ThirdSpace ThirdSpace
ThirdSpace
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Solutions
  • People
Load more
29 May 2019

Shaping the next-gen security operations centre with Azure Sentinel

  • Cyber security
Mathew Richards

Azure Sentinel is a significant security innovation from Microsoft; a bold step using AI and machine learning to simplify and enhance your security management capability.

Modern technology is empowering organisations and their people, enabling broader horizons from work, to home, to that third space of mobile and cloud. It’s no surprise that security operations are struggling to keep up, given the changing working approach, evolving delivery of services and number and volume of threats.

Vigilance is required, with improved security to counter changing threats, but not at the cost of operational efficiency.

Microsoft has provided a number of key security technologies in Microsoft 365, protecting people, information and devices. Security operations and management need to keep up and take the step into the Cloud. We see Sentinel as the flight deck of the Starship Enterprise, enabling businesses and users to boldly go where every business wants to be.

The IT architecture of a modern organisation is cloud and mobile – it permeates every element of its function, leading to greater connectivity and efficiency, but also to greater cyber security risks if you fail to implement technical controls.

Managing devices, directories, information apps and users without the right approach can become an overwhelming task for IT security. Attackers have become more sophisticated and can spend months, even years, operating within a company’s system before the breach is discovered or the vulnerability exploited.

It makes sense that Microsoft has been hard at work developing a comprehensive set of security components to support and enable this evolving operation and approach. An effort that has now resulted in the announcement of Azure Sentinel to proactively assess vulnerabilities and automate and accelerate incident response.

 

Azure Sentinel: A watchful protector

Appropriately named, Azure Sentinel is a scalable, cloud-native, security information and event management (SIEM) tool designed to operate across your entire IT estate, keeping watch for any behaviour or data that could be indicative of an attack.

Sentinel delivers intelligent security analytics and threat intelligence, providing a single solution for alert detection, threat visibility, proactive hunting and threat response.

Think of Sentinel as your birds-eye view across your organisation, working to alleviate the stress caused by increasingly sophisticated attacks, increasing volumes of alerts, and long resolution timeframes.

Sentinel compliments the diverse and growing set of advanced security technologies already offered by Microsoft, covering devices, data, infrastructure and applications.

These technologies already benefit from extensive machine learning based on vast amounts of telemetry data gathered globally and from within your private tenant. The aim is to surface quality, actionable alerts that enable you to detect and respond to potential threats.

This makes Sentinel a powerful asset for any security operations centre (SOC). Organisations may find it a little overwhelming and struggle to keep up and take advantage, partly due to the ever-widening cyber security skills gap, but also in persuading their existing providers, either internal or external, to adapt to this new world. Which is why we’re starting to see an evolution in the function of the modern SOC and the development of some very sophisticated security managed services.

Free e-Guide: The six biggest cyber security threats

Download 'The six biggest cyber security threats to your organisation' to gain:

  • Insight into the most serious cyber threats – and their potential impact
  • Security tips from the experts, so you can take preventative action today
Get my free e-Guide

Finding the right security managed service: Put a SOC in it

The concept of a security managed service is relatively simple: A third party or in-house team operate a security operations center that takes care of your IT security, allowing the business to securely conduct its day-to-day activity, uninterrupted by attack.

We are seeing organisations shift to a hybrid mode rather than completely outsourcing their security, seeking a complementary approach of internal security operations capability backed up by external specialist service providers with supporting services, technologies and automation.

A managed service, either completely or partially outsourced, can provide many benefits through real-time monitoring and data analysis. Taking advantage of a 24/7 SOC will allow you to defend against incidents regardless of time, type or even source.

Organisation’s often turn to a managed service because it helps with ownership of internal issues and gives you one place to go to seek a resolution. They can also offer opportunities to train your internal IT staff which can only add to your security strength.

Many SOCs are based around a central data repository. Typically these are located in a company’s data centre, but are more recently being moved to the Cloud (à la Sentinel).

Populating the data repository is normally achieved through a variety of methods from selected key business systems. This allows for RAW data to be correlated using unique business processes to produce incident cases.

Again, Sentinel will play a key part here, pulling information from across your organisation and translating it into a dashboard to highlight any concerns to the security team.

Watch the short video below for a quick overview of Azure Sentinel.

The main functions of a SOC are detection, investigation and triage. To that end, here are some key elements you should be looking for, that all effective SOCs should provide:

Monitoring

A big part of making sure your company is always performing at its best is monitoring. This can be achieved in several ways, through actionable alerts, emails or even just dashboards on a portal screen.

Many companies wait for issues to occur to see how their corporate infrastructure holds up, which is a reactive approach – you want to be proactive!

Information gathered through active monitoring can also lead to innovative projects that resolve long-standing issues in the IT environment, including automation and adapting remediations to current tools and techniques.

Playbooks

These are agreed and signed off processes that take the form of internal workflows and are required to be followed.

This ensures that all incidents are dealt with in the same way, every time. Now, we know that not all incidents are the same, so common sense is key, but first and foremost everything needs to be audited to make sure we can review what has been changed or completed in the event of a recurring incident.

This helps to build upon previous knowledge and stay up to date with evolving attack patterns.

Incident response plan

A key requirement in your documentation library, and one that will get referred to regularly, this plan should cover everything from the smallest incident to a full-on company outage.

Inside this plan will be complete documentation on escalation processes all the way down to corporate templates for completion.

 

Watch this space

Every supplier constructs their security managed service differently, all using different tools, vendors, hosting types and cost models.

When considering your options, it’s important to understand the differences and choose one that meets both your business needs and your IT strategy. Investing in a managed service should ultimately increase your efficiency and effectiveness.

Here at ThirdSpace, we’re currently exploring how Azure Sentinel can be built upon to create a security managed service that delivers maximum value and peace of mind for our customers, and the results, so far, are looking promising. As highlighted above our security services will be sure to include:

  1. Security monitoring
  2. Playbooks
  3. Incident response

What sets Azure Sentinel apart from other SIEMs is its access to Microsoft’s vast data sources. As well as your internal data, Sentinel can also draw on security data gathered across the world from every Microsoft platform. That’s an insane amount of knowledge Sentinel can use to teach itself how to better protect your digital assets.

A security managed service with a Sentinel powered SOC, supported by expert knowledge, would be the ideal solution for any organisation looking to take their digital security seriously.

Be sure to keep an eye out for upcoming updates on how Sentinel is helping shape ThirdSpace’s new security services.

If you would like to know more about Microsoft’s security technologies and how they and Sentinel can benefit your organisation, contact us to arrange a free half-day workshop.

You may also like...

Blog

VIP Protection – Providing a digital bodyguard with Microsoft 365

Blog

FIDO2 – Making Microsoft’s passwordless authentication a reality

Blog

Achieve identity security in 5 easy steps

Recent Blog Articles

View All
Author
Mathew Richards
Head of Mobility & Security
Learn More

Apply for a free Security and Privacy Workshop

Envision a secure future, with appropriate data protection and breach response plans.

Apply for free workshop
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.