Overview

Theom integrates with Microsoft Sentinel enabling customers to detect and stop active threats to data clouds and data lakehouses. Sentinel customers can seamlessly use Theom’s unique AI threat intelligence while using their trusted environment for alerting and remediation.

With the Theom and Microsoft Sentinel integration, our customers can now collect valuable threat intelligence content from inside data clouds and data lakehouses, detect attacks using the MITRE ATT&CK framework, ingest critical alerts into Microsoft Sentinel, and respond to incidents rapidly with built-in orchestration and automation. Theom runs inside the data cloud or data lakehouse to deliver unique intelligence on data assets and threats to sensitive data–all with no agents, no proxies, or no impact on business applications.

Integration benefits

Theom and Microsoft Sentinel help customers secure data clouds and data lakehouses with:

• Insider Threat Detection and Prevention

• Detect phished users and service accounts abusing data and suspend their access

• Quarantine data at risk and apply egress controls to stop data leaks

• Prioritize data security incidents based on the $ value of data at risk

• Data Access Governance

• Detect over-provisioned access to data and shrink-wrap permissions continuously

• Gain visibility into who has access to what data; what they do with the data

• Ensure detection and prevention controls follow the data through the data pipeline

• Ransomware detection, prevention, recovery

• Detect attacker progression and malicious access to data, using an AI-based detection engine

• Track and capture attacker’s encryption keys, even after attackers cover their tracks

Underlying Microsoft Technologies used:

This solution has a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs.

a. Azure Monitor HTTP Data Collector API