Azure Sentinel is a cloud-native SIEM (security information event management) system that centralises information logs from devices across a network in order to create a central repository and visibility across the enterprise.
This data can be enriched with advanced correlation and threat intelligence feeds to enable enhanced detection and response powered by the CloudTech24 security monitoring and threat hunting team.
Sentinel provides centralised and intelligent security analytics across the entire enterprise with Its ability to log data from local and cloud services and combining these multiple data sources.
This enables security operations teams to receive deep visibility for threat detection and to automate the threat response leveraging custom playbooks upon predefined threat scenarios.
As a result, clients and managed security teams can rest assured that monitoring is proactive through intelligent automation.
CloudTech24 are in the top 5% of Microsoft partners and we are a managed security service provider (MSSP).
Our SOC team leverage the full Security Orchestration, Automation, and Response (SOAR) capabilities of the Microsoft offering to offer managed detection and response services to secure the both the client and the customer environment for businesses globally.
Companies we work with receive the full advantage of Sentinel and the threat intelligence supplied by our SOC to ensure that access to their operations and data are monitored and proactively secured.
Threat Intelligence Feeds
CloudTech24 are a CREST-accredited organisation that thrives on the continuous improvement of security and reduction of disruptive incidents for customers. Azure sentinel can consume from threat intelligence aggregation services from a large number of external resources to identify possible malicious hosts and Indicators of compromise (IOCs) with active alerting for our Security Operations Centre to monitor, investigation and validate as part of our Azure Sentinel managed service and cyber security protection. Sentinel can consume structured STIX/TAXII threat intelligence feeds, including the following open and commercial sources:
Azure Sentinel SIEM Environment
The Azure environment provides a large resource group for tenants.
Having Azure Sentinel either as a standalone piece of SaaS integrated with third party applications or integrated with other Microsoft services is an enterprise solution for businesses ensuring that incidents are mitigated against and security alerts are improved.
The Azure Sentinel environment allows for more information to be crawled through using automation, and for human intelligence to be applied to the process.
This results in great capabilities when it comes to managing security and data security.
6 Reasons Why CloudTech24 Should Implement An Azure Sentinel MSSP For Your Business
We are security experts with many years of experience working across multiple sectors. By using CloudTech24 to implement Azure Sentinel for your operations we are able to do the following:
1) Aggregate logs from your workstations, networks and cloud services into a single dashboard for centralised visibility and log retention to meet your security and compliance requirements
2) Detect malicious activity from all digital assets from log analysis, and advanced correlation use cases and custom content developed by our analysts, Intel and threat hunting teams.
3) Offer a dedicated threat hunting team – this means a deep review of activity and development of automation to improve detection, identification, validation and threat actor attribution of targeted threats.
4) Integrate industry threat intelligence including blacklisted domains, IPs and file hashes to improve your security detection.
5) Automate threat response by executing playbooks automatically upon a threat detection alert trigger.
6) Integrate behavioural analytics into your security program to leverage artificial intelligence and machine learning to enhance the effectiveness of our security analysts and create additional “signals” for our team to investigate and validate.
Frequently Asked Questions about our Azure Sentinel Managed Service & Azure Sentinel Threat Hunting
Take a look at some of our frequently asked questions. For any other information, or to begin onboarding, please get in touch with us.
IS AZURE SENTINEL PART OF E5?
Azure Sentinel is a standalone offering, however Microsoft 365 E5 customers can get credit towards data consumption with Azure Sentinel.
IS AZURE SENTINEL A SIEM
Microsoft Azure Sentinel is a Security information and event management (SIEM) Platform, designed to provide centralised visibility of logs, advanced analytics and log retention. The implementation of a SIEM solution is a huge task for all organisations due to the technical implementation and processes and the requirement for ongoing SIEM monitoring and the expertise required for threat hunting.
IS AZURE SENTINEL MULTI-TENANT?
No – it is a standalone application applied to a specific set of data. Azure Lighthouse is multi-tenant within which our team can setup and manage MSSP Azure Sentinel access for multiple tenants.
WHAT CAN AZURE SENTINEL DO?
Azure Sentinel is a Microsoft security platform that delivers cloud-native SIEM and intelligent security analytics and in conjunction with the Azure security centrer and an Azure Sentinel MSSP provides visibility, threat hunting, and threat detection and response to threats in systems across the organisation. By ingesting multiple data logs our analysts can leverage Microsoft Security analytics to alert you to the presence of any irregular or malicious activity and validate false positives and start finding real threats quickly.
WHERE IS AZURE SENTINEL DATA STORED?
The data for Azure Sentinel is stored in a Microsoft Azure Monitor Log Analytics workspace and leverages the massively scalable cloud storage and same secure platform capabilities available for security analytics in Azure.
Billing is calculated using the amount of data processed by Azure Sentinel as well as the amount stored in Azure Monitor Log Analytics.
DOES AZURE SENTINEL REQUIRE LOG ANALYTICS?
Yes – the data analysed by Azure Sentinel is stored in Azure Monitor Log Analytics. The program is used as Sentinel’s backend provide advanced analytics for your entire IT environment in conjunction with the full Azure Security Center to protect your organisational assets.
WHAT SHOULD I LOOK FOR IN A AZURE SENTINEL MSSP?
Azure Sentinel MSSP’s are required to operate on a 24/7/365 basis to ensure continuous monitoring of the Azure Sentinel SIEM platform. Sentinel MSSP partners should be approved Microsoft partners with demonstrable and intelligent security capabilities. CloudTech24 are in the top 5% of global and a recommended solutions and support partners. Our experienced Azure Sentinel MSSP service provides your business with continuous threat detection and faster more efficient decision.
WHAT IS THE AZURE SENTINEL PRICING?
Azure Sentinel pricing is based on the volume of data ingested for analysis in Azure Sentinel – as a premium Microsoft Azure Sentinel Partner, CloudTech24 can include Sentinel pricing as part of our MSSP service.
WHAT DATA CAN BE INGESTED INTO AZURE SENTINEL FOR FREE?
A significant amount of Microsoft Logs can be ingested into Azure Sentinel for free, this includes:
Azure Activity Logs, Office 365 Audit Logs and alerts from Microsoft Defender products (Azure Defender, Microsoft 365 Defender, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Endpoint), Azure Security centre and Microsoft Cloud App Security and advanced threat protection (ATP) can be ingested at no additional cost into both Azure Sentinel & Azure Monitor Analytics. There are some Microsoft logs that are are charged for ingestion, including Azure Active Directory (Azure AD/AAD).
IS AZURE SENTINEL FREE
Azure Sentinel is a commercial service which can be enabled at not cost on an Azure workspace for the first 31-days – after this point the solution will require licensing. Speak to CloudTech24 about our fully managed SOC services and how we can deliver licensing as part of the security service.