DTS Solution
DTS Solution

Deep-dive into Azure Sentinel – Part 1 – Introduction to Sentinel as a SIEM

You might have heard of the North Sentinel Island in the middle of Bay of Bengal that hosts the most isolated tribe in the world. Despite several attempts to break in or contact the island, it was always defended violently by the natives and the island still remains untouched. It is considered to be one of the most secured places on planet earth guarded both by the local tribes and the government. When it came to naming the most powerful weapon in Azure cloud security arsenal, Microsoft have chosen the right name for it- Azure Sentinel.

You might have heard of the North Sentinel Island in the middle of Bay of Bengal that hosts the most isolated tribe in the world. Despite several attempts to break in or contact the island, it was always defended violently by the natives and the island still remains untouched. It is considered to be one of the most secured places on planet earth guarded both by the local tribes and the government. When it came to naming the most powerful weapon in Azure cloud security arsenal, Microsoft have chosen the right name for it- Azure Sentinel.

You might have heard of the North Sentinel Island in the middle of Bay of Bengal that hosts the most isolated tribe in the world. Despite several attempts to break in or contact the island, it was always defended violently by the natives and the island still remains untouched. It is considered to be one of the most secured places on planet earth guarded both by the local tribes and the government. When it came to naming the most powerful weapon in Azure cloud security arsenal, Microsoft have chosen the right name for it- Azure Sentinel.

You might have heard of the North Sentinel Island in the middle of Bay of Bengal that hosts the most isolated tribe in the world. Despite several attempts to break in or contact the island, it was always defended violently by the natives and the island still remains untouched. It is considered to be one of the most secured places on planet earth guarded both by the local tribes and the government. When it came to naming the most powerful weapon in Azure cloud security arsenal, Microsoft have chosen the right name for it- Azure Sentinel.

What’s Azure sentinel under the hood?
Azure natively provides a variety of features when it comes to data analysis and security, that includes by not limited to
  • Azure Log Analytics Workspace and Azure Monitor for Collecting, Storing and analyzing log, Metrics and Telemetry data
  • KQL(Kusto Query Language) to query and Interact with data
  • Azure Logic Apps for running Logic workflows helps to schedule, orchestrate and automate tasks
  • Azure Machine learning Studio for advanced supervised and unsupervised machine learning
  • Azure Fusion for multistage attack detection
  • Azure Workbooks for Visualization
  • Many security features like Azure Security Center, DDOS protection, Advanced Threat protection, etc.

Azure natively provides a variety of features when it comes to data analysis and security, that includes by not limited to

Azure Sentinel Features
Let’s take a ride through the various features Sentinel provides in order to make it the newfound favorite in Security market. We will analyze the following Standard SIEM features provided by sentinel based on their availability and complexity.
Cost of Onboarding
  • Cost of Onboarding
  • Ease of deployment
  • Data Collection and Processing
  • Data Analysis
  • Threat Intelligence
  • Machin Learning
  • How to crack passwords
  • User and Entity Behavior analysis
  • Dashboards
  • Reporting
Microsoft started referring itself as the largest security provider in the world lately than a software and infrastructure development company. We have to agree with the fact that the latest enhancements what its delivered in security marketplace proves the claim to be right. Microsoft has tried to invest decades of experience in to Azure sentinel to make it a near perfect SIEM solution, that can belittle any other enterprise SIEM solutions, at the same time making it affordable with competitive pricing models.
Azure provides two pricing models for Sentinel:
Pay As You Go: With Pay as you go model, you pay for how much data ingested, roughly USD 2.64 per GB Ingested. This option would be good for small organizations that generate only few GBs of data a day. Note: There are other costs applicable for different services within Sentinel arsenal like Data Retention more than 90 days.
Capacity Reservation: If you are a larger organization that churns out hundreds of GBs of data every day, Azure gives discounted pricing with Capacity reservation. It offers up to 60% discount comparing with Pay-As-You-Go pricing as the capacity increases.
Free Trail: Azure provides a free 30-day trial for Proof-of-Concept purposes.
Ease of deployment:

When it comes to On-Prem SIEM Solutions, Deploying the solution to the network itself is a complex process that includes procuring and Provisioning hardware or VM, installing the host OS and necessary application, Licensing, setting up the networking, etc. Sentinel being a SaaS platform, deploying it is as easy as few clicks and couple of minutes of waiting for the solution to be deployed ready to use.

What’s Azure sentinel under the hood?

Azure natively provides a variety of features when it comes to data analysis and security, that includes by not limited to
  • Azure Log Analytics Workspace and Azure Monitor for Collecting, Storing and analyzing log, Metrics and Telemetry data
  • KQL(Kusto Query Language) to query and Interact with data
  • Azure Logic Apps for running Logic workflows helps to schedule, orchestrate and automate tasks
  • Azure Machine learning Studio for advanced supervised and unsupervised machine learning
  • Azure Fusion for multistage attack detection
  • Azure Workbooks for Visualization
  • Many security features like Azure Security Center, DDOS protection, Advanced Threat protection, etc.
Azure sentinel integrates all the above features under one blanket and provide the benefits of all the features right from one tool. Integrating all these features in to one UI makes it easier to manage, analyze and respond to threats.

Azure Sentinel Features

Let’s take a ride through the various features Sentinel provides in order to make it the newfound favorite in Security market. We will analyze the following Standard SIEM features provided by sentinel based on their availability and complexity.

  • Cost of Onboarding
  • Ease of deployment
  • Data Collection and Processing
  • Data Analysis
  • Threat Intelligence
  • Machin Learning
  • How to crack passwords
  • User and Entity Behavior analysis
  • Dashboards
  • Reporting
Cost of Onboarding
Microsoft started referring itself as the largest security provider in the world lately than a software and infrastructure development company. We have to agree with the fact that the latest enhancements what its delivered in security marketplace proves the claim to be right. Microsoft has tried to invest decades of experience in to Azure sentinel to make it a near perfect SIEM solution, that can belittle any other enterprise SIEM solutions, at the same time making it affordable with competitive pricing models.
Azure provides two pricing models for Sentinel:
Pay As You Go: With Pay as you go model, you pay for how much data ingested, roughly USD 2.64 per GB Ingested. This option would be good for small organizations that generate only few GBs of data a day. Note: There are other costs applicable for different services within Sentinel arsenal like Data Retention more than 90 days.
Capacity Reservation: If you are a larger organization that churns out hundreds of GBs of data every day, Azure gives discounted pricing with Capacity reservation. It offers up to 60% discount comparing with Pay-As-You-Go pricing as the capacity increases.
Free Trail: Azure provides a free 30-day trial for Proof-of-Concept purposes.
Ease of deployment:
When it comes to On-Prem SIEM Solutions, Deploying the solution to the network itself is a complex process that includes procuring and Provisioning hardware or VM, installing the host OS and necessary application, Licensing, setting up the networking, etc. Sentinel being a SaaS platform, deploying it is as easy as few clicks and couple of minutes of waiting for the solution to be deployed ready to use.

See also:

Deep-dive into Azure Sentinel – Part 2 – Data Collection and Processing

July 12, 2021

Remote User Access – VPN vs SDP from a security perspective

June 15, 2021

Managing Third Party and Supply Chain Security

May 27, 2021

Linkedin X-twitter Facebook Youtube

© Copyrights 2024.
All rights reserved by DTS Solution 
– Cyber Security Redefined

Solutions

Network and Infrastructure Security
Zero Trust and Private Access
Endpoint and Server Protection
Vulnerability and Patch Management
Data Protection
Application Security
Secure Software and DevSecOps
Cloud Security
Identity Access Governance
Governance, Risk and Compliance
Security Intelligence Operations
Incident Response

Industry

Critical Infrastructure
Education
Energy and Utilities
Enterprise and Service Providers
Financial Services and FinTech
Government
Healthcare and BioTech
Legal
Manufacturing
Media and Entertainment
Retail and Ecommerce
Technology and Digital

Services
Cyber Strategy
Cyber Secure
Cyber Operations
Cyber Response
Cyber Resilience
Products

COMPLYAN
FYNSEC
HAWKEYE CSOC WIKI
Firewall Policy Builder

Other

About Us
Awards
Board of Directors
Leadership
Careers
Support
Contact
Vendors
Resources
Press Center
Privacy Policy

  Dubai

Office 4, Oasis Center
Sheikh Zayed Road
PO Box 128698
Dubai, UAE

+971 4 3383365
[email protected]
   Abu Dhabi

Office 7, Floor 14
Makeen Tower, Al Mawkib St.
Al Zahiya Area
Abu Dhabi, UAE

+971 2 6573566
[email protected]

   Kuwait

Mezzanine Floor, Tower 3
Mohammad Thunayyan Al-Ghanem Street, Jibla
Kuwait City, Kuwait


+971 4 3383365
[email protected]

   London

160 Kemp House, City Road
London, EC1V 2NX
United Kingdom
Company Number: 10276574

+44 20 3287 3942
[email protected]

The website is our proprietary property and all source code, databases, functionality, software, website designs, audio, video, text, photographs, icons and graphics on the website (collectively, the “Content”) are owned or controlled by us or licensed to us, and are protected by copyright laws and various other intellectual property rights. The content and graphics may not be copied, in part or full, without the express permission of DTS Solution LLC (owner) who reserves all rights.

DTS Solution, DTS-Solution.com, the DTS Solution logo, HAWKEYE, FYNSEC, COMPLYAN, FRONTAL, HAWKEYE CSOC WIKI and Firewall Policy Builder are registered trademarks of DTS Solution, LLC.