Guarding the fort just got a whole lot easier...
"With great power comes great responsibility."
OK, the job isn't as flashy as Spiderman's, but these words ring true for all Security Analysts. After all, continuously monitoring and maintaining a birds-eye view of your company's electronic data and technical environment, making sure it's kept safe from the hooded claws of hackers and fraudsters, is a 24x7 task.
There must be a better solution to this than just hiring out of hours staff, or pulling longer shifts. You need someone you can trust, a dedicated sentry to join you in standing guard. But who will be that Watchman, bearing this ever-growing responsibility?
Well, we've got the perfect candidate to join your security team: the AI wielding, environment shielding, unyielding guardian of the Azure galaxy - Sentinel!
Microsoft's very own Security information and event management (SIEM) and Security orchestration, automation, and response (SOAR) solution, Sentinel sits on top of a Log Analytics Workspace and looks through all the service data you feed it. Many of its out of the box data connectors also provide you with analytic rules to alert for key events, and once the conditions in the rule are realised, playbooks can be automatically run to respond to them, such as raising tickets in your help desk solution or blocking sign-ins.
But Sentinel's beauty really shines with its User Entity Behavioural Analytics (UEBA). It looks at the past 30 days of your users' activity and begins identifying any anomalies in the Audit and Sign-in logs. With this data, its AI engine reasons whether a created incident is a true positive - in other words, is it a genuine threat to your environment. But you can also manually tailor it to override the state of an incident, so its AI will start building an accurate profile of all the users, devices, and IPs that your company works with.
And don't worry - Sentinel is rated 'E' for everyone. Along with the standard Microsoft ones, it comes with an impressive gallery of data connectors to non-Microsoft platforms like Zscaler and OpenVPN, so nothing is left lacking some Sentinel loving...!