The announcement of Azure Sentinel moving to general availability marks an important landmark in Microsoft’s work with Security Information and Event Management (SIEM) for the cloud.
Azure Sentinel allows enterprises worldwide to keep pace with the growth of security data and importance of security outcomes without having to add analyst resources or hardware and operation expenses.
Here are just some of the key features you will find in Azure Sentinel.
Collect and analyze huge volumes of security data
Azure Sentinel is designed to improve security for the whole enterprise. With a multitude of data sources only a click away and a long list of third-party connecters it is easier than ever to take in and analyze data across the digital estate.
Apply analytics to detect threats
You can create your own alerts or choose from over 100 built-in alert rules. Also in preview, are two Machine Learning approaches offering a simple way to use AI to detect threats.
Expedite hunting, investigation, and response
Azure Sentinel reduces time-consuming tasks for Security Operations Centres, particularly proactive threat hunting. The rich hunting interface includes a large collection of hunting queries, exploratory queries and python libraries.
Build on existing expertise
Make use of the over 400 detection, exploratory and hunting queries contained in the Azure Sentinel GitHub. Along with Python libraries, Azure Notebook samplers and playbook samples.
Support managed Security Services Providers
A breakthrough for managed security services providers (MSSPs) is the ability to use Azure Lighthouse along with Azure Sentinel. This means it can be viewed for multiple tenants without needing to navigate between them.
Find out more
Watch the full overview video here: https://azure.microsoft.com/en-us/resources/videos/introducing-microsoft-azure-sentinel/
Check out our work with Azure here: https://ballardchalmers.com/technology/azure/