Credit to Author: Jim Flack| Date: Thu, 09 Jul 2020 20:00:51 +0000
Microsoft Azure Sentinel is the first Security Incident and Event Management (SIEM) solution built into a major public cloud platform that delivers intelligent security analytics across enterprise environments and offers automatic scalability to meet changing needs. This new white paper outlines best practice recommendations for configuring data sources for Azure Sentinel, using Azure Sentinel during incident response, and proactively hunting for threats using Azure Sentinel.
Research shows that, on average, 44% of security alerts that are raised by security solutions go uninvestigated. Organizations simply lack the time, tools, and talent to investigate and correlate every single alert. In many cases this results in a focus on alerts that are flagged as “critical” or “very important” and lower severity alerts are ignored. However, experience shows that investigating those lower severity alerts – and how they may be correlated to show more worrying combinations of actions – can reveal attacker behaviors that would otherwise fly under the radar.
Azure Sentinel is an incredibly powerful tool that can help you collect security data across your entire hybrid organization from devices, users, apps, servers, and any cloud. Using these data sources you can build a more complete picture of the threats that your organization faces, conduct deep threat hunts across your environment, and use the power of automation and orchestration in the cloud to help free up your security analysts to focus on their highest-value tasks.
Traditional SIEMs have proven to be expensive to own and operate, often requiring you to commit up front and incur high cost for infrastructure maintenance and data ingestion. Azure Sentinel provides you with SIEM-as-a-service and SOAR-as-a-service for the SOC: your birds-eye view across the enterprise; putting the cloud and large-scale intelligence from decades of Microsoft security experience to work. Following the best practices outlined within this white paper will help you eliminate security infrastructure setup and maintenance and provide you with scalability to meet your security needs— all while reducing costs and increasing visibility and control.
For more information on Microsoft Security Solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.