SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
ESET integrates threat Intelligence with Microsoft Sentinel for superior cybersecurity
Tue, 12th Dec 2023

In a notable advancement for cybersecurity, ESET announced the integration of its threat intelligence data feeds with Microsoft Sentinel, a scalable cloud-native security information and event management (SIEM) platform offering incident response capabilities. This move underscores the firm's commitment to extending the value of its unique data to organisations seeking enhanced threat intelligence solutions and swift response abilities.

ESET's threat intelligence data is developed based on its acclaimed Malware and Threat Research expertise. It benefits from a unique telemetry sourced from a significant installed user base across different regions. These regions are often considered underserved by most of the firm's competitors.

ESET's research capacity and data have previously contributed towards substantial botnet takedowns and disruptions. This capacity draws upon the efforts of over 160 expert researchers and software engineers operating within the company's Core Research and Threat Detection divisions.

ESET's integration with Microsoft Sentinel leverages the latter's TAXII (Trusted Automated Exchange of Intelligence Information) client. This allows security operations centre (SOC) analysts within any organisation to hunt and investigate elements threatening their customers' operational environments. This integration offers six meticulously curated and in-house evaluated threat data feeds: the APT feed, malicious files feed, botnet feed, domain feed, URL feed and IP feed.

The announcement positions ESET on a path towards promoting seamless interaction between its data, internal tools, and third-party SIEM and SOAR tools, starting with Microsoft Sentinel.

Trent Matchett, ESET Director of Global Strategic Accounts, said: "Integrating with Microsoft Sentinel allows us to demonstrate focus on strengthening security now. With our security-first, customer-centric mindset front and centre, the integration will allow ESET and Microsoft's joint customers to immediately benefit from a more holistic view of their security posture by combining ESET's real-time threat data with customers' wider security operations." 

The integration of Microsoft Sentinel is a practical application of ESET's pursuit towards using industry-standard APIs to deliver Threat Intelligence products. According to Matchett, "This announcement is also a proof point for ESET's journey towards utilisation of industry-standard APIs to deliver Threat Intelligence products."

"With the Microsoft Sentinel integration, ESET further demonstrates the unique value-add we've brought to the cybersecurity community for more than 30 years."

"So, for SOC teams, CERTs, MSSPs or TIPs that come across this integration, they should know that ESET data is highly actionable, and with ESET's storied low false positive rates, can have an immediate impact when countering threats that ESET has unique detections for," said Matchett. 

Customers using Microsoft Sentinel can now access unique, diverse and actionable feeds from ESET, substantially improving their organisational security posture and preventing cyber threats such as ransomware attacks and malware campaigns.

This development also includes features based on the core principles of ESET threat intelligence and its endpoint protection product line, known as 'ESET PROTECT'. These features include advanced real-time intelligence, a dedicated team tracking all major APT groups, cloud-native deployment, protection from potential ransomware attacks, early-stage detection and protection, and significantly more.