- Business needs
- About us
- Contact us
Azure Sentinel is Microsoft's cloud-native Security Information Event Management (SIEM) solution. This solution is Microsoft's answer to the question to make security in Azure more scalable and easier to manage. But what do you need to know about Azure Sentinel? In this blog post we provide answers to the most important questions.
Many organizations today use Microsoft 365 and are increasingly adopting the advanced security and compliance rules of Microsoft 365. At the same time, more and more companies are also using the well-secured Azure cloud to have their infrastructure and applications available 24/7.
In the ideal world you can combine the security data of users, endpoints (read: desktops, laptops, smartphones, etc.) with that of your infrastructure and applications to better understand, address and prevent possible security risks or attacks. That is now possible with Azure Sentinel.
Azure Sentinel offers companies and organizations a number of security benefits. We give you the most important:
Azure Sentinel is developed cloud-native on the scalable and high-performance Azure platform and uses multiple existing Azure services, each of which has already amply earned their spurs.
The analysis component is provided by Log Analytics, a mature service that is part of the general Azure Monitor platform. The data exploration is provided via Data Explorer and the queries use Kusto Query Language (KQL), the same language used in Log Analytics.
Data entry is done via a large number of ready-made data connectors, for services such as Office 365, Azure Active Directory (AAD), AAD Identity Protection, Azure Advanced Threat Protection, Cloud App Security and Azure Security Center, Azure Activity and Azure Information Protection and the Azure Web Application Firewall (WAF), along with Azure DNS.
But also external platforms such as Amazon Web Services (AWS), Palo Alto Networks, Cisco ASA, Check Point, Fortinet, F5, Barracuda and Symantec ICDX are supported. You can also use raw syslog data and Common Event Format (CEF) data, together with Threat Intelligence.
One of the other foundations of Azure Sentinel is Machine Learning (ML). This should help to correlate low fidelity signals with warnings with high reliability, so that analysts only have to deal with problems that really require the insight of a human person. In this way, Microsoft wants to combat “alert fatigue”, whereby security specialists no longer see the trees between the alert forest. This approach is strongly linked to automation, whereby as many of the routine tasks as possible no longer have to be checked by people.
Microsoft does not reinvent cloud security but makes smart use of the qualitative tools that the company has in house and which have already proven their services. With Azure Sentinel, it now adds a very strong management layer that, certainly for a managed cloud service provider such as Arxus, makes it even easier to better monitor the security of existing customers, to analyze it more efficiently and to intervene faster in the event of incidents.
Starting with Azure Sentinel can be done in a few steps. Naturally, every step requires a certain technical set-up. We list the most important steps for you.
If you have an Azure account, you can add Azure Sentinel to your Azure Portal. Keep in mind that you need a few things for this:
Azure Sentinel has a number of connectors to make data from certain Microsoft solutions available out of the box in real time in Azure Sentinel. These include Microsoft Threat Protection, Microsoft 365, Office 365, Azure AD, Azure ATP, Microsoft Cloud App Security, etc. In addition, there are standard connectors for the wider ecosystem of other security solutions. Once you have connected your sources, the data enters Azure Sentinel.
You can use workbooks to view data in the overview dashboard or create your own interactive dashboards, entirely from scratch or based on existing templates. In this way you gain insight into specific data sources or data that is relevant to your organization.
After you connect resources and create dashboards, you can create rules to detect threats. You can start with the out-of-the-box detection that you can easily activate via the "Rule Templates". You can then create customized rules, specifically adapted to your data, your requirements and your environment. These rules will ensure that you receive notifications when suspicious activities take place in your environment.
Azure Sentinel offers a lot of possibilities to protect your Azure environment even better. At the same time, setting up the tool correctly, creating relevant dashboards and rules requires some technical expertise.
As a managed cloud service provider, Arxus can play an important role. We can fully manage and monitor the security in your environment via Azure Sentinel, so that you only have to deal with your core business. Do you want to know more about Azure Sentinel and what it can mean for your organization? Then make sure to contact us via email@example.com
At Arxus, we invest heavily in the new approach of Managed Cloud Services, which we call Cloud Custodian Services. In the blog post “Managed Cloud Services: what does the future look like?" you can read more about that. Our Cloud Custodian Services are divided into three major steps: plan, ready
As a business today, there is no escape from the public cloud. It is a given these days that, to be competitive, your business needs to be in the cloud in some form or the other. But public cloud is no picnic! All major public cloud providers offer you a wealth of services and solutions for an
If you want to be competitive as a company nowadays, you have to ensure that all your processes run optimally. Of course, that's where IT comes into play. And tif we're talking about IT, you can no longer ignore the (public) cloud. All major public cloud providers (Microsoft Azure, AWS, Google