Our everyday conversations inevitably turn to the current pandemic and all the changes that it has brought upon our business environment, especially our awareness and views of cybersecurity. We at Arco IT are a group of passionate experts in cybersecurity that are presenting a powerful tool that we are using daily in the fight against cyber attacks.
Microsoft’s Azure Sentinel security platform is a versatile addition to the cloud-based infrastructure. It allows you to collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds. Over the next few months our Arco security analysts will be contributing writers in this series. They will present their unique perspectives as they spotlight what it is like working day to day with Azure Sentinel.
First, we present an overall view of Sentinel: the benefits of using it, how it works, and how you can use it. Second, you will learn from our engineers every how they develop the queries for spotting threats. Third, you will understand from our analysts what profile of threats they search for and why some are a more dangerous than others. Finally, you will get the CISO perspective of what is like to coordinate a team using Azure Sentinel and what value this brought to his clients. We aim to clarify the parts, the processes, and the benefits of Azure Sentinel.
Azure Sentinel: Definition and Benefits
Rolled out in 2019 Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
This is a cloud solution for Security Information Event Management (SIEM) and Security Orchestration Automated Response (SOAR) meaning that:
- it’s extremely scalable and unlike many other SIEM platforms, you can deploy it with very little initial cost and effort. You also don’t need the typical large on-premise server setup of classical SIEM solutions.
- it’s a native solution in the Microsoft environment, so for most businesses it’s very easy to integrate and operate.
- it integrates easily with industry standards like syslog as well as a large and growing set of 3rd party security products
How is it doing this?
- Collects data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
- Detects previously undetected threats and minimizes false positives using Microsoft’s analytics and unparalleled threat intelligence.
- Investigates threats with artificial intelligence and hunts for suspicious activities at scale, tapping into years of cyber security work at Microsoft.
- Responds to incidents rapidly with built-in orchestration and automation of simple tasks making, reducing operational overhead.
Building on the full range of existing Azure services, Azure Sentinel natively incorporates proven foundations, like Log Analytics and Logic Apps. Azure Sentinel enriches your investigation and detection with AI and Microsoft’s threat intelligence stream. And you can also develop your own threat intelligence.
How do I use it?
Azure Sentinel connects to all your data. You simply enable Azure Sentinel, then connect it to your security sources. Azure Sentinel comes with a number of connectors for Microsoft solutions, available out of the box and providing real-time integration, including Microsoft Threat Protection solutions, and Microsoft 365 sources, including Office 365, Azure AD, Azure ATP, Microsoft Cloud App Security, and more. In addition, there are built-in connectors to the broader security ecosystem for non-Microsoft solutions and you can also use common event format, Syslog or REST-APIs to connect your data sources with Azure Sentinel.
Arco IT is one of the few cybersecurity companies in Switzerland that are utilizing this brand new and amazing tool right now. As a consultancy company, we can help you leverage its features for your own needs. Look out for our updates for more information from our experts that are using the Azure Sentinel tool daily.