![]() ![]() For example, a 'Data Source anomalies' dashboard tile is active out of the box across all your data types (center right in Figure 2). ML is an area of hybrid cloud integration that Microsoft excels in and in this manner cloud security customers can share in the benefit. Microsoft has an amazingly rich amount of Machine Learning (ML) baked into Azure Sentinel. Running on top of familiar and cloud-proven technologies like Azure Logic Apps, Machine Leaning (ML), and the Kusto query language used by Azure Log Analytics, the "plus" pieces are found in the Threat management menus of the Azure Sentinel Overview page:įigure 1 - Overview page of Azure Sentinel (left side)īe an early adopter of Machine Learning applied to security operations Azure Sentinel provides a framework that is robust and scalable enough so as to appeal to enterprise customers seeking the best value in cloud-based SIEM services. Now it seems Microsoft has been working on, and is now ready to share with the public, the "plus" service they have built on top of what was already in Azure. (See my previous blog post Azure Monitoring as a Data Provider to Your SIEM.) Not including security data about Azure AD and Office 365 activity would introduce a big blind spot in corporate SIEMs that traditionally have monitored on-premises directory logins. This made sense because every large enterprise has a SIEM or SIEM-equivalent with often a high investment in a particular SIEM vendor or open source technology. security professionals in recent years have looked at various Microsoft Azure services and components (like Log Analytics, Azure Security Center, and Azure Monitor) and asked: 'Does Microsoft have a SIEM, because it seems like all those pieces add up to one?' The answer has been that Microsoft cloud monitoring products were designed to provide input to customer SIEMs. Familiar technologies with new Threat Management tools and workflow A finding could be that a pivot to the Microsoft SIEM would increase security, simplify compliance, and dramatically reduce the cost of enterprise security management. For hybrid cloud customers already vested in Office 365 and Azure Active Directory, the integration of cloud identity management and security analytics with Azure Sentinel can be piloted with production data at virtually no charge. ![]() The economic motivation: popular cloud-based Enterprise SIEM services (Security information and event management) are among the most expensive and business critical cloud services large and high-value organizations contract for. A key reason: during the Public Preview period Azure Sentinel services are provided at no extra charge. 2019 is the year to invest in learning about Azure Sentinel.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |