Prior to the inauguration of 2019 RSA Conference (going on this week), Microsoft had announced the preview release of a new cloud-based security service: Azure Sentinel. Azure Sentinel will help users in identifying and preventing threats as well as managing their cyber defenses more efficiently. A large number of organizations and industries could bolster their data protection measures by getting assistance from the security experts of the software giant.
A preview of Azure Sentinel was made available for customers last week. Categorized as a Security Information and Event Management (SIEM) tool, Microsoft claims that Sentinel is the first of its type in Cloud. This innovative service uses artificial intelligence to scrutinize data for detecting threats. It allows customers to borrow computing powers from Microsoft to crunch the information instead of purchasing and maintaining expensive servers.
Azure Sentinel will help you deliver cloud-native security operations as mentioned below:
- Easily gather data across your enterprise: Using Azure Sentinel, you can aggregate all security data. For example, you can download a customer’s Office cloud data and combine it with security information to find threats. Azure Sentinel can be integrated with Microsoft Graph Security API, which enables you to import your own threat intelligence feeds. So, you can customize threat detection and alert rules.
- AI power to analyze and identify threats quickly: Sentinel uses highly scalable machine learning algorithms to associate a large number of low fidelity anomalies to present a few high fidelity security incidents to the analyst. Using machine learning, you can quickly derive values from large amounts of security data that you have consumed, thus helping you easily connect the dots. Azure Sentinel has the ability to connect to user activity and behavior data from Microsoft 365 security products. This information can be used in combination with other sources to gain better visibility into an entire attack sequence.
- Track any suspicious activities: By using graphical and AI-based investigation, you can reduce the time taken to understand the entire scope of an attack and its impact on your whole system. It’s possible to automate the process by which SecOps collect and analyze data (which is a repeatable process). Azure Sentinel provides capabilities that enable you to automate your analysis by building hunting queries and Azure Notebooks (based on Jupyter notebooks). Microsoft has developed a set of queries and Azure Notebooks based on proactive hunting performed by their Incident Response and Threat Analysts teams. The queries and Azure Notebooks will evolve along with the threat landscape.
- Automate repetitive tasks and threat response: AI obviously sharpens your focus on discovering problems. But once you solve a particular kind of issue, you don’t expect to keep finding the same problems again and again. Azure Sentinel provides built-in automation and orchestration with pre-defined or custom playbooks to solve repetitive tasks and to respond to threats quickly. It can enhance the existing enterprise defense and tools used for probe including security products, native tools, various applications like workflow management systems or HR management applications.
Azure Sentinel offers scalable, cloud-based intelligent security analytics for your entire enterprise. Most of the traditional SIEMS have proven to be expensive to own and operate, and requires you to pay upfront and incur high cost for infrastructure maintenance and data ingestion. With Azure Sentinel there are no upfront costs, you pay for what you use.
Read more about Azure Sentinel in this blog post.