Microsoft this week began previewing an instance of a graph that is specifically designed to facilitate integration of disparate cybersecurity tools and platforms.

Based on a data lake that is now generally available and an instance of a Model Context Protocol (MCP) server, the Microsoft Sentinel graph promises to make it simpler for cybersecurity teams and the artificial intelligence (AI) agents they employ to achieve and maintain context at a time when cyberattacks are continuing to increase in volume, speed and sophistication.

The first two Microsoft cybersecurity tools that will be integrated into the Microsoft Sentinel graph are Microsoft Defender, a suite of tools for defending endpoints, and Microsoft Purview, a set of data security tools.

The overall goal is to reduce the number of false positives and redundant alerts generated by cybersecurity tools while at the same time being able to visually hunt for threats and, when required, apply policies in real time to thwart attacks that are now being launched at machine speed by adversaries that are also embracing AI.

Fernando Montenegro, vice president and practice lead for cybersecurity and resilience at the Futurum Group, said applying Microsoft graph technologies to now address cybersecurity use cases is a positive development as cybersecurity teams look to operationalize agentic AI technologies. Graph technologies will play a critical role in surfacing more insights into the relationships between data, tools and the cyberattacks in ways that will increase efficiency all across security operations, he added.

The rise of graph technologies to facilitate integration of cybersecurity tools and platforms is coming at a time when there is a fierce debate over the degree to which cybersecurity teams should rely more on integrated platforms. Advocates of this approach argue that a platform from a single vendor, in addition to reducing total costs, makes it simpler to correlate threats in a way that reduces the overall amount of noise being generated by overlapping cybersecurity tools.

Conversely, proponents of a best-of-breed approach based on a layered defense strategy will argue that there is a need for multiple tools that will either identify attacks that other tools might have missed or, at the very least, ensure that any alert generated represents a legitimate threat. Graph frameworks, in theory, should make it simpler to integrate disparate tools to improve the overall state of cybersecurity without necessarily having to abandon investments in existing tools and platforms.

It’s not clear to what extent Microsoft will make its graph technologies accessible to third-party vendors but it’s all but inevitable that there will be multiple graph-based frameworks for integrating cybersecurity tools and platforms. In fact, without that capability it’s unlikely that the promise of relying more on AI agents to automate cybersecurity workflows is going to be realized.

In the meantime, however, the debate over integrated platforms versus best-of-breed approaches will continue to rage until at some point it becomes apparent that AI agents taking advantage of graphs, MCP servers and large language models (LLMs) eventually render the issue moot.