atech.cloud Open in urlscan Pro
2606:4700:20::681a:206  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * Home
 * Cloud Solutions
   
   CLOUD SOLUTIONS
   
    * Cloud Solutions
      
      CONSULTANCY
   
    * Cloud Solutions
      
      MIGRATION
   
    * Cloud Solutions
      
      HOSTED DESKTOP
   
    * Cloud Solutions
      
      VCIO SERVICES
   
      View All

 * Microsoft Experts
   
   MICROSOFT EXPERTS
   
    * Microsoft Experts
      
      ADVANCED SPECIALIZATION
   
    * Microsoft Experts
      
      IDENTITY
   
    * Microsoft Experts
      
      COMPLIANCE
   
    * Microsoft Experts
      
      SECURITY
   
      View All

 * Managed Services
   
   MANAGED SERVICES
   
    * Managed Services
      
      SECURITY
   
    * Managed Services
      
      INFRASTRUCTURE
   
    * Managed Services
      
      END USER COMPUTE
   
      View All

 * Case Studies
 * Why Atech
 * Resources
   
   RESOURCES
   
      Latest eGuides
   
    * eGuide
      
      DIGITAL TRANSFORMATION FOR FINANCIAL SERVICES
   
    * eGuide
      
      ACHIEVE ROI FROM YOUR CLOUD SPEND
   
    * eGuide
      
      DIGITAL TRANSFORMATION FOR NFPS
   
      View All

Contact Us Client Login
 * 
 * 
 * Privacy policy
 * T&Cs


Menu

Menu
 * Cloud Solutions
 * Microsoft Experts
 * Managed Services
 * Why Atech

 * More

Contact Us Client Login

How to build a Modern Workplace in FinServ

Modern Workplace
All Resources

Digital transformation for NFPs


Blog


WHY MICROSOFT SENTINEL SHOULD BE YOUR FIRST CHOICE FOR A SIEM 

Security

In the world of cybersecurity, the most important aspect that a Security
Operations Center (SOC) depends upon is the ‘detection of attack.’ Detection
leads to informing the team that something unusual or malicious is happening and
it should be prevented. Detections come in the form of an ‘Incident’ and the
tool used for incident management is called a SIEM (Security Information and
Event Management). There are many different SIEM providers in the market that
provide a wide array of different functionalities, a few popular ones include
Splunk, QRadar, ArcSight, LogRhythm. But in this article, we will explore the
first and to date the only cloud-based SIEM – Microsoft Sentinel!



Sentinel is Microsoft’s cloud-native SIEM solution that gets deployed in an
organisation’s Azure tenant and accessed via the Azure portal, ensuring
alignment with pre-existing organisational policies. The ability to leverage
elastic compute and storage capabilities inherent in Azure for data-intensive
applications such as SIEM is a significant advantage over premise-based log
analysis solutions. Additionally, Microsoft Sentinel can make use of
infrastructure as a service (IaaS) and platform as a service (PaaS) available in
Azure to deliver capabilities like workflow automation and long-term log
retention that are typically provided as add-on services from other SIEM
providers.



The unified integration capabilities of Microsoft Sentinel have created a buzz
in the security industry where it integrates with Microsoft 365 Defender and
Microsoft Defender to provide a unified way to manage risk in your digital
landscape under a single umbrella. Incidents, schema, and alerts can be shared
between Microsoft Sentinel and Microsoft 365 Defender, providing a holistic view
with seamless drill-down for context.



Let us take a deep dive into the world of Microsoft Sentinel and try to
understand why should Sentinel be your first choice for a SIEM.




SIMPLIFYING LOGS



Logs are an integral part of any organisation’s infrastructure. SIEMs cannot
practically perform without logs. And thus, the first deployment prerequisite of
Microsoft Sentinel is Log Analytics Workspace (LAW), where all ingested data or
logs will be stored. With Log Analytics deployed, the Microsoft Sentinel
resource is available for configuration to perform the SIEM functions. The
process of connecting Microsoft Sentinel with a LAW only requires a few clicks
because it has a friendly UI. Once connected, Microsoft Sentinel also offers you
a wide variety of log categories to choose from to ensure you are ingesting only
the data relevant to your needs. Microsoft Sentinel provides you with a highly
scalable connection with the LAW to adjust the data ingestions feasibly.




UNIFIED DATA COLLECTOR



We often encounter a common misconception among security executives and
practitioners that Microsoft Sentinel can only be used for Azure Cloud
resources. In fact, Microsoft Sentinel can be successfully used to ingest and
correlate data from a wide range of log sources located in a variety of cloud
platforms (Azure, AWS, and Google Cloud), on-premises network and compute
infrastructure, 3rd party security tools (including firewalls), or software as a
service (SaaS) applications. Microsoft Sentinel includes more than 100 data
connectors, out of the box, with the ability to create custom sources to meet
individual requirements. In addition to those, the Microsoft Sentinel community
is regularly demonstrating new use cases and data connectors that expand the
capabilities of the solution.




MICROSOFT SENTINEL IS A SOAR TOO



The main engine behind the Microsoft Sentinel automation capability is Azure
Logic Apps. In terms of cybersecurity, this capability is called Security
Orchestration and Automated Response (SOAR). Azure Logic Apps power “playbooks”
and are, effectively, a sequence of procedures that can be run in response to a
security alert. Playbooks can help automate and orchestrate response actions
that would typically be undertaken by security analysts. These can be triggered
manually or set to run automatically when specific alerts are triggered.
Additionally, automation rules allow for a more intuitive construction of SOAR
activities, providing the ability to build combinations of playbook runs and
incident updates (severity, ownership, status etc.) to match the required
output.




FOR THE LOVE OF DASHBOARDS



The Microsoft Sentinel workbooks provide a wide range of data visualisation
capabilities based on KQL queries and integration with additional Microsoft
resources (via REST APIs). Over 100 workbook templates are provided for the
typical log sources such as Azure Active Directory, Office 365, Windows Active
Directory, and third-party log sources (e.g., firewalls, SaaS). The workbooks
provide several visualisation controls (bar, pie, area, time charts),
conditional formatting, and several other features commonly found in analytical
platforms. Through regular review and feedback from the consumer reports,
workbooks can become highly effective tools.




POWER OF THREAT INTELLIGENCE



Within a SIEM solution like Microsoft Sentinel, the most used form of TI is
threat indicators, also known as Indicators of Compromise (IoCs). Threat
indicators are data that associate observed artefacts such as URLs, file hashes,
or IP addresses with known threat activity such as phishing, botnets, or
malware. In Microsoft Sentinel, you can use threat indicators to help detect
malicious activity observed in your environment and provide context to security
investigators to help inform response decisions. The most important use case for
threat indicators in Microsoft Sentinel is to power analytics rules for threat
detection. These indicator-based rules compare raw events from your data sources
against your threat indicators to detect security threats in your organisation.




WHY ATECH



Now that you know about the exceptional features of Microsoft Sentinel, let us
understand how Atech will implement and leverage these features for improving
your organisation’s security:



 * As security researchers we are continuously working on improving Threat
   Intelligence of our customers by adding and updating the IoCs from various
   trusted security forums that help prevent attacks from the new
   vulnerabilities in the market.
 * Our security analysts design and implement custom analytical
   rules that involve various MITRE techniques and tactics to improve
   the efficiency and speed of attack detections.
 * We provision custom workflow automation or playbooks
   (organisation specific) to automate the response actions per incident
   type and effectively reduce the MTTR (Mean Time To React).
 * We proactively look for security threats across your organisation’s data
   sources by developing advanced hunting queries that give us an early insight
   into events that may indicate if a compromise is in process or
   highlight vulnerable areas in your environment.



Additionally, we provide monthly and quarterly security reports that
summarise the incidents over time and display improvements in your
organisation’s security posture.



For anyone interested in improving their security posture, the security baseline
assessment would be a good place to start. Contact our team to learn more.



Yash Mudaliar, Cloud Security Engineer




AS BUSINESS PRIORITIES SHIFTED, WE PIVOTED. TRUST ATECH FOR YOUR FUTURE-READY
TECHNOLOGY.


CONTACT US

 * Home
 * Cloud Solutions
 * Microsoft Experts
 * Managed Services
 * Case Studies
 * Why Atech
 * Resources

Contact Us Client Login
Privacy policy T&Cs Social Responsibility Disclaimer



RESOURCES

Be a part of the conversation. Better tech enables better insights. Learn about
cloud services, managed security, and discover the incredible potential of
Microsoft at the heart of your organisation with updates and expertise from
Atech.

New

Blog

PREPARE FOR BATTLE – HOW CAN YOU PROTECT AGAINST LOG4J?

Security

DIGITAL TRANSFORMATION FOR FINANCIAL SERVICES



ACHIEVE ROI FROM YOUR CLOUD SPEND



Cookie policy

This site uses cookies. For more information visit our Privacy Policy
AcceptReject
Manage consent
Close

PRIVACY OVERVIEW

This website uses cookies to improve your experience while you navigate through
the website. Out of these, the cookies that are categorized as necessary are
stored on your browser as they are essential for the working of basic
functionalities of the ...
Necessary
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly.
These cookies ensure basic functionalities and security features of the website,
anonymously.

CookieDurationDescriptioncookielawinfo-checkbox-analytics11 monthsThis cookie is
set by GDPR Cookie Consent plugin. The cookie is used to store the user consent
for the cookies in the category "Analytics".cookielawinfo-checkbox-functional11
monthsThe cookie is set by GDPR cookie consent to record the user consent for
the cookies in the category "Functional".cookielawinfo-checkbox-necessary11
monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to
store the user consent for the cookies in the category
"Necessary".cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR
Cookie Consent plugin. The cookie is used to store the user consent for the
cookies in the category "Other.cookielawinfo-checkbox-performance11 monthsThis
cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the
user consent for the cookies in the category
"Performance".viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie
Consent plugin and is used to store whether or not user has consented to the use
of cookies. It does not store any personal data.

Functional
Functional
Functional cookies help to perform certain functionalities like sharing the
content of the website on social media platforms, collect feedbacks, and other
third-party features.
Performance
Performance
Performance cookies are used to understand and analyze the key performance
indexes of the website which helps in delivering a better user experience for
the visitors.
Analytics
Analytics
Analytical cookies are used to understand how visitors interact with the
website. These cookies help provide information on metrics the number of
visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and
marketing campaigns. These cookies track visitors across websites and collect
information to provide customized ads.
Others
Others
Other uncategorized cookies are those that are being analyzed and have not been
classified into a category as yet.
SAVE & ACCEPT