Security Operations, Content

Microsoft Azure Sentinel: Cloud SIEM Beta Tests Start


Microsoft is beta testing Azure Sentinel, a cloud-based SIEM (security information and event management) that supports data collection from all types of on-premises and cross-cloud sources, Director of Product Management Eliav Levi disclosed today.

Microsoft’s Eliav Levi
Microsoft's Eliav Levi

Azure Sentinel has four design goals for customers, Microsoft's documentation says:

  1. Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
  2. Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft.
  3. Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft.
  4. Respond to incidents rapidly with built-in orchestration and automation of common tasks.

An Azure Sentinel preview is free. Microsoft plans to disclose pricing prior to the end of the preview. A paid launch date has not been disclosed.

MSSP Alert is checking to see if Azure Sentinel is multi-tenant for MSPs and MSSPs to support multiple customers from a single pane of glass.

Microsoft Azure Sentinel: Cloud Plus Cross-Platform

Developing Azure Sentinel is a dramatic move for a range of reasons.

For starters, Microsoft has never been known as a security-first company. Plus, the SIEM market has a mixed history -- sometimes suffering from complex, difficult to deploy, expensive solutions that are hard to fine-tune for specific company needs.

Still, cloud services have dramatically improved the SIEM picture. A growing number of vendors (including Exabeam just this week) have extended from traditional on-premises options to offer SaaS-based versions of SIEM.  Plus, some vendors -- such as Netsurion -- have built SIEM services specifically for MSP partners.

Meanwhile, Azure Sentinel also reinforces Microsoft's evolution into a cross-platform company. It wasn't always that way. If you recall, Microsoft Intune and Azure originally were Microsoft Windows Intune and  Microsoft Windows Azure -- and focused first on the company's own platforms before evolving for the multi-platform world.

The Azure Sentinel beta test emphasizes that cross-platform support for all types of users, devices, applications, and infrastructure, both on-premises and across multiple clouds. And yes, Azure Sentinel offers some free perks for Microsoft's sister products. For instance, Sentinel beta testers can import Office 365 data for free.

Microsoft Azure Sentinel: Initial Cloud SIEM Partners & Testers

Companies such as F5 Networks, Insight Enterprises, New Signature, and Accenture are quoted in the beta test documentation -- suggesting that those companies plan to consume Azure Sentinel and/or leverage it for managed security services.

Among the MSP experts quoted as part of Microsoft Azure Sentinel's unveiling: Jeff Dunmall, executive VP for global managed services at New Signature -- a Top 100 Public Cloud MSP for 2018, according to ChannelE2E.

Microsoft's Azure Sentinel product disclosure comes one week before the massive RSA Conference 2019 in San Francisco. MSSP Alert has confirmed meetings with several SIEM providers at the conference, and will seek more perspectives at the show.

In the meantime, a quick thanks to Infogressive CEO Justin Kallhoff. He pinged me today asking what I know about Azure Sentinel. The short answer was "nothing" -- until I started poking around the beta service early this evening.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.