Muninn for and with Microsoft
Microsoft has over the years developed more and more security products and features. This includes Microsoft Defender (AV), Microsoft Defender ATP (EDR), Azure Sentinel (SIEM), and various other security features and functions within MS365 and Azure.
How does Muninn AI Detect and Muninn AI Prevent integrate into and complement your Microsoft security products?
Muninn AI Detect and AI Prevent are both offering unique cyber value add that Microsoft products do not and they are able to integrate into your Microsoft security stack using open APIs to both send and receive information.
Muninn AI integration to MS365
Muninn AI Detect fully integrates to MS365 and using our analysis and machine learning technology we provide a long range of unique cyber alerts which you do not already have in MS365.
Muninn AI integration into Microsoft Defender ATP
Muninn adds value on top of Microsoft Defender ATP because Microsoft Defender ATP is able to receive and activate for instance the “isolate” command of Microsoft Defender ATP. This means that on the basis of the protocol analysis carried out by Muninn AIDetect and the isolation rules configured through Muninn AI Prevent, MicrosoftDefender ATP can shut down a device by command from Muninn AI Prevent.
Muninn AI Prevent and Muninn AI Detect integration into Azure Sentinel
We integrate to any SIEM that has open APIs. Azure Sentinel has such open APIs – so we can send our security alerts – or even the full metadata of the protocol analysis flows plus the finished Muninn AI Detect generated cyber alerts into Azure Sentinel and you can – from one dashboard, do the forensics, dig into the incidents that occur in the network.
The unique added value from Muninn AI Detect and Muninn AI Prevent on top of Azure Sentinel are:
1. Full Packet Capture – enabling deeper forensics than with “only” a SIEM’s logs.
2. Full Protocol Analysis with more than 150 different data-types extracted from the network traffic – not seen from inside devices as a SIEM does but from the perspective of the network traffic – using BRO / ZEEK protocol analysis.
3. Immediate blocking capability (using Muninn AI Prevent) of a device exhibiting extremely suspicious hacker-like activity – based on preset chosen conditions – which it has not previously exhibited and should not do.
4. Unique AI / ML algorithms building normal unique traffic patterns of each device making it extremely hard for hackers to stay under the radar.
General Integration Options
Generally, Muninn AI Detect and AIPrevent are – via our open APIs – able to integrate to and from anything that has similar open APIs. Please read more generally about integration options on our Integrations page. The “Rolls Royce model” of integrations is to integrate into the network equipment. This is possible when the network is using equivalents of SDN (Software Defined Networks) or otherwise has an open API which we can integrate to and activate an “isolate” command. This is the “Rolls Royce model” of Muninn AI Prevent because it blocks ALL traffic to and from the very maliciously behaving device immediately – not only those with agents installed or only TCP traffic –but all traffic, including UDP, on all devices including IoT etc.