Microsoft Reimagines Traditional SIEMs with Azure Sentinel

Ifyou’re like most, security is at the forefront of your mind for yourorganization. You need the right tools and the right team to keep upwith the balance of increasing number of sophisticated threats and withsecurity teams being inundated with requests and alerts.

Today I’d like to tell you about Microsoft’s reimagined SIEM tool Azure Sentinel.Over the past 10 to 15 years, Security Information and Event Management(SIEM) has become extremely popular as an aggregation solution forsecurity and events that happen in our network.

There are also software tools, hardware appliances and managedservice providers that can help support your corporate needs to betterunderstand the level of risks in real-time and over a span of time. Theydo things such as log aggregation, event correlation and forensicanalysis and offer features for alerting, dashboarding and compliancechecks.

These are great resources to help secure our environment, our users and devices. But unfortunately, the reality is securityteams are being inundated with requests and alerts. Compile this withthe noteworthy shortage of security professionals in the world – anestimated 3.5 million unfilled security jobs by 2021 – this is a majorconcern.

Microsoft decided to take a different approach with Azure Sentinel. Azure Sentinel provides intelligent security analytics at cloud scale for your entire enterprise. It makes it easy to collect data across your entire hybrid organization on any cloud, from devices to users to applications to servers. Azure Sentinel uses the power of AI to ensure you’re quickly identifying real threats.

With this tool:

• You’ll eliminate the burden of traditional SIEMs as you’re eliminating the need to spend time on setting up, maintaining and having to scale the infrastructure to support other SIEMs.
• Since it’s built on Azure, it offers virtually limitless cloud scale while addressing all your security needs.

Now let’s talk cost. Traditional SIEMs have proven to be expensive toown and operate, often requiring you to commit upfront and incur highcost for infrastructure maintenance and data ingestion. With Sentinel, you pay for what you use with no up-front costs. Even better, becauseof Microsoft’s relationships with so many enterprise vendors (and morepartners being added) it easily connects to popular solutions, including Palo Alto networks, F5 networks, Symantec and Checkpoint offerings.

Azure Sentinel integrates with Microsoft Graph Security API,enabling you to import your own threat intelligence feeds and tocustomize threat detection and alert rules. There are custom dashboards that give you a view to allow you to optimize whatever your specific use case is.

Lastly, if you’d like to try this out for free, Microsoft isallowing you to connect to your Office 365 tenant to do some testing andcheck it out in greater detail. This product is currently inpreview, so there may be some kinks but I’m looking forward to seeinghow it develops in the future, as a true enterprise-class securitysolution for your environment, whether in the cloud, on premises, indata centers or remote users or devices.