• Cloud security partnership presages Microsoft’s anointing as one of three strategic security partners for BT.
  • Group unveils tailored managed security services to support software giant’s SIEM product.
  • More new offerings on way to support Microsoft cloud applications.


BT guards Microsoft Azure Sentinel

BT guards Microsoft Azure Sentinel

Source: Microsoft

A closer relationship between BT and Microsoft was unveiled by the two partners, ticking important strategic boxes for the UK-headquartered Group.

Coming just a few weeks before Microsoft was named as one of BT’s main cybersecurity partners in a slimmed down portfolio, the link-up serves two purposes for the operator: demonstrating tighter collaboration with a major public cloud provider — something which Neil McRae, BT Group Chief Architect, is especially enthusiastic (BTwatch, #305 and passim) — and providing greater visibility for both the vendor’s cybersecurity capabilities and BT Security Advisory Services, a new unit unveiled in March 2020 (BTwatch, #311).

As part of the agreement, BT launched what it called a “new range” of fully managed security and advisory services to support Microsoft Azure Sentinel, a data analytics tool to guard companies against cybersecurity attacks.

There is promise of more collaboration to come. BT said the AzureSentinel hook-up was the “first in a series” of managed security services that it will offer to support Microsoft’s cloud-based applications. More details are promised later in 2020.

Guarding the guards

Azure Sentinel is Microsoft’s cloud-native play in the security information and event management (SIEM) market. SIEM software products are designed to gather information from different sources, such as operation systems, applications, and databases. The large quantities of data are then constantly analysed for anomalies and any other signs of a security incident. As part of Microsoft’s Azure cloud computing platform, AzureSentinel differentiates from other SIEM products in that it is integrated with Office365 and other Azure offerings.

BT’s role is to provide a managed service for both AzureSentinel’s SIEM product and its security orchestration automated response solution. The service includes alert detection, threat visibility, and threat response. Protection of this sort is evidently enabled by combining data from the Azure Sentinel workspace with BT’s “own expertise and extensive threat intelligence gained from protecting one of the world’s largest global networks”. BT’s 16 Security Operations Centres are tasked with monitoring data “ingested” into a customer’s AzureSentinel workspace.

BT Security Advisory Services is on hand to offer “expert guidance” to help organisations get to grips with cybersecurity requirements.

We’re pals, we are

BT, evidently proud to be seen as a close buddy of the software giant, deftly added in the Azure Sentinel announcement that it was one of the first Managed Security Service Providers (MSSP) to have been selected for the Microsoft Intelligent Security Association (MISA).

Launched in 2018, MISA has built up a security ecosystem, mainly with independent software vendors that have integrated their solutions with Microsoft. In July 2020, Microsoft launched an invitation-only pilot programme for ‘select’ MSSPs.

Advisory role

BT launched Security Advisory Services in March 2020. The new practice, which BT flagged as part of “ongoing expansion” of its cybersecurity capabilities, offers “strategic security guidance and solutions to organisations across the globe”. The new initiative is led by Tristan Morgan, who seems to be a rising cybersecurity star at BT. In late-2019, Morgan took on a new role as Director of Global Security Consultancy & Security, which was an add-on to his existing position as Director of Portfolio and Delivery at BT Security (BTwatch, #308). Morgan has around 300 staff under his wing at the new practice. Target customers range from small- and medium-size enterprises through to multinational companies and public sector organisations. BT Security’s ‘ethical hacking’ team, which uses the same tools and techniques as cybercriminals to attack organisations’ defences and identify vulnerabilities, are part of Security Advisory Services.