ESET, the global European cybersecurity market leader, announced that its multi-year collaboration with Microsoft now includes the integration of ESET's six threat intelligence data feeds with Microsoft Sentinel, a scalable, cloud-native solution that provides security intelligence and event management (SIEM) and security orchestration, automation and response (SOAR) capabilities. ESET's integration uses Microsoft Sentinel's internal TAXII client, supporting any organization's security operations center (SOC) analysts to identify and analyze customers' risky environments. This is a new effort to extend the benefits of ESET's unique data to organizations seeking to enhance existing comprehensive threat intelligence solutions and rapid response capabilities.
ESET's data is built on excellent Malware and Threat Research know-how, supported by unique telemetry powered by its large registered user base, including areas not served by most competitors. This added value is best demonstrated by numerous notable research and unique detections, including GreyEnergy, BlackEnergy, Industroyer, NotPetya, and many of the wiper malware discovered at the start of the Russian invasion of Ukraine.
Data from ESET and its research team are also regularly involved in major botnet takedowns and disruptions. These findings were driven by more than 160 researchers and software engineers working in ESET's Research and Threat Detection Core.
The threat data feeds in this integration include only relevant and detailed information that has already been evaluated, sorted, classified and processed internally and include APT feeds, malicious file feeds, botnet feeds, domain feeds, URL feeds and IP feeds. The quality of the data is also reflected in the strong position of #ESETResearch in the cybersecurity community and in the contributions of its experts in collaboration with MITER ATT&CK, CISA, EUROPOL, FBI and numerous government agencies.
With global concerns intensely focused on threats from Russia's war in Ukraine and other outbreaks spreading globally, ESET has prioritized rapid support for businesses through threat data in an agnostic approach to user-chosen threat intelligence (TI) platforms. This approach allows you to recognize the diversity of choices in terms of software and technology stacks. The integration also marks ESET's journey towards supporting seamless interaction between internal data and tools and third-party SIEM and SOAR tools, starting with Microsoft Sentinel. It is a process that favors the simplification of workflows and the reduction of manual effort, improving efficiency. The collaboration between the two companies also demonstrates a strong market position, with two industry leaders combining their strengths.
"The integration with Microsoft Sentinel allows us to focus on strengthening security. ESET puts security and the customer first, and this process will allow joint ESET and Microsoft users to immediately benefit from a more holistic view of their security posture, combining ESET's real-time threat data with customers' broader security operations," said Trent Matchett, ESET Director of Global Strategic Accounts.
"This announcement is also a test case for ESET's journey towards using industry standard APIs (TAXII 2.1 and STIX 2.1) to deliver Threat Intelligence products. With the integration of Microsoft Sentinel, ESET further demonstrates the unique added value shared with the cybersecurity community for over 30 years. So, SOC, CERT, MSSP or TIP teams who come across this integration, should know that ESET's data is highly actionable and which, thanks to ESET's historically low false positive rate, can have an immediate impact when it comes to countering threats for which ESET has unique detections,” continued Matchett.
Microsoft Sentinel users can now benefit from unique, diverse and actionable feeds from ESET. They can enrich their threat intelligence in a useful and valuable way and significantly improve the security posture and prevent ransomware attacks, malware campaigns, etc. These benefits build on the solid foundation of ESET's Threat Intelligence (data feed) and its endpoint protection products (ESET PROTECT), which collectively include:
Improved analytics
Native cloud deployment
Intelligence-driven data (highly accurate)
Dedicated team of threat researchers tracking all major APT groups
Unique data sources
Advanced visibility
Protection from botnets, precursors to ransomware attacks
Advanced CIO context
Detection and protection in the early stages
Threat protection with real-time automated intelligence
Further information on ESET's threat data feed and integration with Microsoft Sentinel is available who.
More details on ESET Threat Intelligence, the API project and other related topics are available on the ESET.
