Article Azure Sentinel is a SIEM and SOAR solution

Security has never been easy, per se, but it has never been more complicated than it is today. Enterprise IT environments often span multiple on-premises and cloud platforms, with growing data volumes. Users requiring access hail from internal, external, and partner groups. Increasing mobility and Internet of Things (IoT) further widen the footprint of an IT ecosystem. Anywhere data goes — which is nearly everywhere these days — cyberthreats lurk.

For every threat, there’s a vendor with a point solution offering specific protections. It’s up to IT and security teams to make wise decisions about which solutions they acquire and how to manage them. Of course, given the complexity of most IT environments and the overall threatscape, businesses can wind up with an unmanageable number of point solutions to monitor and maintain.

In a heterogeneous environment there is likely a mix of solutions from a wide range of technology vendors including an alphabet soup of acronyms: IAM, EDR, NGFW, SIEM, SOAR, CASB, CSPM, etc. International Data Corporation (IDC) forecasts that worldwide spending on security solutions will achieve a Compound Annual Growth Rate (CAGR) of 9.2% over the 2018–2022 forecast period and total $133.8 billion in 2022. This fact cruelly overshadows a persistent gap in security skills. In an ESG/ISSA research report, 74% of respondents said that the cybersecurity skills shortage has impacted their organizations significantly or somewhat.

Clarion call, answered?

Given this landscape, it’s no wonder that we were intrigued to learn of a new kind of security offering from Microsoft. Azure Sentinel is a Security Information and Event Management (SIEM) and Security Orchestration Automation and Response (SOAR) solution built as a cloud service that is scalable and evergreen. By collecting security data across the entire hybrid enterprise — including users, devices, applications, and infrastructure deployed on-premises and in multiple clouds — and using built-in Artificial Intelligence (AI), Azure Sentinel is able to quickly and accurately identify security threats.

Microsoft has made this an attractive solution due to the potential cost savings it offers, compared to traditional SIEM platforms, and for the integration it provides. Azure Sentinel can work alongside any existing SIEM and SOAR solution, complements other Microsoft protection tools (in Azure, Microsoft 365, etc.), and integrates with many third-party solutions that can transmit syslog data into Azure Log Analytics.

Organizations can expect Azure Sentinel to deliver the following benefits:

Azure Sentinel is quick and relatively easy to deploy.

• For those without an existing SIEM, a greenfield approach is very straightforward.
• IT organizations limited to log collection only can easily redirect their logs to a new instance of Azure Sentinel and start analyzing data for proactive and reactive cyberthreat hunting.

Azure Sentinel is flexible and scalable.

• A platform built for cloud scale at per-GB pricing, Azure Sentinel lets you avoid sending logs from cloud back to on-prem storage and allows you to scale dynamically to adjust to changes in workload or compliance requirements.

Azure Sentinel is cost-effective.

• Receive greater discounts the more that’s consumed. Azure Sentinel has no upfront costs and eliminates the expense and setup of traditional hardware-based SIEMs. Also, those with other Microsoft security tools will gain a central point of logging with a free solution, in many cases.

How to get started

The release of Azure Sentinel has come at a moment when many organizations’ requirements are changing… it’s time for a new approach. Azure Sentinel offers a great opportunity to redesign the Security Operations Center (SOC).

Assessing the current state of your security architecture is a good place to begin. A thorough discovery should include identifying all capabilities, technologies, processes, dependencies, and requirements. You’ll want to ensure any new solution will be able to integrate with existing investments. Cost analyses should be performed as well as business justification for both the technology being deployed and the resources needed to ensure appropriate change management. Once in place, Azure Sentinel needs monitoring and attention to maximize its value.

To help organizations capitalize on Azure Sentinel, Insight has two new offerings:

• Services for Azure Sentinel — Assessment, cost analysis, solution design, and migration.
• Managed Security — Ongoing monitoring and incident remediation for the entire IT environment, powered by analysts, threat hunters, and Azure Sentinel.

• Insight engages with organizations of all sizes and complexities, in all industries, all over the world. As an independent integrator, we’re free to recommend the best solution for a given company and set of requirements. We’re also a long-standing Microsoft partner of more than 25 years, an Azure Expert Managed Services Provider (MSP), and a top global partner with 18 Gold and Silver competencies. Learn more about our security services with Azure Sentinel by viewing the press release or contact us today to discuss your objectives.