As infrastructures get ever more complex, managing security becomes a significant issue. Alerts and logs are coming from many different systems, in as many different formats, and it’s important that the right information is delivered to the right person in order to make the right decision to prevent a security breach.
That ‘right time’ information model is critical, and it needs tooling that can bring all these information sources and events into one place. Security Information and Event Management, SIEM, is a rapidly growing part of the enterprise security market, building and delivering smart security dashboards that analyse and prioritise these messages, using a mix of log file analysis and machine learning. In a complex threat environment, modern data centres need a SIEM to operate effectively, sat next to your application and network monitoring tools and helping manage your response to incidents and warnings.
However, there’s a problem when it comes to cloud infrastructures: you may not have full visibility into all the elements of your environment, especially if you’re building on top of service and platform elements. Someone has the information that’s needed to secure your applications, but in many cases that isn’t you — it’s someone in the hyperscale cloud’s network operations centre.
Introducing Azure Sentinel
Microsoft recently launched Azure Sentinel, its approach to modern SIEM. Working across on-premises and in-cloud infrastructure, it’s intended to be easy to set up, low maintenance, and easy to use. By building on cloud-scale data collection, and on Microsoft’s own threat detection tools, Azure Sentinel can automate response using orchestration across your entire estate. It’s software-as-a-service so it’s scalable, and you only pay for the resources you use.