Credit: Rawpixel / Jeff Hu / Getty Images Microsoft announced Monday that it’s getting into the managed security services business. The company’s Microsoft Security Experts program includes three new managed services.Microsoft Defender Experts for Hunting is for its customers who have robust security operations centers but would like Microsoft to hunt for threats in data from endpoints, Office 365, cloud applications, and identity sources. Microsoft’s experts will hand off any actionable alerts they discover to security operations center (SOC) personnel, along with remediation recommendations. Microsoft experts are also available on-demand to answer security questions about anything from incidents to action by nation-state actors to updates on the latest attack vectors. The projected launch window for the service is in the summer of 2022.Microsoft Defender Experts for XDR is for customers who need to extend the capacity of their SOC. It extends beyond endpoints to provide detection and response across Microsoft 365 Defender. It will investigate alerts and use automation and human expertise to respond to incidents alongside a local security team. Preview of the service is expected to roll out in the fall of 2022.Microsoft Security Services for the Enterprise combines proactive threat hunting and managed XDR. It leverages Microsoft’s complete security information and event management (SIEM) and XDR stack to protect all cloud environments and all platforms. The service uses Microsoft security experts to manage onboarding, daily interactions, practice modernization, and incident response for an organization. The service is sold through a custom statement of work and is available today. Incident response, modernization services rolled into Experts programMicrosoft will be rolling two existing offerings into the Experts program. Microsoft Security Services for Incident Response provides experts who can be consulted before, during, and after a data breach. The Microsoft pros can help an organization remove a bad actor from its environment, remediate its defenses after a breach, and build resilience against future attacks.Microsoft Security Services for Modernization is aimed at customers engaged in a security transformation of their organization. It provides consulting services to help customers at any stage of their security journey, including embracing a Zero Trust approach to security. “[T]echnology alone is not enough to defend against cybercrime,” Microsoft Corporate Vice President for Security, Compliance, Identity, and Management Vasu Jakkal wrote in a company blog. “Technology is critical, but it’s the combination of leading technologies, comprehensive threat intelligence, and highly skilled people that makes for a truly effective security posture.”Harder for organizations to build security teamsThe challenge in this critical moment when cybersecurity has reached an inflection point, Jakkal noted, is that organizations are facing a cybersecurity talent shortage, with nearly one in three—or 2.5 million—security jobs vacant in the United States. That’s pushing the time of detection for a breach to an alarming 287 days. Even when talent is available, access to highly skilled expertise remains a challenge. “It’s getting harder every day for organizations to build and maintain a full security team, let alone one with the ever-expanding skillset required to meet the range of today’s security demands,” he wrote. Related content news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability brandpost The advantages and risks of large language models in the cloud Understanding the pros and cons of LLMs in the cloud is a step closer to optimized efficiency—but be mindful of security concerns along the way. By Daniel Prizmant, Senior Principal Researcher at Palo Alto Networks Oct 03, 2023 5 mins Cloud Security news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Vulnerabilities news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe