![]() ![]() What I saw in those slides is that they benefit from this telemetry and create a rich threat-intelligence, kind of a backend service, which supports Sentinel and literally enriches the detection capabilities for Microsoft Sentinel.Ĭorrelation is something that helps us instead of looking at every single alert. Since I also went through some slides of Microsoft and they receive a lot of telemetry because of their Windows platform, because of Azure. Visibility into threats is above average. The comprehensiveness and coverage of multiple different solutions, on-prem solutions, and cloud solutions, are the two aspects, Microsoft Sentinel really has an edge over other products. Microsoft Sentinel performs the analytics and gives us the alert for that. ![]() So all the logs from our AWS environment flow to the solution. At this point in time, it's just one account, but we plan on expanding more. In fact, we have integrated this with our AWS, as well. From a visibility and compatibility perspective, it's really a nice product to have as a SIEM solution for your cloud environment. We get a lot of visibility into what kind of emails we are getting and how many of them are malicious versus legitimate. And not just that, but even, in fact, with the MCAS and email-security solutions also. Microsoft Sentinel has given us great visibility into our cloud workloads and cloud environment as a whole. It is a cloud-based solution, so there are backend cloud computing costs, but they are negligible." Overall, a standalone on-prem solution would require some high-end servers, and there's a different cost. "The price is reasonable because Sentinel includes features like user behavior analytics and SOAR that are typically sold separately.The transaction hosting cost is also a little bit on the high side, compared to AWS and GCP." Some organizations may not be able to afford the cost of Sentinel orchestration and the Log Analytics workspace. Cost-wise, they're saving a lot and that is a major advantage." The first advantage is that the log or security-event ingestion into Sentinel is free. "The are two native advantages for customers that use M365 Security and Sentinel.The price point at which you ingest those logs has made a lot of my customers make the decision to leave that within the Defender stack." There is a lot of information coming through, and it is needed information. "I'm not happy with the pricing on the integration with Defender for Endpoint."From a cost perspective, Microsoft Sentinel is quite costly.".Microsoft Sentinel was previously known as Azure Sentinel. To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community. Respond to incidents rapidly with built-in orchestration and automation of common tasks Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft Collect data at cloud scale-across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs-while reducing IT costs. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm.
0 Comments
Leave a Reply. |