By Insight Editor / 27 Jan 2020 / Topics: Featured Cloud Microsoft Azure
Security has never been easy, per se, but it has never been more complicated than it is today. Enterprise IT environments often span multiple on-premises and cloud platforms, with growing data volumes. Users requiring access hail from internal, external, and partner groups. Increasing mobility and Internet of Things (IoT) further widen the footprint of an IT ecosystem. Anywhere data goes — which is nearly everywhere these days — cyberthreats lurk.
For every threat, there’s a vendor with a point solution offering specific protections. It’s up to IT and security teams to make wise decisions about which solutions they acquire and how to manage them. Of course, given the complexity of most IT environments and the overall threatscape, businesses can wind up with an unmanageable number of point solutions to monitor and maintain.
In a heterogeneous environment there is likely a mix of solutions from a wide range of technology vendors including an alphabet soup of acronyms: IAM, EDR, NGFW, SIEM, SOAR, CASB, CSPM, etc. International Data Corporation (IDC) forecasts that worldwide spending on security solutions will achieve a Compound Annual Growth Rate (CAGR) of 9.2% over the 2018–2022 forecast period and total $133.8 billion in 2022. This fact cruelly overshadows a persistent gap in security skills. In an ESG/ISSA research report, 74% of respondents said that the cybersecurity skills shortage has impacted their organizations significantly or somewhat.
Given this landscape, it’s no wonder that we were intrigued to learn of a new kind of security offering from Microsoft. Azure Sentinel is a Security Information and Event Management (SIEM) and Security Orchestration Automation and Response (SOAR) solution built as a cloud service that is scalable and evergreen. By collecting security data across the entire hybrid enterprise — including users, devices, applications, and infrastructure deployed on-premises and in multiple clouds — and using built-in Artificial Intelligence (AI), Azure Sentinel is able to quickly and accurately identify security threats.
Microsoft has made this an attractive solution due to the potential cost savings it offers, compared to traditional SIEM platforms, and for the integration it provides. Azure Sentinel can work alongside any existing SIEM and SOAR solution, complements other Microsoft protection tools (in Azure, Microsoft 365, etc.), and integrates with many third-party solutions that can transmit syslog data into Azure Log Analytics.
The release of Azure Sentinel has come at a moment when many organizations’ requirements are changing… it’s time for a new approach. Azure Sentinel offers a great opportunity to redesign the Security Operations Center (SOC).
Assessing the current state of your security architecture is a good place to begin. A thorough discovery should include identifying all capabilities, technologies, processes, dependencies, and requirements. You’ll want to ensure any new solution will be able to integrate with existing investments. Cost analyses should be performed as well as business justification for both the technology being deployed and the resources needed to ensure appropriate change management. Once in place, Azure Sentinel needs monitoring and attention to maximize its value.
Insight engages with organizations of all sizes and complexities, in all industries, all over the world. As an independent integrator, we’re free to recommend the best solution for a given company and set of requirements. We’re also a long-standing Microsoft partner of more than 25 years, an Azure Expert Managed Services Provider (MSP), and a top global partner with 18 Gold and Silver competencies. Learn more about our security services with Azure Sentinel by viewing the press release or contact us today to discuss your objectives.