Microsoft just upgraded Sentinel with an AI-powered data lake - here's how it works

NurPhoto/Contributor/Getty Microsoft is launching a new agentic AI system to help cybersecurity professionals manage and protect their organizations' data, the company said Tuesday. Microsoft Sentinel, a proprietary Security Incidents and Event Management (SEIM) platform, which debuted in 2019, now comes with a data lake -- that is, a centralized repository that can store structured and unstructured data without any kind of reformatting. Also: Microsoft fixes two SharePoint zero-days under attack, but it's not over - how to patch The new-and-improved Sentinel is being promoted by Microsoft as a data organization and aggregation tool that can help cybersecurity teams manage the increasingly vast quantities of data required to build and deploy new AI tools. The company is also tapping into the cultural caché surrounding agents, or AI systems that can interact with external digital tools and autonomously perform tasks without explicit prompting from human users. "This is the paradox of modern security: the more data you have, the harder it becomes to use it effectively," the company said in a press release. "And without unified, long-term visibility, even the most advanced AI models can't deliver to their full potential. Siloed data means missed threats, delayed investigations, and underutilized tools. Microsoft Sentinel data lake was purpose-built to solve this challenge and provides the foundation for agentic defense." The new data lake -- available now in preview -- provides a single interface within Microsoft Defender through which users can view security data from Sentinel, as well as from other third-party providers. The system uses a built-in AI system to analyze security risks across all of these various sources in real time, flagging potential vulnerabilities and iteratively strengthening an organization's cybersecurity infrastructure over time. The goal is to provide cybersecurity professionals with a more expansive and fine-grained level of visibility into the full spectrum of their security data, while at the same time automatically taking action to optimize protection from external threats. Also: How to upgrade an 'incompatible' Windows 10 PC to Windows 11 - 2 free options "This isn't just a new product, it's a new architecture for security operations," the blog post said. The proliferation of powerful AI tools in recent years has produced a cybersecurity arms race: while these systems present new possibilities for fraudsters and scam artists -- who use them to brute-force passwords and mimic the voices of real people, just to name a couple of examples -- they're also being used to strengthen protections against cyberattacks. A recent survey conducted by Mastercard, for example, found that many financial services companies have saved millions of dollars through AI-powered cybersecurity methods. Get the morning's top stories in your inbox each day with our Tech Today newsletter.