Cloud Security Press Release Threat Detection & Defense

ESET Threat Intelligence Integrates with Microsoft Sentinel for Enhanced Security

CSA Editorial December 14, 2023

3 minutes read

ESET, a global leader in cybersecurity, today announced that its long-standing collaboration with Microsoft now includes the integration of ESET’s six threat intelligence data feeds with Microsoft Sentinel, a scalable, cloud-native solution providing security information and event management (SIEM) and security orchestration, automation, and response (SOAR) capabilities. ESET’s integration utilises Microsoft Sentinel’s built-in TAXII client, helping security operations centre (SOC) analysts in any organization hunt and investigate customers’ threat environments. This marks a new effort to extend the benefit of ESET’s unique data to organisations seeking to improve existing comprehensive threat intelligence solutions and rapid response capabilities.

The ESET data in question is built on the back of its renowned Malware and Threat Research pedigree, which benefits from unique telemetry fed from its substantial installed user base, among them regions underserved by most competitors. This unique value-add is best demonstrated by the many notable research pieces and exclusive detections, including GreyEnergy, BlackEnergy, Industroyer, NotPetya and many of the wiper malware discovered at the start of Russia’s invasion of Ukraine.

ESET’s data and its research cadre also regularly feature in large botnet takedowns and disruptions. These discoveries were pursued by more than 160 researchers and software engineers working in Core Research and Threat Detection at ESET.

The threat data feeds featured in this integration comprise only relevant, curated data that has already received in-house data evaluation, curation, sorting, scoring and processing. The data feeds include APT feed, malicious files feed, botnet feed, domain feed, URL feed and IP feed. The quality of the data is also reflected in the strong standing of #ESETResearch in the cybersecurity community and the contributions of its experts in partnership with MITRE ATT&CK, CISA, EUROPOL, FBI and a number of government entities.

With global concerns intensely focused on threats vectoring from Russia’s war in Ukraine and other hotspots going global, ESET prioritised rapid support for enterprises via its threat data in an agnostic approach to users’ chosen threat intelligence (TI) platforms. This acknowledges the diversity of software and technology stack choices. The integration also signals ESET’s path toward supporting seamless interaction between our data and internal tools and third-party SIEM and SOAR tools — starting with Microsoft Sentinel. This approach supports simplified workflows and reductions in manual effort and enhances efficiency. The collaboration between the two companies also demonstrates a strong market position, with two industry leaders combining their strengths.

“Integrating with Microsoft Sentinel allows us to demonstrate the focus on strengthening security now. With our security-first, customer-centric mindset front and centre, the integration will allow ESET and Microsoft’s joint customers to immediately benefit from a more holistic view of their security posture by combining ESET’s real-time threat data with customers’ wider security operations,” said Trent Matchett, ESET Director of Global Strategic Accounts.

“This announcement is also a proof point for ESET’s journey towards utilisation of industry-standard APIs (TAXII 2.1 and STIX 2.1) to deliver Threat Intelligence products. With the Microsoft Sentinel integration, ESET further demonstrates the unique value-add we’ve brought to the cybersecurity community for more than 30 years. So, for SOC teams, CERTs, MSSPs or TIPs that come across this integration, they should know that ESET data is highly actionable, and with ESET’s storied low false positive rates, can have an immediate impact when countering threats that ESET has unique detections for,” Matchett continued.

Microsoft Sentinel users can now benefit from unique, diverse, actionable feeds from ESET. They can enrich their TI in a very useful and valuable way, significantly improve their security posture and prevent ransomware attacks, malware campaigns, etc. These benefits are built upon the strong foundations of ESET threat intelligence (data feed) and its endpoint protection products (ESET PROTECT), which collectively include: