Azure Sentinel is Microsoft’s security information event management platform (SIEM). This technology empowers your organization to get a birds-eye view across your enterprise to detect, investigate, and respond to security threats quicker.
What is Sentinel and how did we get here
In a recent Gartner study Microsoft was a leader in many areas of security. Beyond this, Azure is the number one trusted cloud platform with its large number of compliance offerings. However, with their sub-brand of Defender security products there was a gap in Microsoft’s stack of services, they recognized the need for a true SIEM. With the development of Sentinel, they now have tooling to aggregate, correlate, and act on disparate events from both 1st party and 3rd party security products allowing them to tell a more conclusive story on securing the enterprise.
From a high-level, Azure Sentinel is a Platform as a Service (PaaS) that runs on top of Azure’s log aggregator or Log Analytics Workspace. Sentinel is a resource deployed in your Azure environment and managed through the Azure Portal. This layered functionality incorporates existing functionality that collect logs in Azure and layers on additional functionality like integrated API’s for easier data ingestion, threat detection/investigation leveraging AI, and automatic response to said threats.
Planet Technologies is offering a free Demo of Azure Sentinel for organizations interested in learning more about the benefits of and/or deploying Azure Sentinel.
Figure 1: Azure Sentinel in a hybrid environment