Why Azure Sentinel is Gaining Attention in the SIEM World

Since its launch in 2019, Azure Sentinel has come a long way in a short time. Being a native cloud application (inside Azure), this brings with it the benefits of a cloud service: no hardware, patching, updates or scaling issues. This post doesn’t cover or talk about the cost in managing the data or log retention as this can become difficult to navigate with mixed environments, however all SIEM solutions cost in this respect. But to that note, 5GB are free before costs are associated and Sentinel provides 72 days of log retention before additional cost are added. On another note, since Sentinel is located in the Azure cloud, the ingestion of data from sources not in Azure are not tagged as a cost (in bound to Azure). This also shows that in Hybrid environments, leveraging a log collector on premise can help customers retain log retention locally and only send pertinent data to Sentinel while keeping longer term logs on-premise.

 

What is a SIEM and why is it important?

A typical SIEM (Security Information and Event Management) is to collect the security-related information (logs) and security events (logins, port scans, etc.), and combine thousands of these events from hundreds or thousands of devices and provide a summary view to human consumption (something no person nor team could do on their own). As cloud technologies have increased in almost every company, the impact and stress on legacy SIEM solutions have stressed not only the IT budget but also the IT staff.

As the security landscape expanded, a need to orchestrate actions to the events that SIEMs provided, led to customers seeking automation as a way to lower costs and speed resolution. Over time this evolved to dedicated tools to help the IT staff (SOC) react quicker to threats and issues. Hence the term SOAR (Security Orchestration, Automation and Response) in tools such as Cyberbit and Demisto, along with mature SIEM vendors bolting on support such as IBM’s Resilient to QRadar and Splunk Phantom. These tools, when implemented well, can provide automated response to the ever-increasing threats and issues (not all problems are some masked person trying to steal your data) in every computer network. However, they come with a cost in both man hours and continued financial costs. For most small to medium sized organization a “managed” security offering is something to consider.

 

Key Benefits

Microsoft Sentinel, while new to the game, has multiple benefits in its favor:

  • Being created in the cloud, it leverages itself to all the benefits that cloud technology was created to solve – speed, scalability, availability, CAPEX spend and management of hardware to name a few
  • Combination of SIEM and SOAR into a single product. Microsoft has learned from players such as IBM and SPLUNK that today’s complex environments need the combination of technology that come from both a SIEM and SOAR products provide
  • Ease of use. If you’re a Microsoft customer with a presence in Azure, O365, Teams or other products, then getting this data into your SIEM is as easy as clicking a button
  • Logic Apps Framework – easy to use point and click building of basic rules. Legacy SIEMS and SOAR solutions can require quite a bit of expertise knowledge. Sentinel (for basic rule and playbooks) provides an intuitive framework for building out rules along with a library of pre created rule to leverage. More advanced rules will require skills, but the ability to link Logic Apps to Function Apps (another tool set) can make quick work of 80% of rule writing

Other aspects of Microsoft Sentinel is the ever-growing integration with existing enterprise tools and applications such as Symantec, Barracuda, Cisco and others that allow fairly easy integration with your existing infrastructure. Lastly, and native integration with AWS CloudTrail allows mutli-cloud views from a single console.  Behind all of this is one of the largest analytics of threat analysis (about 6 trillion events per day) from Microsoft machine learning itself.

 

On Demand Azure Sentinel Webinar Discussion

 

Have a look at Azure Sentinel

Cyber security is not easy and an ever-changing landscape. No vendor or tool can provide you with complete security. However, Microsoft has coming out of the gate in a short time with an impressive SIEM/SOAR solution that certainly leverages lessons learned from older vendors tools (QRadar/Splunk etc.) with a very robust tool that is worth a look if you wish to operate and run your own SOC. 3rd parties will continue to flock to Microsoft as a leader in this space as time goes on with integration making it easier to re-use existing tools. Along with Microsoft vision of supporting other clouds like AWS CloudTrail, is a smart move knowing over 70% of the cloud market share is NOT in Azure.

If your using Microsoft 365, Azure, AD or Windows 10 inside your organization, let Champion show you the benefits of starting Sentinel (which itself if free) for your security bird’s eye view.

PREV

Making Security Part of your Cloud Strategy from the Beginning

NEXT

Protecting your Identity is more important now than ever

WRITTEN BY:

Erick Bacallao joined Champion Solutions Group in 2015 after a career of Software Development in Cuba at the National Cancer Care Institute of Cuba, followed by moving to the States with allAware.

 

Champion acquired allAware and its properties and Erick has utilized his extensive background and expertise in IT and Software Development to rise to VP of Product Development in less than 5 years. During this time, Erick has been involved with key projects that led to the launch of numerous products including CSP Boss, Inscape platform and 365 Productivity Insights.

 

Erick has a Bachelor of Science in Computer Science from the University of Havana. He won Gold Medals for Programming from the Ministry of Education in Cuba, and he is certainly still a Gold Medalist for Champion!

 

As President and CEO, Chris is responsible for the development of key strategic alliances and solution portfolio. He leads Champion’s go-to market and execution strategies for integrated offerings in the cloud, in security, and in digital infrastructure, always focusing on improving the customer experience and driving transformative business outcomes.

 

He also aligns key partner initiatives with company strategy and oversees corporate marketing and messaging to gain mindshare with customers and partners. It’s his vision and innovativeness that have catapulted Champion up the ranks to become a $100M+ organization—and one of the most respected solution providers in the industry.

 

Over the past two decades, Chris has also focused on mergers and acquisitions, as well as innovative product development. He is the original founder and an active member on the Board of Managed Maintenance, Inc., a SAAS provider and consulting firm that utilizes their award-winning One-View Portal to help the IT Channel and its customers manage their IT Maintenance.

 

Chris is also the original founder and chief strategist behind one of the original storage cloud providers, Storage Access / BluePoint. During the course of a few short years, he had raised $20M and took that company public on the Toronto Stock Exchange. It has since been acquired by Pomeroy.

 

In 2012, Chris led the acquisition of MessageOps and continued the product development and worldwide launch of its premier SAAS, 365 Command. Built on Microsoft Azure, 365 Command is currently managing over 1 million seats of Microsoft’s Office 365. After achieving this phenomenal milestone, 365 Command and other MessageOps O365 utilities were sold to Kaseya.

 

Over the past 35 years, Chris as worked tirelessly to not only advance his own career, but those of his employees. In addition to leading a $100M organization, Chris can also be found sitting with sales teams, cold calling and coaching, and validating why Champion has been listed on Best Places to Work by both South Florida Business Journal and Computerworld.

Ultimately, the success garnered by Champion Solutions Group, its associated companies, and their employees is due in large part to the leadership of its President and CEO. Perhaps the most fitting award Chris has earned is South Florida Business Journal’s 2013 Ultimate CEO Award.