Is Azure Sentinel a good thing for the cloud?
Updated: Mar 11, 2019
So a few weeks ago Microsoft announced Azure Sentinel, their new cloud-base SIEM system.
Security Information and Event Management (SIEM) products can’t keep pace, or at least that is one of the key reasons that Sentinel was created we are told. According to the Azure Sentinel home page, it is touted as intelligent security analytics for your entire enterprise. But is Sentinel really needed?
Azure Security Center. Azure Monitor. Log Analytics. OMS. The Security Graph. 3rd party integrations like AuditWolf. So many vectors of security insights. How is Azure Sentinel different?
You can think of Azure Sentinel as SIEM-as-a-service. It has much deeper insight into your security events and allows for much more refined threat hunting. It allows you to bring in all your security events across a hybrid IT infrastructure world and host them in a cloud-native service. Another way to think of the differences is that ASC is more of a cloud workload protection platform, and Sentinel is a true SIEM. Built on the Microsoft Cloud.
I've been a big fan of Splunk as a cloud-based SIEM for years. But I have to admit, Azure Sentinel opens up a whole new set of possibilities. Especially since it can consume our Azure environment logs extremely easily. It's worth checking out.