If you want to learn more about Microsoft Azure Sentinel and how it can help protect your organization, read this guide that will give your all the information you need to understand what is a SIEM/SOAR, what is Azure Sentinel, how to deploy it, etc.

 

Table of Contents

  1. Introduction
  2. What is SIEM and SOAR?
  3. What is Azure Sentinel?
  4. Azure Sentinel Pricing
  5. Log Analytics and Azure Sentinel Overview
  6. Deep Dive and Deployment
    1. Workspace
    2. Data Connectors
    3. Analytics Rules
    4. Hunting Rules
    5. Workbooks
    6. Automation
    7. Threat Intelligence
    8. Entity Behavior
  7. Extra sources of Information

1. Introduction

Everything resides on the Internet now a days, whether it is some private photos or intellectual company information. With all of the benefits in the world that Internet has brought us, it came with lots of threats and dangers as well. Cyberthreats and Cybersecurity has become one of the most hot topics where large organizations spend millions and billions of Dollars just to stay protected out there. Hackers attack every 39 seconds i.e.  2,244 times a day. 300,000+ new malware is created every day. Cybercrime is more profitable than the global illegal drug trade. The average data breach now costs up to $3.92 million. 80% of hackers say “Humans are the most responsible for security breaches”. 43% of cyberattacks target small businesses. On average, companies take about 197 days to identity and 69 days to contain a breach. Hackers steal 75 identities every second.

Microsoft alone spends around 1 Billion Dollars on just Security. Global Cybersecurity spending has been predicted to exceed 1 Trillion $ as per this Magazine Aritcle. All this spending is just done to secure ourselves from the threat out there. There is at least 1,200 Petabytes (1.2 Million Terabytes ) sum total of data stored in just between Google, Amazon, Microsoft and Facebook. It is impossible to manually look at all that data all the time and keep it secure. This is where a SIEM and a SOAR solution comes in and helps us stay secure.

2. What is SIEM and SOAR?

It is impossible for a company or an individual to manually keep a check on all the logs that are getting generated daily. Security Information and Event Management (SIEM) solutions play an important role in capturing all the data and offering a comprehensive view of an enterprise’s information security.

SIEM combines two technologies:- Security Information Management (SIM) and Security Event Management (SEM). SIM collects all the data and logs to conduct analysis and reports on cybersecurity threats and events. SEM is real-time monitoring and conducts co-relation between all the logs and events.

SOAR is an acronym for Security Orchestration, Automation and Response. SIEM generates endless number of alerts and incidents. It is really tough for the security analysts to manually look into them and manage all the cases. SOAR helps the organizations to design workflows and introduce playbooks to respond to security threats. They provide the automation capability that is much needed in today’s world to be efficient.

Some of the SIEM and SOAR solutions out there are:

  1. Azure Sentinel
  2. LogRhthm
  3. Splunk
  4. LogPoint
  5. FireEye
  6. Exabeam

In this post we will be deep diving into Microsoft Azure Sentinel.

 

3. What is Azure Sentinel?

Azure Sentinel is Microsoft’s Security Infromation Event Management (SIEM) and Security Orchestration Automated Response (SOAR) solution. It is scalable and cloud-native. Azure Sentinel provide smart security analytics and threat intelligence across the organization. It provides a single hub for threat visibility, alert detection, threat response and proactive hunting. Azure Sentinel provides advance SIEM and SOAR capabilities that every organization need to be secure out there. It is able to collect data at cloud scale across all devices, applications, users and infrastructure, both in multiple clouds and on-premise.

Read more

 

Written By:

Samant Jaitli

Samant is a Microsoft Security Consultant at Softlanding. He is a Microsoft Certified DevOPS Engineer and Microsoft Certified O365 Enterprise Administrator Expert. Samant has extensive experience working with Microsoft Security Stack with clients ranging from small to large scale. He is proficient in deploying, managing, tuning and analysing Microsoft Azure Sentinel as a SIEM and a SOAR, Microsoft Defender ATP, Azure ATP and Microsoft Cloud App Security.

More By This Author