Microsoft has announced the general availability of its cloud-native security information and event management (SIEM) solution this week.
Azure Sentinel provides intelligent security analytics through the cloud for enterprises, designed to address the modern challenges of security analytics.
The solution, which first launched as a public preview earlier this year, gleaned feedback from 12000 customers and analysed two petabytes of data. Microsoft says that the feedback and data had a common theme: Defenders needed the ability to be nimble and efficient in their cybersecurity.
According to Microsoft cybersecurity solutions group corporate vice president Ann Johnson, traditional SIEM solutions simply have not kept up with digital changes.
“I commonly hear from customers that they're spending more time with deployment and maintenance of SIEM solutions, which leaves them unable to properly handle the volume of data or the agility of adversaries,” says Johnson.
Enterprises anchor their security operations with SIEM systems. More are also turning to machine learning algorithms as part of their analytics tools.
“Traditional on-premises SIEMs require a combination of infrastructure costs and software costs, all paired with annual commitments or inflexible contracts. We are removing those pain points, since Azure Sentinel is a cost-effective, cloud-native SIEM with predictable billing and flexible commitments,” explains Johnson.
Fashion retailer ASOS is one customer that deployed Azure Sentinel, which integrates data from Azure Active Directory, Azure Security Center, and Microsoft 365. It can now spot threats early and cut issue resolution times in half.
“There are a lot of threats out there,” comments ASOS cyber security operations lead Stuart Gregg.
“You've got insider threats, account compromise, threats to our website and customer data, even physical security threats. We're constantly trying to defend ourselves and be more proactive in everything we do.
Greg says ASOS found that Azure Sentinel was easy to set up and now provides data in one single system, rather than separate systems.
“We can literally click a few buttons and all our security solutions feed data into Azure Sentinel.
Microsoft is also continuing to innovate in Azure Sentinel, with the core ability to connect to any data source, no matter where it is located.
“We continue to add new connectors to different sources and more machine learning-based detections,” says Johnson.
“Azure Sentinel will also integrate with Azure Lighthouse service, which will enable service providers and enterprise customers with the ability to view Azure Sentinel instances across different tenants in Azure.