Azure Sentinel achieves a Leader placement in Forrester Wave, with a top-ranking in Strategy.
Azure Sentinel has been instrumental for many organisations in the security and protection of their networks and users.
Forrester Research has named Microsoft Azure Sentinel as a “Leader” in The Forrester Wave™: Security Analytics Platform Providers, Q4 2020. When Azure Sentinel was released, the goal was to provide a new, innovative approach to help organisations modernise security operations as a service delivered through a major public cloud, Azure.
With the drastic changes 2020 has brought to workplaces, security operations centres (SOCs) have been faced with the challenge of maintaining the security of their organisation’s networks with a dispersed workforce. Now that users are remote working, the risk and vulnerability opportunities have increased and SOCs are required to do more with the same or even less resource. Azure Sentinel enables security teams to achieve this goal by offering an alternative to traditional on-premises solutions. The cloud-native nature of Azure Sentinel delivers transformative change to their organisation.
Azure Sentinel helps you detect and investigate threats more efficiently by harnessing AI. It uses a technique called Fusion to find threats that fly under the radar by combining low fidelity “yellow” anomalous activities into high fidelity “red” incidents. Fusion combines data from disparate data sets across both Microsoft and partner data sources, then uses graph-based machine learning and a probabilistic kill chain to produce high-fidelity alerts. This process reduces alert fatigue by 90 percent, ensuring that SecOps teams are only spending time on real, actionable alerts. Plus, with integrated automation, it further optimises your team’s time by automating responses to common tasks.
As a cloud-native SIEM, Azure Sentinel makes it easy to deploy, scale, and use. You can collect, correlate, and analyse data across users, devices, applications, and infrastructure at cloud scale—on-premises and in multiple clouds. Instead of investing time and money into inflexible infrastructure, you only pay for the resources you need.
With the increased risk to vulnerabilities with due to new remote working habits, a vital benefit of utilising Azure Sentinel, is it enables modern and advanced capabilities compared to on-premises SIEM solutions, such as Fusion to enhance your SOC capability. Security and IT teams therefore no longer need to spend time on false alerts and can spend more time on the strategic protection of the organisation. Large scale organisations have seen significant improvements in their efficiency with Azure. ASOS’ SecOps team cut issue resolution times in half and at ABM Industries, the security team reduced the number of alerts they analyse by 50%.
- User and Entity behavioral Analytics (UEBA), to pinpoint unknown and insider threats.
- The ability to build your own ML models
- Threat intelligence improvements, including threat indicator management
- Watch lists to eliminate time-consuming, manual analysis of external data sources, enabling you to correlate security events with other non-security data sources
- Many new connectors to simplify data collection
Interested in what Azure can do for your organisation?
With integrated SIEM and XDR, you get the best of both worlds. To help you take advantage of this integrated security approach, Microsoft is currently running an Azure Sentinel benefit for Microsoft 365 E5 customers.
From November 1, 2020, through May 1, 2021, Microsoft 365 E5 and Microsoft 365 E5 Security customers can get Azure credits for the cost of up to 100MB per user per month of included Microsoft 365 data ingestion into Azure Sentinel. Data sources included in this benefit include:
- Azure Active Directory (Azure AD) sign-in and audit logs
- Microsoft Cloud App Security shadow IT discovery logs
- Microsoft Information Protection logs
- Microsoft 365 advanced hunting data (including Microsoft Defender for Endpoint logs)