On 21st May, Quorum Cyber’s Modern MDR, Made Clear webinar explored how organisations can turn threat intelligence into faster detection, smarter response, and measurable cyber resilience using Microsoft Sentinel. Attendees, who represented organisations in a wide range of sectors, gained practical insights into how they can optimise their approach to detection and response, with a focus on improving both efficiency and resilience across their security operations.

Hosting the webinar, Richard Holland, Field CISO, was joined by Karl Innes, Head of Solutions Architecture, and Harish Aitharaju, Principal Product Manager at Microsoft.

Setting the scene, Richard emphasised some the key stats from Microsoft. Every day, the company now processes over 100 trillion signals, blocks 4.5 million malware samples, and screens 5 billion emails for phishing and malicious content. Notably, AI-generated phishing is almost five times more likely to be successful than traditional phishing, while 97% of identity attacks involve password-based techniques. Overall identity attacks increased by 32% in H1 2025 compared to H1 2024.

Furthermore, Quorum Cyber’s 2026 Global Cyber Risk Outlook reveals that there was a 30% rise in the number of new ransomware groups from 2024 to 2025, and a 96% increase in phishing attacks over the same period. And researchers have evidence for the first use of AI (Claude) in a nation-state group’s cyber operations.

“All of that together is creating a huge amount of telemetry that we all need to deal with within our MDR environment, and, at the same time, automation is becoming essential within those Security Operations Centre (SOC) services,” said Richard. “The skill sets that we need and require improving all the time and increasing all the time as they deal with more and more events and incidents that are happening. Threat intelligence is becoming part of the norm.”

He explained how this is changing the nature of people’s roles: “Analysts themselves are becoming not just SOC analysts, they’re becoming cyber intelligence engineers using data and the telemetry information that they would use traditionally together in order to combat offense. And as the signals increase, the MDR becomes something far cleverer, beyond EDR and more of an intelligence engine that we all use. So, this is the MDR moving from an alert-based system to cybersecurity intelligence and resilience automation engine.”

Karl warned that while SOCs have access to a huge amount of intelligence, much of it is “trapped in a dashboard or buried in an inbox”. Analysts, he said, are “overwhelmed by alert volume and are forced to manually correlate a lot of that information across multiple systems to try and understand whether something’s actually genuinely malicious or whether it’s just noise.

“If threat intelligence can’t be integrated directly into detection logic or enrichment workflows or investigations and automation responses, then it just becomes passive information” and doesn’t contribute towards active defense.

He added that threat intelligence helps us understand the attacker techniques that are at play, the emerging tools they’re using, the identity abuse methods and the attackers’ behaviours.

“Platforms like Microsoft Defender, XDR, and Sentinel have become really powerful because they provide the contextual layer that we need to connect those identities, devices, the workflows, and threat intelligence all together in real time. And threat intelligence makes threat hunting more targeted and more efficient.”

Harish revealed that the magic happens when the Microsoft Sentinel data lake centralises security data, assets, activities, threat intelligence into a unified purpose. “With over 350 connectors, the data lake ingests the data from diverse sources in any format in a multi-cloud, multi-platform environment.”

Sentinel is becoming truly agentic, he said, explaining that with Sentinel’s AI ready data foundation, Microsoft has built three layers:

1. Advanced analytics: for anomaly detection, behavioural analysis and forensic triage
2. Customer insights: build tailored insights for your unique environment
3. Autonomous defence: for faster, smarter, autonomous threat response and learning

Harish delved deeper into how the Sentinel platform powers partner organisations with fully agentic AI-powered security services. He explained that in this way, we are able to deliver scalable, cost-efficient, AI security analytics. “The Sentinel data lake isn’t just about storage for you; it’s an engine that transforms raw signals that we look at that you can drive a lot of actionable intelligence. This means that organisations or customers can bring together diverse data sources into a unified platform without having it placed in multiple storage locations. It provides complete visibility.”

Ultimately, Quorum Cyber’s MDR, which is built of the three pillars of being Microsoft-first, thread-led and providing operational clarity, delivers key measurable outcomes:

• Faster detection
• Immediate added context
• Faster response with higher confidence
• Lower operational overheads
• Improved visibility
• Stronger resilience.

The panel answered various questions from participants including about how modern MDR can help prevent any harm being done by phishing emails from a hacked email address at a third party supplier. And how Quorum Cyber’s Security Operations Centre (SOC) can ensure that it’s detection, monitoring and response – performed by automation, AI, and human analysts – are sufficient in today’s threat landscape.

Start your journey to build better MDR

Watch the Modern MDR, Made Clear webinar on-demand or download the Modern MDR, Made Clear guide below to learn how to design and build a future-ready detection and response programme – and ask the critical questions needed to select a partner that delivers measurable protection, prevention, and resilience.

Please feel free to contact us if you have any questions about the content of the webinar or the guide.