Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure...

22
Azure Sentinel Use Cases

Transcript of Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure...

Page 1: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to

Azure Sentinel

Use Cases

Page 2: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to

Overview

• In this module you will learn

where Azure Sentinel can be

used.

Pre-

requisites

• Azure Sentinel Overview

module.

Page 3: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to

Sentinel use cases and value proposition

Page 4: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to

Log

management

Detection

Single pane

of glass

Alert

handling

Investigation

& hunting

Incident

management

Response

Page 5: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to

Traditional SIEMReal time correlation

Ingest time parsing

Search based SIEMScheduled queries

Query time parsing

Page 6: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to

• Auto-scales

• Easy collection from cloud sources

• Avoid sending cloud telemetry downstream

• Key log sources are free

No brainer Advantages

• DevOps deployment and enforcement

• Distributed

• Cloud native-schema

But there is more!

• The cloud security team

Use

• Side by side deployment with current SIEM

Requirements

Cloud SIEM

Page 7: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to

“Azure Sentinel works

seamlessly with Office 365

and other Azure services and

security tools. Compared to

other SIEMS I have used, it’s

much easier to connect our

data sources to Azure

Sentinel. There are built-in

connectors not just for

Microsoft but also for other

major security vendors.”

Jay Vaidya

Senior Security Analyst, Brewin Dolphin

Page 8: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to

AP

Is • Graph

Security API

• Management

• Data ingest

• Data queryD

ep

loym

en

t

• ARM

• DevOps

integration

• Azure policy Serv

ele

ss • Logic Apps

• Azure

functions

• Lambda

functions….

X

Page 9: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to
Page 10: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to

Upstream

Downstream

Events Alerts

Page 11: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to
Page 12: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to

• Effortless infinite scale

• Ease of integration

• Effective and integrated SOAR

• Microsoft research and ML

• SIEM and data lake in one

Advantages

• SIEM replacement

Use

• On prem-collection

Requirements

Next Gen SIEM

Page 13: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to

▪ $1B

Page 14: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to
Page 15: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to
Page 16: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to

(Optional)

Collector

Proxy

OS events, DNS, Windows FW, DHCP

agent agent

CEF or Syslog

connector

Syslog (TLS, TCP, UDP)

Branch Office

CEF/Syslog

connector

WEF

Connector

HTTPS

WEC

Logstash

Custom

Connectors

Page 17: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to

• Easy collection from cloud sources.

Advantages

• Cost prohibitive.

*No* Opportunity

• Stream events to on-prem SIEM.

Requirements

Cloud Collector

Page 18: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to

Pricing

Page 19: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to

Annual ingress: GB/d x 365

Price per GB: $2.53 + $0.1 Add Months

Total annual cost: Annual ingress x Price per GB

Page 20: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to
Page 21: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to
Page 22: Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure services and security tools. Compared to other SIEMS I have used, it’s much easier to

Amit Basu and Thomas F. Siems Research Department/media/documents/... · Amit Basu and Thomas F. Siems Research Department Working Paper 0404. The Impact of E-Business Technologies

Amit Basu and Thomas F. Siems Research Department/media/documents/... · Amit Basu and Thomas F. Siems Research Department Working Paper 0404. The Impact of E-Business Technologies

Bringing more intelligence to the SOC...Microsoft Azure sentinel Azure Sentinel helps organizations build next-generation security operations based on Cloud and AI technologies. This

Bringing more intelligence to the SOC...Microsoft Azure sentinel Azure Sentinel helps organizations build next-generation security operations based on Cloud and AI technologies. This

Microsoft Azure Sentinel - pearsoncmg.com · Microsoft’s vast threat-intelligence sources to maximize their effectiveness. Azure Sentinel will be a cornerstone of the Microsoft

Microsoft Azure Sentinel - pearsoncmg.com · Microsoft’s vast threat-intelligence sources to maximize their effectiveness. Azure Sentinel will be a cornerstone of the Microsoft

SIEMs - Decoding The Mayhem

SIEMs - Decoding The Mayhem

Secure Intelligent Workplace Overview - Microsoft Azure · Microsoft Cloud App Security Microsoft Defender ATP Office 365 Threat Intelligence Sentinel & Security Center After implenting

Secure Intelligent Workplace Overview - Microsoft Azure · Microsoft Cloud App Security Microsoft Defender ATP Office 365 Threat Intelligence Sentinel & Security Center After implenting

Sun Sentinel Blogs - Sun Sentinel

Sun Sentinel Blogs - Sun Sentinel

Kusto Query Internals: Hunting TTPs with Azure Sentinel...Azure Sentinel is a cloud native SIEM that leverages the power of Artificial Intelligence to ana-lyse large data volumes at

Kusto Query Internals: Hunting TTPs with Azure Sentinel...Azure Sentinel is a cloud native SIEM that leverages the power of Artificial Intelligence to ana-lyse large data volumes at

Yi Huang Steve Siems Michael Manton

Yi Huang Steve Siems Michael Manton

OOverview of Sentinel Asiaverview of Sentinel Asia … of Sentinel Asiaverview of Sentinel Asia and DPN Report of JAXA 2nd JPTM for Sentinel Asia Step 2 15-17 July 2009 Sentinel Asia

OOverview of Sentinel Asiaverview of Sentinel Asia … of Sentinel Asiaverview of Sentinel Asia and DPN Report of JAXA 2nd JPTM for Sentinel Asia Step 2 15-17 July 2009 Sentinel Asia

SIEMS Monthly Briefing 2011-06 Eng

SIEMS Monthly Briefing 2011-06 Eng

SIEMS Monthly Briefing 2011-08 Eng

SIEMS Monthly Briefing 2011-08 Eng

OPERATION FREEDOM’S SENTINEL FREEDOMS SENTINEL

OPERATION FREEDOM’S SENTINEL FREEDOMS SENTINEL

Azure Sentinel Step-by-Step Guide to Deploy · 2019. 7. 15. · 15/07/2019 Step-by-Step Guide to Deploy Azure Sentinel - Infused Innovations ...

Azure Sentinel Step-by-Step Guide to Deploy · 2019. 7. 15. · 15/07/2019 Step-by-Step Guide to Deploy Azure Sentinel - Infused Innovations ...

Anne Siems - Beauty the Brave

Anne Siems - Beauty the Brave

Azure Sentinel Deployment Best Practices

Azure Sentinel Deployment Best Practices

Forcepoint CASB and Azure Sentinel - Integration Guide · Forcepoint CASB and Azure Sentinel – Integration Guide forcepoint.com 5 Public 6. Click Ok to create the workspace (this

Forcepoint CASB and Azure Sentinel - Integration Guide · Forcepoint CASB and Azure Sentinel – Integration Guide forcepoint.com 5 Public 6. Click Ok to create the workspace (this

Azure Sentinel 101 - Catapult Systems

Azure Sentinel 101 - Catapult Systems

OPERATION FREEDOM’S SENTINEL REEDOMS SENTINEL

OPERATION FREEDOM’S SENTINEL REEDOMS SENTINEL

Anne Siems - A Careful Observation of Daylight II

Anne Siems - A Careful Observation of Daylight II

Kusto Query Internals Azure Sentinel Reference › ... · 2020-04-28 · Kusto Query Internals – Azure Sentinel Reference Author Huy Kha Contact Huy_Kha@outlook.com Summary This

Kusto Query Internals Azure Sentinel Reference › ... · 2020-04-28 · Kusto Query Internals – Azure Sentinel Reference Author Huy Kha Contact [email protected] Summary This