Strengthen Security And Improve Team Productivity: A look into Azure Sentinel

Katie John
Cloud security analytics

I’m not a deeply technical person. Within my roles at Connection, I helped IT procurement teams by providing clarity around the licensing and purchasing vehicles of the solution being implemented, while other teams provided guidance around the technical aspects of the solution itself. However, I really wanted to better understand these solutions on both a more technical and practical use case level. Organizations of all sizes across all verticals face more significant challenges than ever in a rapidly evolving modern workplace environment. I wanted more knowledge of how Microsoft’s products could address those challenges and solve our customers’ problems.

I’ve read and researched everything I could get my hands on about the subject. I found such great content on Microsoft’s security products and services in Azure. But, if I’m being completely honest, I still felt a bit shaky in my understanding of the cloud solution, even after reading all the whitepapers, documentation, and training guides. It seemed like a lot of theory and abstract concepts on a page, and It definitely didn’t capture my imagination. I couldn’t visualize many of the Azure security solutions in a real-world scenario, until I turned to one of Connection’s amazing Solution Architects. I asked for help, and he was so gracious and willing to take the time to share his knowledge in a way that made sense to me. He clearly articulated the Azure Sentinel solution and provided me with some fascinating real-world examples of how Azure has solved some difficult, yet commonly shared customer challenges. Now I was captivated!

Whether you’re the head of a dedicated Security Operations (SecOps) team for a large enterprise or you’re wearing all the hats in a one-person IT department, you’re likely already stretched thin trying to keep many network security “spinning plates” in the air—even before COVID hit. Now you’ve probably taken several giant leaps forward into a remote workforce model that has disrupted your traditional perimeter security infrastructure and added quite a few more spinning plates to challenge your bandwidth and resources as you race to adapt.

A Security Virtual Assistant by Your Side

Azure Sentinel is essentially a Security Information Event Management (SIEM) solution, re-invented. It automates so many of your spinning plates in such a brilliant way, without ever threatening the need for human intelligence or replacing human decision making. Imagine being able to automate all your busy work and having time in your day for the more purpose-driven innovation that inspired you to pursue a career in IT in the first place. Sentinel is a virtual digital assistant for security that provides a birds-eye view across your entire enterprise. Through a single pane-of-glass dashboard, you can see the automated remediation, based on the directives you choose. This dashboard is built on the Azure platform and collects data across your entire organization, analyzes this data, provides insights, detects threats, and helps you respond to those threats with built-in automation and orchestration.

Most SIEM solutions traditionally consist of various best-of-breed products, all bolted together and each with their own portal and dashboard. These solutions often result in too many tools, policy configurations, and consoles—and too much time and sheer labor to manage them all. You may have experienced delayed responses to threat reports due to team resource bandwidth, threat-alert fatigue, missed notices in one of your many dashboards, or configuration errors.

What captured me about Azure Sentinel is how scalable it is and how it can meet you right at your point of need. It’s a very agile and comprehensive security tool that may allow a small- or medium-size business to implement a SIEM solution for the very first time, and only pay for exactly what they need. At the same time, Microsoft has made it very easy to integrate this 100% cloud-native solution with an existing legacy SIEM solution to fill the gap and provide needed efficiency improvements. Azure Sentinel can automatically respond to threats and events by following the best of breed playbooks in the partner community and automating your common scenarios, while still providing you with one single dashboard to manage. There is no need to rip and replace. And as your organization grows through merger or acquisition, which often bring various new devices, platforms, and pre-existing infrastructure into your environment, Sentinel can integrate each one and maintain a unified solution.

Sentinel’s Impact On Your Bottom Line

I recently read through the results of a Forrester report on the total economic impact of Azure Sentinel, and based on what I know of Sentinel, I wasn’t surprised!

The study revealed that Sentinel delivers:

  • A three-year 201 % return on investment (ROI) with a payback period of less than six months
  • A 48 % reduction in costs compared to legacy SIEM solutions, saving on expenses like licensing, storage, and infrastructure costs
  • A 79 % reduction in false positives and 80 % reduction in the amount of labor associated with investigation, reducing mean time to resolution (MTTR) over three years
  • Reduced management efforts by 56 %, saving $1.2 million
  • A 67 % decrease in time to deployment compared to legacy on-premises SIEMs

Our Connection Solution Architects and Azure Managed Services Teams have helped many customers craft a complete solution with products—including Microsoft 365 Defender and various Defender XDR solutions, Azure Sentinel, Azure Secure Score, and Power Platform—all working together to detect and remediate threats and improve data quality.

To help you take advantage of this integrated security approach, Microsoft is offering a new Azure Sentinel benefit for Microsoft 365 E5 customers. From November 1–May 1, 2021, new and existing Microsoft 365 E5 and Microsoft 365 E5 Security customers with an Enterprise Agreement (EA) or Enterprise Agreement Subscription (EAS) can get Azure credits for the cost of up to 100MB per user, per month of included Microsoft 365 data ingestion into Azure Sentinel. Plus, you can begin accruing credits in your first month of eligibility. You can learn more about the offer here.

Contact an Account Manager today for more information. The Account Manager will engage our Microsoft specialists, Solution Architects, and Azure Managed Services Teams to answer your questions, no matter what your technical knowledge level is, in much the same caring and truly helpful way they did for me. We can help you build and manage a customized solution that meets the unique security needs of your organization. What would you do with an 80% reduction in the amount of labor and time needed to effectively manage your SIEM?

Katie is a Senior Product Manager and helps to manage and execute the overall marketing and enablement strategy for Microsoft Solutions at Connection. Throughout her career, which has included various roles in IT sales, Enterprise account management, Microsoft solutions support, and now Product Management, she has been purposefully driven by a love for helping people solve problems—bringing clarity to IT complexity and leading with empathy. In her free time, Katie enjoys reading, taking day trips and weekend getaways with her husband and teenage daughters, and volunteering with non-profit organizations that provide outreach to at-risk children and the foster care community.