New Security Event Analysis Tools Coming to Azure!
In today’s cybersecurity landscape, it is highly important to maintain a robust security system to cover all potential breach points in your IT environment. This can present a problem in itself, however, as utilizing many different security services with their own decentralized interface can result in some alerts being missed when maintaining an Eyes on Glass1 approach to your security.
Enter Azure Sentinel, one of the newest Web Service offering on Microsoft’s cloud platform. This service is designed to consolidate the monitoring and reporting functions of your security services into a single, unified dashboard, in order to simplify management and ensure consistent oversight into IT activities.
How Does it Work?
Microsoft classifies its Sentinel service as a Security Information and Event Management (SIEM) tool, providing a dedicated application for aggregating the many alerts that may be passing through your system everyday. Sentinel in particular leverages machine learning and intelligence, which helps to more easily sort through large volumes of data to flag information that should be reviewed.
Much like Cloud App Security2, Azure Sentinel allows you to bring in data from many different security services external to the cloud environment, such as Cisco, Symantec and Palo Alto. As event data streams into the service, it is analyzed by Microsoft’s AI platform to correlate alerts into Cases related to the same security issue.
Overall, this enables security professionals to cut through the noise of false positives in large volumes of data and more clearly see important alerts. Furthermore, the service offers custom query editing to locate more specific sets of data.
This also allows managed service providers like Metro CSG to more efficiently monitor and analyze customer environments and thereby offer faster resolution to flagged activities. For example, rather than managing a customers Office 365 environment and Cisco Meraki network from two separate dashboards, Sentinel will bring data from the two platforms together for more comprehensive views into the security events occurring in the IT environment.
How does this compare to Azure Security Center?
For a platform with such a wide variety of deployable features, however, it may not be immediately clear where Sentinel fits into Azure’s bigger picture. Azure Security Center (ASC) is a key component in public cloud security but provides very different functionality that can be supplemented by Sentinel.
ASC is a software service that is designed to protect Windows based servers and installed workloads and provides monitoring for threats and attacks on that server infrastructure. The service leverages machine intelligence to quantify the defenses of a system and assist in drafting a security plan. It can, for example, determine if software is out of date or if unencrypted data is capable of being transmitted.
Azure Sentinels functionality, on the other hand, provides a centralized location for capturing data on security events and remediating issues. Azure Security Center, for example, is another service that can integrate with Sentinel to have its data analyzed. In this case, messages from ASC may be visible in the Sentinel dashboard alongside alerts from a Palo Alto firewall’s Intrusion Protection System (IPS)
In that sense, Azure Sentinel can be seen as the “Situation Room” of Azure security, the place where all important security alerts land and IT professionals are in the best place to resolve them from.
Azure Sentinel is currently in Preview now and is available for businesses to try out for free before its general release. If you think your security can benefit from better organization, this service may be for you! As Gold certified Microsoft partners, we specialize in deploying Azure based solutions and can help you to implement Sentinel as part of your infrastructure.
Notes:
1. Real-time, human review of data to analyze the status of your network and overall security.
2. Office/Microsoft 365 add-on service extending file access monitoring to third-party cloud platforms (Drive, Box, DropBox, etc.) and aggregating data monitoring into a single dashboard.