Introducing Azure Sentinel: The World’s First Cloud-Native Security Solution

  • QUANTUM SECURITY BLOG

The COVID-19 pandemic has pushed organisations to speed up their digital transformation initiatives. One of the key initiatives is migrating important information to the cloud, as more and more companies globally leaping on the cloud migration bandwagon in 2020. According to IDC, worldwide public cloud computing expenditure has soared from $67B in 2015 to $162B in 2020, with a Compound Annual Growth Rate (CAGR) of 19%. In terms of cloud computing, the Southeast Asia region is projected to have one of the strongest market revenue growth, reaching $40.32B by 2025. This figure is made possible by the region’s small to medium organisations’ involvement as well. Therefore, a robust, secure cloud environment for these organisations is now more crucial than ever.

In response to the growing demand for a secure cloud environment, Microsoft has developed Azure Sentinel on Feb 28, 2019. Azure Sentinel is the first cloud-native solution that combines SIEM (Security Information and Event Manager) and SOAR (Security Orchestration Automated Response). 

Microsoft categorises four core features of Azure Sentinel, which are collect, detect, investigate, and respond. Firstly, it collects data at a cloud-scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds. MS Azure Sentinel can detect unusual suspicious events and threats even before they have triggered the help of machine learning and threat intelligence from Microsoft.

The cloud-native security solution permits you to investigate dubious potential risks using artificial intelligence at a cloud-scale from each user to any device associated with the cloud environment. For example, suppose a user has failed their authentication numerous times. In that case, Azure Sentinel can alert the IT admin about the possibility of this particular user account compromised. Prompting swift and targeted responses to prevent a breach in the system. In terms of response, the SOAR technology allows Azure Sentinel to preconfigure actions that will automatically be triggered if there is a threat occurring, allowing Sentinel to automatically respond to threats without the need of an IT admin.  

Due to the increasing demand in cloud migration, businesses with sensitive data on their cloud infrastructure can no longer deny that a reliable cloud-native security solution has become necessary. Azure Sentinel offers organisations a formidable hunting search and query tool based on the MITRE ATT&CK framework—thus enabling organisations to proactively hunt for security threats within the organisation’s cloud and allow them to identify the threat before it breaches their system.

Organisations can utilise Azure Sentinel’s investigation tools to find the root source of a potential threat, allowing them to see that particular entity and the connection to the threat. Azure Sentinel’s powerful analytics tools, with machine learning, enable organisations to minimise the number of alerts by automating everyday tasks and threat response, thus allowing IT admins to focus on business operations. Sentinel would allow organisations to securely connect all of their data by integrating other Microsoft security applications such as Microsoft Defender, Microsoft Cloud App Security, Microsoft 365 Defender, Microsoft Intune, and countless more.  

If you are looking for a qualified professional to integrate your organisation’s cloud infrastructure with Microsoft Azure Sentinel, feel free to reach our experts at Quantum. Our experienced CISO will be happy to learn about your requirements and help you obtain one of the latest and most comprehensive cloud security solutions in the world.