I’m thrilled to announce Forrester Research has named Microsoft Azure Sentinel as a “Leader” in The Forrester Wave™: Security Analytics Platform Providers, Q4 2020. When we released Azure Sentinel almost a year ago—the industry’s first cloud-native SIEM on a major public cloud—our goal was to provide a new, innovative approach to help organizations modernize security operations. We’ve been excited and humbled to see enthusiastic adoption across verticals like IT, financial services, e-commerce, big data, and other industries. It’s been particularly fulfilling to work alongside many of you to see the unique ways that Azure Sentinel can improve your security operations.

Today—and this year more than ever—security operations centers (SOCs) are being asked to do more with less, all while protecting a decentralized digital estate. We’re honored that in this time of transformative change, Azure Sentinel can help security teams achieve this goal.

The Azure Sentinel vision

We are especially honored to see that Azure Sentinel received the top ranking in the “Strategy” category because one of our core values is to enable SecOps teams to do more with less by offering a different path forward than traditional, on-premises SIEMs. The key lies in Azure Sentinel’s cloud-native nature. For many of our customers, moving to the cloud has been a transformative change. At Avanade, for example, moving to Azure Sentinel enabled the security team to shift their focus from on-premises management and instead spend time on strategic work to make their organization safer. As a cloud-native SIEM, Azure Sentinel makes it easy to deploy, scale, and use. You can collect, correlate, and analyze data across users, devices, applications, and infrastructure at cloud scale—on premises and in multiple clouds. And instead of investing time and money into inflexible infrastructure, you only pay for the resources you need.

Most importantly, by eliminating the infrastructure and maintenance of an on-premises SIEM, you empower your team to focus on what’s most important: protecting your organization.

Azure Sentinel helps you detect and investigate threats more efficiently by harnessing AI. Azure Sentinel uses a technique called Fusion to find threats that fly under the radar by combining low fidelity, “yellow” anomalous activities into high fidelity “red” incidents. Fusion combines data from disparate data sets across both Microsoft and partner data sources, then uses graph-based machine learning and a probabilistic kill chain to produce high-fidelity alerts. This process reduces alert fatigue by 90 percent, ensuring that SecOps teams are only spending time on real, actionable alerts. And with integrated automation, it further optimizes your team’s time by automating responses to common tasks.

With these innovations, we’ve helped our customers protect their organizations more efficiently—like at ASOS, where the SecOps team cut issue resolution times in half, or at ABM Industries, where the security team reduced the number of alerts they analyze by 50 percent.

Our goals are not just limited to transforming the SIEM market. In September, we shared our vision for how organizations can get fight threats in today’s complex landscape with integrated SIEM and Extended Detection and Response (XDR) from a single vendor. With this combination, you get the best of both worlds—end-to-end threat visibility across all your resources; correlated, prioritized alerts based on Microsoft’s deep understanding of specific resources with AI that stitches that signal together; and coordinated action across the organization. That’s why we’ve optimized Azure Sentinel for ease of integration across Microsoft products, provide many sources of Microsoft 365 data ingestion for free, and have recently launched Microsoft 365 data grant benefit to help you realize even more value from integrated security.

Just getting started

We’re constantly working with partners and customers on ways to improve Azure Sentinel—and we’re only just getting started. Here are just a few of the innovations we announced at Microsoft Ignite 2020:

  • User and Entity Behavioral Analytics (UEBA), to pinpoint unknown and insider threats.
  • The ability to build your own ML models.
  • Threat Intelligence improvements, including threat indicator management.
  • Watchlists to eliminate time-consuming manual analysis of external data sources, enabling you to correlate security events with other non-security data sources.
  • Many new connectors to simplify data collection.

We have no plans to slow down. With innovations still to come, the best days of Azure Sentinel are still ahead of us.

In the meantime, Azure Sentinel’s performance in the Forrester Wave is an encouraging sign that we’re on the right track with our journey to streamline and strengthen your security—eliminating the complexity of an on-premises infrastructure, saving costs, and enabling SecOps to be more efficient than ever.

To all our customers, thanks for coming with us on this journey. Keep the feedback coming—Eric

Click here to read a courtesy copy of The Forrester Wave™: Security Analytics Platform Providers, Q4 2020.

If you’re ready to get started with Azure Sentinel, we invite you to sign up for a trial today.

With integrated SIEM and XDR, you get the best of both worlds. To help you take advantage of this integrated security approach, Microsoft is currently running an Azure Sentinel benefit for Microsoft 365 E5 customers.

From November 1, 2020, through May 1, 2021, Microsoft 365 E5 and Microsoft 365 E5 Security customers can get Azure credits for the cost of up to 100MB per user per month of included Microsoft 365 data ingestion into Azure Sentinel. Data sources included in this benefit include:

  • Azure Active Directory (Azure AD) sign-in and audit logs.
  • Microsoft Cloud App Security shadow IT discovery logs.
  • Microsoft Information Protection logs.
  • Microsoft 365 advanced hunting data (including Microsoft Defender for Endpoint logs).

With these credits, a standard 3,500 seat deployment can see estimated savings of up to $1,500 per month. This offer is available to new and existing customers who have Enterprise (EA) or Enterprise Subscription (EAS) Agreements and Enrollments, and you can begin accruing credits in your first month of eligibility. You can learn more about the offer here.

To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.

This article was written by Eric Doerr, Vice President of Cloud Security at Microsoft and originally appeared in Microsoft’s Security Blog.

Ready to Get Started with mDS?

Fill-out the quick form & a MDS technical expert will contact you soon!

+1 (888) 123-4567