Azure Sentinel born-in-the-cloud SIEM was released in preview mode in February 2019 and in full general availability in September 2019. However, it has since advanced in bounds and leaps, with a very aggressive rate of new features added, including but not limited to data connectors, dashboard visualizations, incident management, and SOAR and data enrichment capabilities.
From our interactions with the Microsoft Sentinel team, the focus on listening to customer feedback and deploying the high priority functionality is quite evident and it reflects in the evolution of the product itself. Azure Sentinel is becoming a poster child on how a truly cloud-born security solution allows customers to get a better product month by month. The only challenge remains the capability to keep up with the rate of improvements, but that’s one of the paradigms of new reality of cloud-based solutions that relieve the security analysts of some effort, mostly around maintenance, while forcing them to learn the new features that become available at such as high rate.
Combined with a tight integration with highly specialized security controls such as Microsoft and Azure Defender, Sentinel is emerging as a natural choice for the organizations that want to take advantage of the synergy between these products.
The diagram below is a one-page view of the core Azure Sentinel components updated as of March 2021, showing how various parts of the traditional SIEM infrastructure relate to it. We would also like to highlight that the wide variety of log ingestion and enrichment options shown in the diagram still don’t do justice to the versatility of Azure Sentinel.
Contact us for full walk-through of this diagram and a review on how Azure Sentinel addresses most of the challenges faced by the SIEM industry.
Azure Sentinel Design – High-Definition PDF
Azure Sentinel Design – High-Definition SVG