Azure Sentinel is the industry’s first cloud-native SIEM (Security Information and Event Management) solution. More than just a log engine, its available playbooks and countless Azure Logic Apps make it a leading SOAR (Security Orchestration, Automation, and Response) solution as well. If you’re using Microsoft 365 and Azure services, Sentinel should be front and center in your Security Operations Center.

National Aquarium in Baltimore

There are two common scenarios we see with our clients concerning Digital Transformation. The first is the organization who is unfamiliar with the possibilities of the Cloud and needs guidance as to what is possible. The second scenario is an organization who has started to move a workload or two into Azure but have no formal plan only to find cost overruns. Both scenarios could benefit from our guidance to help create a transformation plan.

The result was a scalable plan for expansion that can realize the intended ROI, decreased Help Desk hours for password resets from the Azure Identity and AD Single Sign On.  We also trained the IT audit staff to be equipped to understand and manage costs in the future. Getting costs under control for a more predictable, better managed Azure environment.

Why use a SIEM/SOAR?

• Too many logs with too few people to review them means risks are left unattended. 76% of firms report an increase in security data, but 44% of alerts are never investigated.
• The global shortfall of cybersecurity resources will soon leave 3.5 million jobs unfilled.
• SIEMs and especially SOAR systems provide the automation to manage security at scale..

Why cloud-native?

• On-prem SIEMs are complicated to setup and run and are ill-suited for modern clouds
• Logs shipped from O365 and most Azure services are free
• Limitless scalability has allowed at least one Sentinel customer handling up to 400,000 events per second and ingesting 100 GB per day
• Being so simple to turn up and use provides rapid ROI

How does it work?

• Logs can be ingested from Microsoft services, on-prem systems (servers and security appliances), and AWS.
• Microsoft machine-learning triages thousands of alerts into a manageable number of incidents requiring analysis.
• Sentinel provides visuals, recommended actions, integrations to ITSM tools, proactive hunting, and playbooks to automate remediations.

Advice to get started:

• Sentinel is a detection and response solution, not a protection. Getting fundamental security solutions in place (i.e. MFA, DLP, patching) prior to using a SIEM will maximize your SOC’s efficiency.
• Trying Sentinel is simple, as-is connecting it to your Office 365 resources. Setting up the connectors to on-premises appliances and building playbooks is more of a process. Contact securecloud@enablingtechcorp.com for questions or assistance.