Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Introduction to Azure Sentinel

Azure Sentinel is Microsoft cloud-native SIEM and SOAR. Say goodbye to 6 months SIEM solution setup and architecture - get started with visibility on you environement just now, and use the rich ecosystem of connectors to extend intelligence to your complete security suite.

  • Be the first to comment

Introduction to Azure Sentinel

  1. 1. Microsoft Azure Sentinel Arnaud Lheureux Cloud Chief Security Officer One Commercial Partner Microsoft APAC Twitter: @arnaudLheureux
  2. 2. Security Operations Team Expanding digital estate
  3. 3. Too many disconnected products High volume of noisy alerts Security skills in short supplyLack of automation Rising infrastructure costs and upfront investment IT deployment & maintenance Sophistication of threats Traditional SOC Challenges
  4. 4. Cloud + Artificial Intelligence Security Operations Team
  5. 5. Introducing Microsoft Azure Sentinel Collect DetectRespond Limitless cloud speed and scale Faster threat protection with AI by your side Bring your Office 365 data for Free Easy integration with your existing tools Investigate Cloud-native SIEM for intelligent security analytics for your entire enterprise Security data across your enterprise Rapidly and automate protection Threats with vast threat intelligence and AI Critical incidents guided by AI
  6. 6. Microsoft Security Advantage $1B annual investment in cybersecurity 3500+ global security experts Trillions of diverse signals for unparalleled intelligence
  7. 7. Limitless cloud speed and scale
  8. 8. Focus on security, unburden SecOps from IT tasks © Microsoft Corporation Azure No infrastructure setup or maintenance SIEM Service available in Azure portal Scale automatically, put no limits to compute or storage resources
  9. 9. Reduce security and IT costs No infrastructure costs or upfront commitment Only pay for what you use Bring your Office 365 Data for free Cloud-native, scalable SIEM
  10. 10. Integrate with existing tools and data sources
  11. 11. Pre-wired integration with Microsoft solutions Connectors for many partner solutions Standard log format support for all sources Collect security data at cloud scale from all sources across your enterprise Proven log platform with more than 10 petabytes of daily ingestion Microsoft 365
  12. 12. Bring your own insights, machine learning models, and threat intelligence Tap into our security community to build on detections, threat intelligence, and response automation. Optimize for your needs © Microsoft Corporation Azure Bring your own ML Models & Threat Intelligence Security Community
  13. 13. Demo Overview dashboard and data collection © Microsoft Corporation Azure
  14. 14. AI by your side
  15. 15. Correlated rules User Entity Behavior Analysis integrated with Microsoft 365 Bring your own ML models Pre-built Machine Learning models Threat Detection and Analysis ML models based on decades of Microsoft security experience and learnings Millions of signals filtered to few correlated and prioritized incidents Insights based on vast Microsoft threat intelligence and your own TI Reduce alert fatigue by up to 90% Detect threats and analyze security data quickly with AI
  16. 16. Investigate threats with AI and hunt suspicious activities at scale, tapping into years of cybersecurity work at Microsoft © Microsoft Corporation Azure Get prioritized alerts and automated expert guidance Visualize the entire attack and its impact Hunt for suspicious activities using pre-built queries and Azure Notebooks
  17. 17. Respond rapidly with built-in orchestration and automation Build automated and scalable playbooks that integrate across tools ! Security Products Ticketing Systems (ServiceNow) Additional tools
  18. 18. Demo Threat detection, investigation and response © Microsoft Corporation Azure
  19. 19. Sentinel In a nutshell © Microsoft Corporation Azure Microsoft Services Analyze & Detect Investigate & Hunt Automate & Orchestrate Response Visibility Data Ingestion Data Repository Data Search Enrichment IntegrateCollect
  20. 20. What our partners and early adopters say about Azure Sentinel © Microsoft Corporation Azure “Azure Sentinel provides a unique and cloud centric security incident and event management solution that is both simple to deploy and able to manage complex hybrid customer environments.” Jeff Dunmall Executive Vice President of Global Managed Services “My team has the upper hand with Azure Sentinel. I get unbridled capacity, and the built-in AI and threat intelligence based on Microsoft’s years of cybersecurity experience really helps my team focus on keeping our clients secure vs managing infrastructure and threat feeds”. Andrew Winkelmann Global Security Consulting Practice Lead
  21. 21. Take actions today- Get started with Sentinel Connect data sources To learn more, visit Start Microsoft Azure trial Open Azure Sentinel preview dashboard in Azure Portal
  22. 22. Thanks for your attention! Arnaud Lheureux, CISSP, CCSP Twitter : @arnaudLheureux