South Lakes Housing Increases Security & Visibility With Azure Sentinel
South Lakes Housing (SLH) is rapidly moving it’s IT infrastructure and applications into the cloud and is starting to embrace the many cloud solutions on offer within Azure cloud such as Azure Sentinel to greatly improve its security posture.
For SLH security is always high on the agenda hence the decision was made to dramatically enhance its security visibility across it’s estate through the use of Microsoft’s cloud security information and event management solution (SIEM) Azure Sentinel.
The Need
South Lakes Housing has moved much of its information assets into Office 365 platforms such as Exchange Online and OneDrive, their authentication is integrated into Azure Active Directory to enable seamless sign in. With such critical functions hosted in the cloud it becomes even more important to establish and maintain a capability to detect and manage security attacks.
SLH needed a security view across their Office 365 estate that would highlight suspicious activities that may indicate a risk to the business and its data, with its deep native integration into Office 365; Sentinel is able to hunt for and report on such events with ease.
Despite having a new cloud first strategy many of the clients toolsets are traditional on-premise solutions, Sentinel would be the clients first step towards cloud based SIEM solutions that need to be fast, intuitive and integrated without adding too much complexity.
The Solution
A4S proposed the combination of Azure Sentinel combined with the already implemented A4S Monitor currently monitoring and alerting across their Windows infrastructure environment.
Security is automatically improved by the inbuilt capabilities of Sentinel such as:
- Gain a single security focused view of data across users, infrastructure, devices and applications.
- Scale the solution to meet your needs.
- Leverage the benefits of cloud artificial intelligence and machine learning.
- Manage, automate and speed responses to security events.
Sentinels realtime out of the box connectors for solutions such as Office 365, Azure AD, Cloud apps and more have the potential to bring significant value.
Sentinels ready made dashboards and queries meant the solution could be implemented quickly and can be built upon in the future as our needs grow.
What Is Azure Sentinel?
Azure Sentinel is a cloud native intelligent security analytics solution for Enterprises. Azure sentinel is based on artificial intelligence (AI) to analyze any security threats which might be threatening your data, application, servers, devices running on-premises or in the cloud.
Ease Of Implementation
Working together with A4S experts, SLH enjoyed a quick and simple move to Azure Sentinel. Now SLH used A4S Monitor to maintain visibility across the entirety of its Microsoft infrastructure, moving forwards; solutions with as Azure WAF and Azure Front Door, along with other host-based and web application firewalls, will then feed into Azure Sentinel and A4S Monitor.
“The ability to combine our Microsoft-based data with our other log data sources is what makes Azure Sentinel so powerful,” says Paul Aitken SLH IT Manager. “We now have incredible visibility across our hybrid cloud environment, all in one place.”
Even when the deployment was in progress it became obvious that data was being imported and inspected quickly, the team immediately was able to use the ‘out of the box’ reports and dashboards to begin viewing security related events and configurations.
Results
Now that South Lakes Housing has connected many of its Microsoft cloud applications to Sentinel they’re able to detect and managed security events far quicker than before.
The client also appreciates the ease of implementation such as ‘out of the box’ connectors, reports, queries and alerts that make Sentinel a useful solution almost immediately.
Future Growth
Azure Sentinel grows with your business as it expand its infrastructure estate and moves into the cloud, when combined with solutions such as A4S Monitor to provide real time operational and security alerting the scope of protected solutions can include the below (and many more):
- Firewalls
- Anti-Virus End Points
- Hypervisors
- Syslog
Conclusion
Sentinel is a cloud first SIEM solution that natively integrates into cloud environments, when combined with data capture from on-premise solution using either native connectors or Syslog. The result is a tremendously powerful hybrid cloud security solution giving total visibility of the client’s entire estate.
This particular deployment will start by focusing on specific areas of the IT security and can scale as needs grow, out of the box reports, connectors and queries mean the client is realising benefit immediately and has greatly improved their security posture.