This article is not intended as a technical deep-dive into the Azure Security Center (ASC) and Sentinel solutions from Microsoft. There are loads of instructive docs on these from Microsoft. I intend for this article to simply serve as a reminder for OMS Security and Compliance clients to make the switch to Azure Security Center and explore the Sentinel SIEM solution which is currently in preview and free. The Security and Compliance solution reaches EOL at the end of July 2019.
Recall this security event log filtering feature that informed SecurityEvent table data in your Log Analytics repo, and that lived somewhere in the erstwhile OMS Security & Audit UI? Well it’s wound up in Azure Security Center.
In addition to all of the Security and Compliance capabilities, Azure Security Center (Standard tier) gives you Security event collection and search with the powerful Kusto query language, JIT VM Access, Advanced threat detection and threat intelligence, adaptive application controls, and a holistic set of tools and workflow for strengthening your security posture. With Azure Sentinel, the new SIEM solution from Microsoft, you can also take advantage of world-class intelligent security analytics for your enterprise, and the connection is as simple as referencing your Log Analytics workspace when configuring the Sentinel instance. I am not overstating the simplicity of this workflow, nor how seamless the integration of these cloud-native tools are to provide you with a compelling arsenal of security solutions. If you’ve ever tried configuring some other SIEM solutions, you will have an appreciation for the import here. 🙂
So to reiterate, and in RE: the above illustration, if you are still managing security workflows with the Security and Compliance solution, it’s high time to explore Azure Security Center and Azure Sentinel. ASC gives you a free 30 day trial. Ample time I think to get line of sight into what the cost implications will be for you. Azure Sentinal is in preview, and as such it is free. Use it, and get to know it. It’s cloud native, integrates seamlessly, and the built-in AI capabilities will leave you giddy with delight. Just take a peek at the ever-growing list of supported data connectors.
While it’s a great idea to try out the Azure cloud-native SIEM solution, bear in mind that there’s an ever-growing list of partners with connectors for getting Azure Monitor data into their respective SIEM solutions. For all my AWS friends out there, I’ll talk about Security Hub in another post as this is a Azure-specific article, but I’m also down with GuardDuty, Inspector and the like from the AWS cloud-native perspective. Stay tuned for some articles on those. Cheers!
Latest posts by Chiyo Odika (see all)
- Replicate Proximity Placement Group workloads in Azure - January 13, 2021
- Azure NetApp Files (ANF) – Deploy with JSON - October 9, 2020
- Addressing Critical ZeroLogon Vulnerability CVE-2020-1472 - September 26, 2020