READ TIME: 1 min. 50 sec.
tl;dr: In early March (2019) Microsoft announced the launch of Azure Sentinel – the company’s first Security Information and Event Management tool built for users who require more security in the Azure cloud. Azure Sentinel is designed to automate threat detecting and allow SecOps teams to focus their valuable time on major data anomalies that require their attention. Nubeva gives Microsoft a big shout out for its effort to make Azure more secure. Our next-gen cloud agent, Nubeva Prisms, will continue to support organizations that need to acquire, process and distribute cloud packets to IT teams and tools to secure the cloud.
CTA: Learn how Nubeva Prisms can acquire, process and distribute cloud packets to your IT tools and teams. www.nubeva.com
Recently, Microsoft announced Azure Sentinel – the first cloud-native Security Information and Event Management (SIEM) tool built by a major cloud provider. What does Azure Sentinel do? Microsoft’s official announcement says the solution will perform:
- Security analytics (using an artificial intelligence filter to reduce or eliminate false positive security alerts)
- Log collection
- Threat detection in both enterprise cloud and public cloud environments
What’s more, it is designed to give more visibility across multiple public clouds and cloud applications – all while using compute power from Microsoft Azure servers to analyze data and detect potential threats. Azure Sentinel, now in beta trials (March 2019), makes it easy to collect security data across an entire hybrid organization – from devices to users, and from apps to servers on any cloud.
With Azure Sentinel the IT team can aggregate cloud security data with built-in connectors, native integration of Microsoft signals, and support for industry standard log formats like common event format and syslog. In addition, Azure Sentinel uses scalable machine learning algorithms to correlate millions of low-fidelity anomalies to present a few high-fidelity security incidents to the analyst.
Why More Security in the Public Cloud is a Good Thing
If your enterprise is migrating resources to the cloud, you need real-time insight into all activities across the network. Monitoring traffic, analyzing data and identifying potential threats in the cloud is just as important as it’s been in the data center. The cloud provides limitless advantages – from speed to flexibility to storage. It’s here, and it’s not going away. So your IT organization must find security solutions that simplify monitoring and threat detection. And they must also integrate with existing platforms and tools your team already knows and understands.
In the Azure Sentinel launch briefing, Ann Johnson, corporate vice president of the Cybersecurity Solutions Group at Microsoft said cybersecurity attackers have a distinct advantage today because of the shortage of cybersecurity professionals. Azure Sentinel is built to help SecOps teams manage the most complex security issues versus chasing every alert – reducing noise and cutting alert fatigue by as much as 90%. What’s more, Sentinel can automate up to 80% of the most common tasks SecOps teams now spend time performing.
Azure Sentinel is also designed to augment existing enterprise defense and investigation tools, including best-of-breed security products, applications and workflow management systems. So if your organization is interested in cloud packet monitoring (and it should be) you can still deploy a cloud-native agent like Nubeva Prisms to acquire, process, distribute and manage packet data – sending the packets to your teams and tools as anomalies in the public cloud occur.
To continue rapid growth, public cloud platforms simply must develop cloud-native security solutions that enterprise IT organizations can easily adopt and run in their cloud networks. Microsoft now moves beyond the ability to see flow logs to a more comprehensive security solution that doesn’t require more human resources to be effective.