Cloud security powered by AI

The threat landscape facing businesses and digital services has changed dramatically in recent years. Cyber threats are evolving rapidly, and the attack surface is increasingly shifting from network perimeters to identities and cloud-based services. Many of today’s attacks target authentication tokens, API access, and misconfigured privileges – placing entirely new demands on both monitoring and response capabilities.

During the conference, Microsoft highlighted how its security suite – including tools such as Defender, Sentinel, and Purview – can be used to detect, analyse, and manage threats in a more automated and coordinated way. With the help of AI and Security Copilot, it becomes possible to act faster, reduce the analysis workload, and gain a more comprehensive, real-time view of incidents.

One of the major announcements of the conference was the launch of Business Premium Add-ons for Defender and Purview. This means that small and medium-sized enterprises can now benefit from advanced security features previously reserved for Enterprise licences – such as advanced threat protection, data classification, and information security. It marks an important step towards making a high level of security accessible to all organisations, regardless of size.

Attention also turned to the future with Microsoft Sentinel Data Lake – a new generation of cloud-based security analytics. By collecting and analysing vast amounts of security data in real time, it enables faster threat detection, predictive analysis, and a more proactive defence.

Microsoft Sentinel Data Lake offers several key features and advantages that together strengthen organisations’ ability to handle and analyse security data effectively. The data lake layer is designed for long-term, cost-efficient storage of security data and logs, supporting both Microsoft’s native data sources and a wide range of third-party integrations.

A central aspect is the ability to scale analytics and storage independently, creating a clear separation between “compute” and “storage”. This allows for optimisation of both cost and performance. The solution also opens the door to advanced analytical workflows. Users can leverage tools such as Kusto Query Language (KQL), Jupyter notebooks, and machine learning models based on ML or Spark directly against data stored in the data lake.

In practice, Microsoft Sentinel Data Lake means the following for users:

• Organisations that previously had to choose between storage cost and retaining data/context now gain greater freedom to keep more data for longer – at a lower cost.
• It simplifies investigations of ongoing incidents, compliance requirements (such as extended data retention), and the ability to detect advanced threats that evolve over longer periods.
• As data is stored in a unified layer and open format, it becomes easier to integrate custom analytics solutions and ML models.