If your practice includes security operations for digitally transforming customers with hybrid or multi-cloud environments, I’ve got great news for your SecOps teams. We’ve just announced the general availability of Azure Sentinel, one of the first SIEM (Security information and event management) solution built into a public cloud platform.

Why is that important? As you enable digital transformation for your customers, mitigating threats across their entire estate with little-to-no disruption becomes more difficult in hybrid or multi-cloud environments. Existing enterprise SIEMs can’t keep pace. Their infrastructures are complex to set up and maintain, and costly to operate at cloud scale. And collecting and staying on top of all the security events data can be like finding a needle in a haystack.

That’s why 65% of organizations are leveraging new technologies for process automation/orchestration, while 51% are adopting security analytics tools featuring machine learning algorithms. ^[1]

As a born-in-the-cloud SIEM, Azure Sentinel provides a great opportunity for system integrator and service provider partners to help address the challenges of modern security operations without investing infrastructure setup and maintenance. With no patching or dealing with upgrades, your security analysts can focus on threat events, not servers. And you’ll enjoy unlimited compute and storage, and automatic scaling to increase the efficiency and effectiveness of your team while reducing IT costs.

A birds-eye view across the enterprise

With the cloud and the intelligence from decades of Microsoft security experience, your threat detection and response will get smarter and faster. And with no upfront costs for data ingestion, you can rapidly analyze large volumes of data and set alert thresholds visually based on your actual data.

Azure Sentinel is built on a proven analytics database with Azure Monitor (Formerly Azure Log Analytics) and uses native integration of Machine Learning (ML), and Microsoft’s vast threat intelligence to empower teams to rapidly spot anomalies without a mountain of false positives that wastes their valuable time.

It simplifies Security Operations Centers (SOC) tasks by providing integrated security orchestration and automation (SOAR) capabilities.

How it works

Azure Sentinel uses Azure Monitor which is built on a proven and scalable log analytics database that ingests more than 10 petabytes every day and provides a very fast query engine that can sort through millions of records in seconds. With built-in connectors for collecting data, Azure Sentinel ingests security data from a wide range of data sources including Azure, SaaS applications including Office 365, networks, and on-premises systems, Linux, Windows, Amazon Web Services (AWS), Azure, other Microsoft services, hardware. These built-in connectors also include an ever-growing list of our partners including Check Point, F5, Palo Alto, Symantec and many more.

It features native integration of Microsoft signals and support for industry standard log formats, SYSLOG, CEF, event forwarding, and API ingestion. It enables you to connect your threat intelligence data and tools to power threat detection and hunting in Azure Sentinel.

See how Azure Sentinel expedites threat hunting, incident investigation and response in this post by Steve Dispensa, Director, Cloud+AI Security.

If your customers are adopting the advanced security and compliance offerings in Microsoft 365, you’ll want to combine security data from users and end point applications with information from your infrastructure environment and third-party data to understand a complete attack. You can connect with security data from Microsoft solutions with pre-wired connections in just a few clicks, ingest Office 365 audit data for free, and analyze and draw correlations to deepen threat intelligence.

AI on your side

Azure Sentinel uses scalable machine learning algorithms based on decades of learnings from the Microsoft security team that can find, investigate and respond to the real threats in minutes, not days. These built-in models correlate millions of low-fidelity anomalies and connect the dots to present a few high-fidelity security incidents to the analyst. You can also use Azure Machine Learning to build or customize your own models.

And once you’ve solved a problem, you don’t want to keep finding the same problems over and over. Azure Sentinel provides built-in automation and orchestration with pre-defined or custom playbooks to solve repetitive tasks and to respond to threats quickly. We’ve developed a set of hunting queries and Azure Notebooks–based on Jupyter notebooks–which perform the same proactive hunting as Microsoft’s Incident Response and Threat Analysts teams. As the threat landscape evolves, we will provide new queries and Azure Notebooks via the Azure Sentinel GitHub community.

I am excited to share that Azure Sentinel is available for you now. Please view the on-demand webinar to learn more about these innovations and see real use cases on how Azure Sentinel helped detect previously undiscovered threats.

^[1] Source: ESG Research Survey, Security Analytics and Operations: Industry Trends in the Era of Cloud Computing, September 2019