After Partner Feedback, Microsoft Releases Azure Sentinel SIEM Service
- By Kurt Mackie
- September 24, 2019
Microsoft on Tuesday announced the general availability of Azure Sentinel, its cloud-based security information and event management (SIEM) solution.
Since unveiling the product as a preview in February, Microsoft has been working with its partners to fine-tune Azure Sentinel. Its commercial launch comes after the company collected "feedback from 12,000 customers," explained Ann Johnson, corporate vice president for Microsoft's Cybersecurity Solutions Group, in the announcement. Johnson claimed that Azure Sentinel is a low-maintenance option compared with other SIEM solutions.
Microsoft's SIEM solution combines data from an organization's infrastructure, users, devices and applications, as well as cloud data. It uses machine learning and artificial intelligence to find threats and has a querying capability. It provides a dashboard view for users and also will send alerts.
Azure Sentinel works with other Azure services. It can use "security data from Azure Security Center and Azure Active Directory (Azure AD), along with data from Microsoft 365," Johnson noted. There's no extra cost to use data from "Office 365 audit logs, Azure activity logs and alerts from Microsoft Threat Protection," she added.
As an Azure service, Microsoft is touting Azure Sentinel's pay-for-what-you-use aspect. Organizations get billed based on the data stored in the Azure Monitor Log Analytics workspace, and the data that gets used for analysis. Organizations can opt for the Pay-As-You-Go option or for Capacity Reservations.
Billing under the Capacity Reservations option offers a "fixed fee based on the selected tier," Microsoft's Azure Sentinel pricing page explained. For instance, a capacity of 100GB per day is billed at $123 per day, while 500GB per day gets billed at $492 per day. These charges are considered to be discounted compared with the Pay-As-You-Go option, which gets billed at $2.46 per GB. Microsoft also charges if the data gets retained after 90 days.
Organizations can increase their Capacity Reservations at any time. However, they can only end or reduce their Capacity Reservations after 31 days.
Automating security responses with Azure Sentinel seems to require using Azure Logic Apps, an extra cost, according to the pricing page. For customizing Azure Sentinel's machine learning models, Microsoft recommends its Azure Machine Learning Studio and the Azure Databricks service.
Microsoft is planning to broadcast a talk on Azure Sentinel's security operations on Thursday, Sept. 26, starting at 10 a.m. PST, with sign-up here.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.