Often the purpose of a Security Information & Event Management software product (SIEM) like Microsoft's Azure Sentinel can be misunderstood. In this blog, Azure Sentinel will be discussed in terms of capabilities and importance for CMMC compliance and an ideal cloud security strategy.
Azure Sentinel became generally available on March 13, 2020, and charges for the service started April 1, 2020.
Sentinel is a Security Information & Event Management software product (SIEM)
Sentinel can pull log data at no cost for Incident Response from AWS CloudTrail, Azure Activity Logs, Office 365/Microsoft 365 Audit Logs (all SharePoint activity and Exchange admin activity) and alerts from Microsoft Threat Protection products (Azure Security Center, Office 365 ATP, Azure ATP, Microsoft Defender ATP, Microsoft Cloud App Security, Azure Information Protection).
Logs can also come from other sources:
Many organizations following security best practices were likely using Azure Security Center (ASC) as an alerting tool prior, Azure Sentinel takes these alerts from ASC, other 3rd Party data sources, and custom applications to provide a single pane of glass across your organization. The following dashboard can highlight common alerts, threats by region, and more.
Once a decision is made on which SIEM tool to purchase, IT and security leadership need to grasp several data points.
These questions will determine overall costs on a reoccurring basis, and some can be complicated due to risk, business, and compliance variables. For example, retention beyond 90 days will incur a fee for Azure Sentinel, yet NISPOM requires 1 year log data retention for some companies and the data they manage. Up front installation and implementation costs also need to be considered, regardless of using internal or external resources.
The key benefits of Azure Sentinel:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.