28 / 10 / 2024
Azure Sentinel is Microsoft's cloud-native Security Information Event Management (SIEM) solution. This solution is Microsoft's answer to the question to make security in Azure more scalable and easier to manage. But what do you need to know about Azure Sentinel? In this blog post we provide answers to the most important questions.
Many organizations today use Microsoft 365 and are increasingly adopting the advanced security and compliance rules of Microsoft 365. At the same time, more and more companies are also using the well-secured Azure cloud to have their infrastructure and applications available 24/7.
In the ideal world you can combine the security data of users, endpoints (read: desktops, laptops, smartphones, etc.) with that of your infrastructure and applications to better understand, address and prevent possible security risks or attacks. That is now possible with Azure Sentinel.
Azure Sentinel offers companies and organizations a number of security benefits. We give you the most important:
Azure Sentinel is developed cloud-native on the scalable and high-performance Azure platform and uses multiple existing Azure services, each of which has already amply earned their spurs.
The analysis component is provided by Log Analytics, a mature service that is part of the general Azure Monitor platform. The data exploration is provided via Data Explorer and the queries use Kusto Query Language (KQL), the same language used in Log Analytics.
Data entry is done via a large number of ready-made data connectors, for services such as Office 365, Azure Active Directory (AAD), AAD Identity Protection, Azure Advanced Threat Protection, Cloud App Security and Azure Security Center, Azure Activity and Azure Information Protection and the Azure Web Application Firewall (WAF), along with Azure DNS.
But also external platforms such as Amazon Web Services (AWS), Palo Alto Networks, Cisco ASA, Check Point, Fortinet, F5, Barracuda and Symantec ICDX are supported. You can also use raw syslog data and Common Event Format (CEF) data, together with Threat Intelligence.
One of the other foundations of Azure Sentinel is Machine Learning (ML). This should help to correlate low fidelity signals with warnings with high reliability, so that analysts only have to deal with problems that really require the insight of a human person. In this way, Microsoft wants to combat “alert fatigue”, whereby security specialists no longer see the trees between the alert forest. This approach is strongly linked to automation, whereby as many of the routine tasks as possible no longer have to be checked by people.
Microsoft does not reinvent cloud security but makes smart use of the qualitative tools that the company has in house and which have already proven their services. With Azure Sentinel, it now adds a very strong management layer that, certainly for a managed cloud service provider such as Arxus, makes it even easier to better monitor the security of existing customers, to analyze it more efficiently and to intervene faster in the event of incidents.
Starting with Azure Sentinel can be done in a few steps. Naturally, every step requires a certain technical set-up. We list the most important steps for you.
If you have an Azure account, you can add Azure Sentinel to your Azure Portal. Keep in mind that you need a few things for this:
Azure Sentinel has a number of connectors to make data from certain Microsoft solutions available out of the box in real time in Azure Sentinel. These include Microsoft Threat Protection, Microsoft 365, Office 365, Azure AD, Azure ATP, Microsoft Cloud App Security, etc. In addition, there are standard connectors for the wider ecosystem of other security solutions. Once you have connected your sources, the data enters Azure Sentinel.
You can use workbooks to view data in the overview dashboard or create your own interactive dashboards, entirely from scratch or based on existing templates. In this way you gain insight into specific data sources or data that is relevant to your organization.
After you connect resources and create dashboards, you can create rules to detect threats. You can start with the out-of-the-box detection that you can easily activate via the "Rule Templates". You can then create customized rules, specifically adapted to your data, your requirements and your environment. These rules will ensure that you receive notifications when suspicious activities take place in your environment.
Azure Sentinel offers a lot of possibilities to protect your Azure environment even better. At the same time, setting up the tool correctly, creating relevant dashboards and rules requires some technical expertise.
As a managed cloud service provider, Arxus can play an important role. We can fully manage and monitor the security in your environment via Azure Sentinel, so that you only have to deal with your core business. Do you want to know more about Azure Sentinel and what it can mean for your organization? Then make sure to contact us via blog@arxus.eu
Is your IT infrastructure made up of different cloud platforms? Or do you still have some on-prem servers running? Then Azure Arc is the perfect tool for you! It allows you to manage your entire hybrid or multi-cloud environment in the blink of an eye, from one central location. Want to find out
Microsoft has announced that as of Sept. 30, 2025, they will no longer support default outbound connectivity for virtual machines (VMs) and scale sets. And that obviously has significant implications for users who currently (still) rely on it. Wondering why Microsoft made this decision? And what
Trying to keep track of new architectures and technologies? That can surely be overwhelming. Especially with the growing amount of options these days. One of most recent additions to that list is SASE. But what is it exactly? What are the key components? And how can you adopt this new framework?
.svg)