Zimperium's Mobile Security Blog

Zimperium First to Integrate Mobile Threat Defense with Microsoft Azure Sentinel SIEM Solution

Zimperium First to Integrate Mobile Threat Defense with Microsoft Azure Sentinel SIEM Solution

Zimperium now integrates with Endpoint Manager (formerly Intune), Microsoft Defender ATP, Azure Active Directory and Azure Sentinel SIEM

In January, we announced our integration with the Microsoft Defender Advanced Threat Protection (ATP) endpoint detection and response (EDR) solution. Our mobile threat defense (MTD) integration with Microsoft Defender ATP provides customers with a single pane of glass view within the Microsoft Defender Security Center; the same console they currently use for managing threats from traditional endpoints like laptops and desktops running Windows, Mac OS and Linux.

Today we’re announcing that Zimperium’s Android and iOS mobile threat data is now fully integrated with the Azure Sentinel, Microsoft’s cloud-native SIEM solution. As the first and only mobile threat defense (MTD) solution integrated with Azure Sentinel, security analysts are now able to include mobile threat data in their advanced threat hunting and threat correlation analysis.

“Whereas the Defender ATP EDR solution is focused on endpoints – Windows, Mac, Linux, iOS, Android – the Azure Sentinel SIEM solution aggregates data across all sources of your enterprise, including users, applications, servers, and devices running on-premises or in any cloud,” said Brian Peck,vice president of product management for Zimperium. “This allows Azure Sentinel users to hunt for threat patterns and correlate threats across all of the systems within an organization – like firewalls, web proxies, routers, servers, mobile and traditional devices, and Office 365 applications.”

Combined with Zimperium’s integration with Microsoft Intune, policies can be configured to automatically enforce conditional access to contain the detected threat.

As a result, Microsoft Azure Sentinel customers now have access to:

  • Mobile threat data from Zimperium can now be used by Azure Sentinel’s built-in AI and hunting capabilities to identify threats that are important to an organization and respond with automated remediation actions.
  • Unique to Zimperium’s integration is rich threat forensics reporting to Azure Sentinel which empowers advanced threat hunting capabilities for mobile devices. Forensics details include attacker IP/MAC, Wi-Fi network details, malicious processes and apps, and reasons for device compromise or jailbreak
  • Zimperium’s advanced integration automatically updates threat status in Azure Sentinel as threats get resolved on mobile devices so you can have an up-to-date view on active threats of each mobile device within Azure Sentinel.
  • Zimperium includes the user information associated with a threat (if enabled in privacy policies). This enables searching for threats by user within Azure Sentinel (e.g. show me list of threats affecting my C-suite executives) and building of playbooks to take custom actions if threats affect specific users.

“The integration with Zimperium mobile threat information in Azure Sentinel enables mutual customers to better inform hunting, investigation and remediation activities,” said Adwait Joshi,  Director of Azure Sentinel Product Marketing at Microsoft Corp. “Our customers can view, hunt and take actions on mobile threats in the same SIEM platform they currently use for managing security events from sources including users, applications, servers, and devices running on-premises or in the cloud.”