Theom for Microsoft Sentinel Solution - Data Cloud and Data Lakehouse Attack Detection

Theom, Inc.

Theom for Microsoft Sentinel Solution - Data Cloud and Data Lakehouse Attack Detection

Theom, Inc.

Theom enriches Microsoft Sentinel with intelligence on threats to data clouds and lakehouses


Theom specializes in providing data security and AI access governance across diverse platforms, helping enterprises address the prevailing governance challenges of today’s market. Theom takes a data-centric approach to data and AI access governance by ensuring security controls follow the data across different types of data technology platforms. Theom’s fine-grained governance controls have saved companies millions by identifying duplicate data products from vendors and unused data licenses, tracking data lineage to drive purpose-based authentication and usage of data, determining overused data licenses, shrink-wrapping permissions to data sets across data meshes with multiple domains, and driving correct data cost attribution. Theom also automatically detects data leaks from insiders or outsiders while ensuring no data leaves the customer's jurisdiction and integrates with Microsoft Sentinel to stop active threats to data clouds and lakehouses.

With the Theom and Microsoft Sentinel integration, customers can now collect valuable threat intelligence content from inside data clouds and data lakehouses, detect attacks using the MITRE ATT&CK framework, ingest critical alerts into Microsoft Sentinel, and respond to incidents rapidly with built-in orchestration and automation. Theom runs inside data clouds and lakehouses to deliver unique intelligence on data assets and threats to sensitive data–all with no agents, no proxies, or no impact on business applications.

Integration benefits

Theom and Microsoft Sentinel help customers secure data clouds and data lakehouses with:

  • Insider Threat Detection and Prevention

    • Detect phished users and service accounts abusing data and suspend their access

    • Quarantine data at risk and apply egress controls to stop data leaks

    • Prioritize data security incidents based on the $ value of data at risk

  • Data and AI Access Governance

    • Detect over-provisioned access to data and shrink-wrap permissions continuously

    • Gain visibility into who has access to what data; what they do with the data

    • Ensure detection and prevention controls follow the data through the data pipeline

    • Enforce fine-grained access controls over LLM RAG

  • Ransomware detection, prevention, recovery

    • Detect attacker progression and malicious access to data, using an AI-based detection engine

    • Track and capture attacker’s encryption keys, even after attackers cover their tracks

    • Protect against prompt injection attacks

Underlying Microsoft Technologies used:

This solution has a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs.

a. Azure Monitor HTTP Data Collector API