For SLH security is always high on the agenda hence the decision was made to dramatically enhance its security visibility across it’s estate through the use of Microsoft’s cloud security information and event management solution (SIEM) Azure Sentinel.
South Lakes Housing has moved much of its information assets into Office 365 platforms such as Exchange Online and OneDrive, their authentication is integrated into Azure Active Directory to enable seamless sign in. With such critical functions hosted in the cloud it becomes even more important to establish and maintain a capability to detect and manage security attacks.
SLH needed a security view across their Office 365 estate that would highlight suspicious activities that may indicate a risk to the business and its data, with its deep native integration into Office 365; Sentinel is able to hunt for and report on such events with ease.
Despite having a new cloud first strategy many of the clients toolsets are traditional on-premise solutions, Sentinel would be the clients first step towards cloud based SIEM solutions that need to be fast, intuitive and integrated without adding too much complexity.
A4S proposed combining Azure Sentinel with the already implemented A4S Monitor currently monitoring and alerting across their Windows infrastructure environment.
Security is automatically improved by the inbuilt capabilities of Sentinel such as:
Sentinels real-time out-of-the-box connectors for solutions such as Office 365, Azure AD, Cloud apps and more can potentially bring significant value.
Sentinels ready made dashboards and queries meant the solution could be implemented quickly and can be built upon in the future as our needs grow.
Azure Sentinel is a cloud-native intelligent security analytics solution for Enterprises. Azure sentinel is based on artificial intelligence (AI) to analyse any security threats that might be threatening your data, application, servers, or devices running on-premises or in the cloud.
Working together with A4S experts, SLH enjoyed a quick and simple move to Azure Sentinel. Now SLH used A4S Monitor to maintain visibility across the entirety of its Microsoft infrastructure, moving forwards; solutions with as Azure WAF and Azure Front Door, along with other host-based and web application firewalls, will then feed into Azure Sentinel and A4S Monitor.
“The ability to combine our Microsoft-based data with our other log data sources is what makes Azure Sentinel so powerful,” says Paul Aitken SLH IT Manager. “We now have incredible visibility across our hybrid cloud environment, all in one place.”
Even when the deployment was in progress it became obvious that data was being imported and inspected quickly, the team immediately was able to use the ‘out of the box’ reports and dashboards to begin viewing security related events and configurations.
Now that South Lakes Housing has connected many of its Microsoft cloud applications to Sentinel they’re able to detect and managed security events far quicker than before.
The client also appreciates the ease of implementation such as ‘out of the box’ connectors, reports, queries and alerts that make Sentinel a useful solution almost immediately.
Azure Sentinel grows with your business as it expand its infrastructure estate and moves into the cloud, when combined with solutions such as A4S Monitor to provide real time operational and security alerting the scope of protected solutions can include the below (and many more):
Sentinel is a cloud first SIEM solution that natively integrates into cloud environments, when combined with data capture from on-premise solution using either native connectors or Syslog. The result is a tremendously powerful hybrid cloud security solution giving total visibility of the client’s entire estate.
This particular deployment will start by focusing on specific areas of the IT security and can scale as needs grow, out of the box reports, connectors and queries mean the client is realising benefit immediately and has greatly improved their security posture.
If you have any questions about this deployment then please get in touch here.
Azure Sentinel is a cloud-native security information and event management (SIEM) solution from Microsoft. It provides intelligent security analytics and threat intelligence, helping organisations detect, prevent, and respond to threats in real-time. It leverages artificial intelligence and automation to reduce the complexity of threat detection and response.
Azure Sentinel enhances security visibility by integrating with multiple data sources, such as Office 365 and Azure Active Directory. This integration allows it to provide a comprehensive, unified view of security events across the entire organization. It uses advanced AI and machine learning algorithms to analyze data and identify potential threats, offering detailed insights and proactive threat detection.
Benefits of using Azure Sentinel include real-time threat detection and response, scalability to accommodate growing organisational needs, and the ability to integrate seamlessly with existing Microsoft and third-party security tools. It also offers automated incident response capabilities, reducing the time and effort required to address security incidents, and enhancing overall security posture.
Azure Sentinel integrates seamlessly with existing systems through built-in connectors that allow it to gather and analyse data from various sources, including Microsoft and third-party solutions. This integration enables comprehensive security monitoring and incident management, ensuring that all aspects of an organisation’s IT environment are protected and monitored continuously.
Azure Sentinel is ideal for hybrid cloud environments because it provides comprehensive visibility and protection across both on-premises and cloud-based systems. Its cloud-native architecture ensures that it can scale as needed, and its integration capabilities allow for a single pane of glass for monitoring and managing security threats across diverse environments. This ensures consistent security management and incident response regardless of where resources are located.
To see the wide range of projects we’ve worked on, click here to read other case studies.