnerable Operating System configurations that could be exploited by attackers:
- Identity and Access dashboard to show failed logins and admin activities, providing insight into potential brute force or dictionary attacks:
- Microsoft Advanced Threat Analytics (ATA) integration, that surfaces security threats discovered by Advanced Threat Analytics within Operations Management Suite.
Additionally, today we’re announce two new capabilities that are available as public preview for Operations Management Suite:
- Advanced detection engine: Analyze security data from across your IT environment using behavioral analysis and machine learning. OMS Security can detect a wide array of attacks, including suspicious processes running on virtual machines, lateral movement attempts and more. The advanced detection engine utilizes Microsoft security research to provide continual updates for recent attack knowledge.
- Cisco ASA log ingestion: Bring Cisco ASA security information into OMS with new insights on malicious network traffic in and out of your network. For customers, adding this log data broadens the ability to track malicious IP addresses from any computer trying to get through the firewall.
Operations Management Suite continues to advance monitoring, automation, security, and protection and recovery capabilities to give you a holistic view of management for your systems. Learn more about how to get started with the new OMS Security capabilities. Your feedback is important to us. We encourage you to submit ideas and suggestions on the Log Analytics forum or in the comments below.