Microsoft Azure Sentinel

Summary

In today’s fast-growing IT sector, DevOps is an approach practiced by most firms in order to compete in the software business. In such a fast-paced Agile environment, security and compliance are often overlooked. DevSecOps was introduced in order to consider security as a key factor in the DevOps environment. We are in need of a system/service which can see and stop threats before the attack can cause any harm to the infrastructure and its byproducts.

To provide such support in the modern world, Microsoft Azure has introduced Azure Sentinel. It’s an advanced and enhanced version of Security Information and Event Management (SIEM) which collects security data across the entire hybrid organization from devices, users, apps, servers on on-premise and cloud environment. With the power of artificial intelligence, it can identify real threats quickly and resolves them. Hence relieving you from the burden of traditional SIEMs and eliminating the need to spend time on setting up, maintaining threat management.

Since Azure Sentinel resides in the cloud, it can provide limitless cloud scale and speed to address your security needs. Enterprises using Office 365 are increasingly adopting the advanced security and compliance offerings included in Microsoft 365. There are many cases when you want to combine security data from users and end-point applications with information from your infrastructure environment and third-party data to single point-of-contact to understand a complete attack/ threat. Also, It would be ideal if you could do this all within the compliance boundaries of a single cloud provider.

With Microsoft Azure Sentinel, we can better address the main SIEM landscape challenges for our clients, along with simplifying data residency and GDPR concerns.

 

Azure Sentinel delivers cloud-native security operations

Collect data across the enterprise

1. Able to collect data across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
2. Aggregate all security data with built-in connectors, native integration of Microsoft signals, and support for industry standard log formats like common event format and syslog.
3. It can be integrated with solutions including Palo Alto Networks, F5, Symantec, Fortinet, and Check Point etc.
4. Microsoft Graph Security API enables you to import your own threat intelligence feeds and customizing threat detection and alert rules.

Analyze and detect threats with built-in AI

1. Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence.
2. It uses state of the art, scalable machine learning algorithms to correlate millions of low fidelity anomalies to present a few high-fidelity security incidents to the analyst.
3. Possible to customize and enrich the detection, hence you can bring your own models to Azure Sentinel using the built-in Azure Machine Learning service.
4. It can connect to user activity and behavior data from Microsoft 365 security products which can be combined with other sources to provide visibility into an entire attack sequence.

Investigate and look for suspicious activities

1. It uses graphical and AI-based investigation which will reduce the time taken to understand the full scope of an attack and its impact.
2. It also provided visualization of the attack and allows you to take quick actions in the same dashboard.
3. Proactively check for suspicious activities and analyzing data is a repeatable process, which can be automated.

Automate common tasks and threat response

1. Responds to incidents rapidly with built-in orchestration and automation of common tasks.
2. With pre-defined or custom playbooks, solve repetitive tasks and to respond to threats quickly.
3. It augments well with existing enterprise defense and investigation tools, like management applications and workflow management.
   

Conclusion

Azure Sentinel is a service that provides a proactive and responsive cloud-native SIEM which will help customers simplify their security operations and scale as they grow. It acts as a centralized system in SecOps to protect, secure and prevent similar threat in your environment.

Reference

1. https://docs.microsoft.com/en-us/azure/sentinel/quickstart-get-visibility
2. https://azure.microsoft.com/en-in/services/azure-sentinel/
3. https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard