Organizations spend significant time and resources determining the safest way to transition to, or maintain, a cloud environment. However, given the impact over the last six months from the COVID-19 pandemic, active phishing websites have increased by 350 percent affecting both organizations and individuals who have been hacked or have fallen for phone pleas for medical supplies, donations and other scams.
And with the initial temporary move to remote workforces now becoming more permanent, companies have been focused on ensuring productivity remains high, making sure that data is readily available while keeping data assets safe and secure.
Clearly, it is becoming increasingly important for organizations to modify the way they monitor and detect malicious or unauthorized activity. Implementing systematic controls is more crucial now than ever to help avoid falling victim.
In a recent webinar, Mandana Javaheri, global cybersecurity, compliance and identity leader at Microsoft, joined us to review why Microsoft Azure Sentinel, a cloud-native SIEM and SOAR solution, is a viable tool for many organizations looking to increase the productivity and efficiency of their security analysts and quickly detect, investigate, and respond to security threats. Leveraging Microsoft’s unmatched visibility into the threat landscape and threat intelligence, Azure Sentinel cuts the noise and identifies high fidelity alerts that are critical to the business.
Digital Transformation and Cyber Crime
Data and information are the lifeblood of any organization’s digital transformation, which unfortunately, increasingly attracts cybercriminal activity. A hardened perimeter (privileged corporate network) is, at best, a psychological security blanket. Siloed on-premises tools and datasets lack visibility, correlation, and automation. Paradoxically, adding more tools can make cybersecurity more disjointed and a business less secure. With an overwhelming sea of alerts, technical complexity, and a chronic talent shortage (over 3 million and counting), security professionals cannot be expected to solve this problem alone. On top of this, regulatory rules are constantly changing, and the cost of compliance is increasing. Over 750 regulatory bodies around the world release more than 200 updates per day, so keeping up is not easy. Since it is impossible to be compliant without first being secure, it all starts with security.
When it comes to defending against cyber attacks, consider the growing complexity of the digital estate, asking both how do we think about our assets and what must be defended against. IT organizations find themselves responsible for protecting a growing web of technologies they may not even own and which can range from user-owned mobile devices used to access corporate data to systems and devices used by partners and customers to access information. With 7 billion internet-connected devices in use worldwide (not including laptops and mobile devices), any business is dealing with multiple points of vulnerability.
Synthesizing Vast Amounts of Data in the Cloud
To be successful with threat intelligence, organizations must maintain a large, diverse set of data applied to both processes and tools. Javaheri shared Microsoft’s Intelligent Security Graph, which details the challenges in maintaining and protecting that data and how Microsoft solutions meet those challenges.
She highlighted three key areas of focus:
- Data Collection and Analysis – The data goes through a collection and analysis phase to normalize it, apply various analytics (listed) to identify relevant security insights and findings, and publish to an internal API.
- Products – Each of the products then access the data to provide findings, context, insight, etc. relative to that capability and then automatically feed new insights back into the graph to enrich other product findings.
- Hunters – Additionally, human teams are constantly working with the graph to hunt for adversaries in various environments (Azure, Office 365, Microsoft IT, Windows ATP Customers, etc.) as well as creating, tuning, and validating new analytics to improve the detection overall.
Gain Visibility and Control with Microsoft Azure Sentinel
As we have discussed, most organizations are finding that protecting systems, data and users has never been more challenging. Cyber threats are growing rapidly in volume and sophistication, while a cloud-enabled and mobile workforce has restricted visibility and control. Now, more than ever, it is important for organizations to have full visibility across all cloud environments to detect security events and reduce attacker “dwell time.” Microsoft Azure Sentinel is a solution we often find is the best fit for client needs, particularly for organizations looking to gain more visibility into their technology environment, that have an immature or ineffective security monitoring program or simply do not have the necessary security operations skillset.
Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. It delivers intelligent security analytics and threat intelligence across an enterprise, providing a single solution for alert detection, threat visibility, proactive hunting and threat response. Built into the Azure portal, Sentinel is intended to quickly and easily provide visibility and insight into activity across an organization, particularly on-premises and cloud-based servers and workstations, cloud services including Azure and AWS and Microsoft’s suite of security products. Organizations leveraging cloud services from AWS and Azure, Office 365 for productivity, Cisco, Palo Alto, CyberArk, and other well-known security products are merely clicks away from aggregating and correlating logs into a single, cloud-native SIEM in Sentinel.
Azure Sentinel makes it simple to aggregate, correlate, analyze and alert on activity without the need for seasoned Security Operations professionals. Its easy-to-use interface makes the learning curve even flatter and the built-in workflow capabilities means an organization can go from no security monitoring to a fully functioning SIEM capability in a matter of just days.
It is very simple to get started using Azure Sentinel to monitor your environments and applications. First, start a Microsoft Azure Trial, open Azure Sentinel dashboard in the Portal and connect your data sources. Need help? Our Microsoft Security experts can be available to get your organization started. Now’s the time to make sure your environments are monitored and secured.
Lastly, organizations looking to achieve broader security objectives should schedule a Microsoft Security Workshop to develop a strategic plan based on recommendations from our Microsoft cybersecurity experts.
Learn more about our Microsoft Security Solutions here.