Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home SIEM

Microsoft Targets New Azure Sentinel SIEM for Broader MSSP Market

Azure Sentinel News Editor by Azure Sentinel News Editor
November 19, 2020
in SIEM, SOC
0
Microsoft Targets New Azure Sentinel SIEM for Broader MSSP Market
4.3kViews
1563 Shares Share on Facebook Share on Twitter

Azure Sentinel and various new security offerings showcased at Ignite.

Microsoft is extending its Azure Security Center portfolio with new offerings and integrations with various alliance partners. The new security capabilities introduced at last week’s Microsoft Ignite in Orlando include enhancements to the company’s Advanced Threat Protection service, Azure Active Directory and new Azure Sentinel Security Information and Event Management (SIEM) platform.

Azure Sentinel, first previewed earlier this year at the RSA Conference and released in late September, is Microsoft’s ambitious effort to disrupt the market for SIEM. Microsoft claims that Azure Sentinel can do so because it’s a cloud-native platform designed to give those who operate security operations centers (SOCs) a more modern approach to detecting and defending against threats. Microsoft also claims that its new SIEM uses Azure’s machine learning and AI capabilities to perform predictive analytics at a scale traditional SIEMs can’t achieve.

Early target adopters of Azure Sentinel are among the largest of global enterprises and managed security service providers (MSSPs). So far, approximately 20 MSSPs have deployed Azure Sentinel for their SOCs — among them are Accenture, Insight and Trustwave, according to Ann Johnson, corporate VP for Microsoft’s cybersecurity solutions group.

In advance of Microsoft Ignite, large global services integrator Insight announced its plans to offer managed security services with Microsoft Azure Sentinel to provide threat detection, reporting and around-the-clock monitoring of alerts provided by the new SIEM. The services will include automated notification and response. Insight also said it will use Azure Sentinel as the SIEM for its managed SOC and will offer consulting services that include enterprise assessments and solution options using the new SIEM platform.

“We are in a unique position to help clients take full advantage of Microsoft’s new SIEM and SOAR [security orchestration, automation and response] tool to improve their security analytics, respond to incidents rapidly with built-in orchestration and automation, and keep their SIEM costs under control,” according to a prepared statement by Shawn O’Grady, Insight’s SVP and general manager of its cloud and data-center transformation business.

Now that Microosft has trained some of the largest MSSPs, Johnson said the company plans to focus on regional providers. During an interview at Ignite, Johnson told Channel Futures that Azure Sentinel is well-suited to regional and small MSSPs as an alternative to on-premises SIEMs.

Microsoft’s Ann Johnson

“Because it’s a cloud-native SIEM, you actually aren’t held to the legacy environment that you have with on-premises SIEMs,” Johnson said. “For an MSSP, it provides elastic scaling up and down for their environments. Azure Sentinel also offers the ability to perform threat intelligence and global intelligence with machine learning across the cloud at global scale, and in real time, which is something that you cannot do with an on premise SIEM.”

Traditional SIEMs function primarily as log collectors, she added, arguing they never evolved beyond that to offer advanced security analytics. While offerings such as RSA Security Analytics and Splunk Enterprise Security are SIEMs that offer such capabilities, Johnson said they can’t scale to the extent Azure Sentinel can.

“MSSPs can actually provide a very elastic offering for their customers with Azure Sentinel and they’re not actually dedicating hardware to it,” she said “As a result, the margins for them improve, because they can be very elastic in scaling up and down for their customers, they can take advantage of our threat intelligence, which is on a global scale — we see a billion signals a day.”

While many partners and customers have kept their work with Azure Sentinel close to the vest, Johnson note

one of its partners is working with a very large enterprise to modernize its SOC with Azure Sentinel by migrating them from IBM.

“The partner is going to manage it as a managed SOC project,” she said.

When Microsoft released Azure Sentinel, it included connectors to nearly 200 different third-party systems from various providers who can share telemetry such as Cisco and ServiceNow. At Ignite, Microsoft announced integrations with three additional alliance partners: Barracuda, Citrix and Zscaler. Microsoft also said that it is releasing new hunting queries and machine learning-based detections to make it easier for security analysts to identify and prioritize the most notable events.

In other security-related news at Ignite, Microsoft announced:

  • Insider Risk Management for Microsoft 365 — a new capability now in preview that uses the Microsoft Graph and telemetry from other systems such as HR apps to detect potential patterns that may pose risks.
  • Microsoft Authenticator, the multifactor authentication app, is now included in the Azure AD free plan.
  • Microsoft Defender ATP: The endpoint protection and response tool for Windows is coming to MacOS. It’s now in preview, with planned support for Linux servers as well.

Reference: https://www.channelfutures.com/mssp-insider/microsoft-targets-new-azure-sentinel-siem-for-broader-mssp-market

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

With new release, CrowdStrike targets Google Cloud, Azure and container adopters
SIEM

Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

March 5, 2021
Vectra AI and Microsoft partner on security integration
SOC

How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks

March 4, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021
SOC

How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository

March 3, 2021
Next Post
Microsoft Rebrands Enterprise Security Solutions as ‘Microsoft Defender’

odix joins the Microsoft Intelligent Security Association (MISA) program extending FileWall security logs to Microsoft Azure Sentinel

CriticalStart Boosts MDR With Azure Sentinel Support

Open Systems Augments its Cybersecurity Capabilities With Acquisition of Leading Microsoft Azure Sentinel Expert

Microsoft brings endpoint & Azure security under Microsoft Defender

Microsoft brings endpoint & Azure security under Microsoft Defender

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

What’s new: Microsoft Teams connector in Public Preview

Azure Sentinel Weekly Newsletter

7 days ago
With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Improved Azure Portal View Makes Switching Between Azure Sentinel LAWs Easier

5 days ago
Microsoft improves Azure’s security to protect your business

Azure Sentinel Community – the Shortlinks

2 months ago
Azure Sentinel All-In-One Accelerator

Azure Sentinel All-In-One Accelerator

4 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

Improved Azure Portal View Makes Switching Between Azure Sentinel LAWs Easier

How to Use Azure Sentinel to Protect Against the Exchange Zero-day

How to Deploy an Analytics Rule to Azure Sentinel from the GitHub Repository

Azure Sentinel Weekly Newsletter

How to Generate Azure Sentinel Incidents for Testing

Azure Sentinel Notebooks Loses It’s Preview Tag

Trending

With new release, CrowdStrike targets Google Cloud, Azure and container adopters
SIEM

Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

by Azure Sentinel News Editor
March 5, 2021
0

Deploying collateral from our GitHub repository to your Azure Sentinel instance is very similar in that it...

Vectra AI and Microsoft partner on security integration

How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks

March 4, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository

March 3, 2021
With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Improved Azure Portal View Makes Switching Between Azure Sentinel LAWs Easier

March 3, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

How to Use Azure Sentinel to Protect Against the Exchange Zero-day

March 3, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA March 5, 2021
  • How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks March 4, 2021
  • How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository March 3, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News