CybersecurityMicrosoft

Cybersecurity Threats: Gain Visibility to Detect Events with Microsoft Azure Sentinel

Michael WalterSteven Massengill
September 29, 2020
5 min read

Organizations spend significant time and resources determining the safest way to transition to, or maintain, a cloud environment. However, given the impact over the last six months from the COVID-19 pandemic, active phishing websites have increased by 350 percent affecting both organizations and individuals who have been hacked or have fallen for phone pleas for medical supplies, donations and other scams.

And with the initial temporary move to remote workforces now becoming more permanent, companies have been focused on ensuring productivity remains high, making sure that data is readily available while keeping data assets safe and secure.

Clearly, it is becoming increasingly important for organizations to modify the way they monitor and detect malicious or unauthorized activity. Implementing systematic controls is more crucial now than ever to help avoid falling victim.

In a recent webinar, Mandana Javaheri, global cybersecurity, compliance and identity leader at Microsoft, joined us to review why Microsoft Azure Sentinel, a cloud-native SIEM and SOAR solution, is a viable tool for many organizations looking to increase the productivity and efficiency of their security analysts and quickly detect, investigate, and respond to security threats. Leveraging Microsoft’s unmatched visibility into the threat landscape and threat intelligence, Azure Sentinel cuts the noise and identifies high fidelity alerts that are critical to the business.

Digital Transformation and Cyber Crime

Data and information are the lifeblood of any organization’s digital transformation, which unfortunately, increasingly attracts cybercriminal activity. A hardened perimeter (privileged corporate network) is, at best, a psychological security blanket. Siloed on-premises tools and datasets lack visibility, correlation, and automation. Paradoxically, adding more tools can make cybersecurity more disjointed and a business less secure. With an overwhelming sea of alerts, technical complexity, and a chronic talent shortage (over 3 million and counting), security professionals cannot be expected to solve this problem alone. On top of this, regulatory rules are constantly changing, and the cost of compliance is increasing. Over 750 regulatory bodies around the world release more than 200 updates per day, so keeping up is not easy. Since it is impossible to be compliant without first being secure, it all starts with security.

When it comes to defending against cyber attacks, consider the growing complexity of the digital estate, asking both how do we think about our assets and what must be defended against. IT organizations find themselves responsible for protecting a growing web of technologies they may not even own and which can range from user-owned mobile devices used to access corporate data to systems and devices used by partners and customers to access information. With 7 billion internet-connected devices in use worldwide (not including laptops and mobile devices), any business is dealing with multiple points of vulnerability.

Synthesizing Vast Amounts of Data in the Cloud

To be successful with threat intelligence, organizations must maintain a large, diverse set of data applied to both processes and tools. Javaheri shared Microsoft’s Intelligent Security Graph, which details the challenges in maintaining and protecting that data and how Microsoft solutions meet those challenges.

She highlighted three key areas of focus:

  • Data Collection and Analysis – The data goes through a collection and analysis phase to normalize it, apply various analytics (listed) to identify relevant security insights and findings, and publish to an internal API.
  • Products – Each of the products then access the data to provide findings, context, insight, etc. relative to that capability and then automatically feed new insights back into the graph to enrich other product findings.
  • Hunters – Additionally, human teams are constantly working with the graph to hunt for adversaries in various environments (Azure, Office 365, Microsoft IT, Windows ATP Customers, etc.) as well as creating, tuning, and validating new analytics to improve the detection overall.

Gain Visibility and Control with Microsoft Azure Sentinel

As we have discussed, most organizations are finding that protecting systems, data and users has never been more challenging. Cyber threats are growing rapidly in volume and sophistication, while a cloud-enabled and mobile workforce has restricted visibility and control. Now, more than ever, it is important for organizations to have full visibility across all cloud environments to detect security events and reduce attacker “dwell time.” Microsoft Azure Sentinel is a solution we often find is the best fit for client needs, particularly for organizations looking to gain more visibility into their technology environment, that have an immature or ineffective security monitoring program or simply do not have the necessary security operations skillset.

Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. It delivers intelligent security analytics and threat intelligence across an enterprise, providing a single solution for alert detection, threat visibility, proactive hunting and threat response. Built into the Azure portal, Sentinel is intended to quickly and easily provide visibility and insight into activity across an organization, particularly on-premises and cloud-based servers and workstations, cloud services including Azure and AWS and Microsoft’s suite of security products. Organizations leveraging cloud services from AWS and Azure, Office 365 for productivity, Cisco, Palo Alto, CyberArk, and other well-known security products are merely clicks away from aggregating and correlating logs into a single, cloud-native SIEM in Sentinel.

Azure Sentinel makes it simple to aggregate, correlate, analyze and alert on activity without the need for seasoned Security Operations professionals. Its easy-to-use interface makes the learning curve even flatter and the built-in workflow capabilities means an organization can go from no security monitoring to a fully functioning SIEM capability in a matter of just days.

It is very simple to get started using Azure Sentinel to monitor your environments and applications. First, start a Microsoft Azure Trial, open Azure Sentinel dashboard in the Portal and connect your data sources. Need help? Our Microsoft Security experts can be available to get your organization started.   Now’s the time to make sure your environments are monitored and secured.

Lastly, organizations looking to achieve broader security objectives should schedule a Microsoft Security Workshop to develop a strategic plan based on recommendations from our Microsoft cybersecurity experts.

Learn more about our Microsoft Security Solutions here.

Michael Walter

Managing Director
Security and Privacy

View all posts

Steven Massengill

Manager
Technology Consulting – Emerging Technologies

View all posts

You may also like

Subscribe to Topics

Protiviti Technology Follow

Protiviti leverages emerging technologies to innovate, while helping organizations transform and succeed by focusing on business value.

ProtivitiTech
protivititech Protiviti Technology @protivititech ·
18 Apr

Learn more about what GRC Managed Service is and what it can do for SAP S/4HANA and SAP cloud solutions in the latest #SAP Blog post. https://ow.ly/OMaL50RfsHw #ProtivitiTech

Reply on Twitter 1781035159438954997 Retweet on Twitter 1781035159438954997 Like on Twitter 1781035159438954997 Twitter 1781035159438954997
protivititech Protiviti Technology @protivititech ·
17 Apr

Protiviti is a proud sponsor of ServiceNow Knowledge 2024—a three-day conference all about #AI. Stop by our booth (#2503) to visit with our team and learn how the #ServiceNow platform makes business transformation possible. https://ow.ly/qa6p50Rh9wf

Reply on Twitter 1780627914964308382 Retweet on Twitter 1780627914964308382 Like on Twitter 1780627914964308382 Twitter 1780627914964308382
protivititech Protiviti Technology @protivititech ·
16 Apr

What is #DesignThinking? Could it help your organization? Find out how Protiviti uses it to help clients build net new applications and modernize legacy systems. https://ow.ly/fMK550Rfsoi #ProtivitiTech

Reply on Twitter 1780204913663873376 Retweet on Twitter 1780204913663873376 Like on Twitter 1780204913663873376 Twitter 1780204913663873376
protivititech Protiviti Technology @protivititech ·
15 Apr

Join our May 2 webinar designed for privacy and security professionals seeking to navigate the intricate nuances of data governance within the ever-evolving global regulatory landscape. Register today! https://ow.ly/hzrG50R4fTX #ProtivitiTech #DataPrivacy

Reply on Twitter 1779872392535212145 Retweet on Twitter 1779872392535212145 2 Like on Twitter 1779872392535212145 1 Twitter 1779872392535212145
protivititech Protiviti Technology @protivititech ·
12 Apr

The latest Technology Insights Blog post offers insight into the unique risks associated with Large Language Models (LLMs) and how to establish strategies to mitigate them. https://ow.ly/q3w550RfbXm #ProtivitiTech #TechnologyInsights

Reply on Twitter 1778890996282982442 Retweet on Twitter 1778890996282982442 Like on Twitter 1778890996282982442 Twitter 1778890996282982442
Load More