Platforms

Microsoft Sentinel

MICROSOFT SENTINEL 

Standing watch, by your side. Intelligent security analytics for your entire enterprise. 

Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

Respond to incidents rapidly with built-in orchestration and automation of common tasks

Powered by Microsoft
Built on the Azure platform and powered from the cloud, Microsoft Sentinel is a cutting-edge SIEM solution designed to help security teams collect and analyse large amounts of data to catch emerging network threats before they cause harm. 

Enterprise Integration
Microsoft Sentinel seamlessly integrates with other Azure services as well as best-of-breed security tools and custom collectors. 

Advanced AI
Leveraging Microsoft’s decades of cybersecurity experience, Microsoft Sentinel uses machine learning and advanced artificial intelligence to hunt down network threats at scale accurately. 

Eliminate Security Infrastructure
Deployed in the cloud, Microsoft Sentinel can elastically scale to fit the needs of any organization without adding unnecessary infrastructure and maintenance costs. 

Office 365 Data Import
Quickly connect Office 365 data to Microsoft Sentinel and start analyzing your data for threats in real-time. 

Data Collection and Aggregation
Microsoft Sentinel seamlessly integrates with a variety of native and 3rd party data sources, granting security teams the ability to collect and analyze massive amounts of network data across deployments, users, applications, and devices each second. Microsoft Sentinel automatically correlates abnormal event data and create a case for immediate analysis and response. 

  • Collects user, application, server, and device data on-premise or in the cloud

     

  • Built-in connectors for simplified onboarding of popular security tools 
  • Real-time solution integration

     

  • Extensive architecture to support custom collectors
     

Security Orchestration and Automation
Microsoft Sentinel can be used to automate everyday security tasks, such as event alerts, threat responses, and process workflows to streamline company security efforts from end to end. In-house teams can choose to create their workbooks or leverage existing workbooks to create highly-efficient, automated security processes for detecting and mitigating network threats. 

  • Pre-built and customizable playbooks 
  • Integrates with over 200 data connectors

     

  • Setup automated threat responses

  • Integration with Azure Logic Apps to automate workflows  

Alert Visibility and Analytics
Microsoft Sentinel gives security teams live insight into network traffic through a variety of rich user displays and interactive dashboards. From there, analysts can attend to high-priority alerts with relevant context into the location of the activity, the type of threat detected, a timeline of events, and several other useful data points the team may need to mitigate the threat successfully. 

  • Instant visualization and analysis of network data

     

  • Pre-built and customizable dashboards

  • Event log and query analytics

  • Graph-powered machine learning

  • Integration with Azure Advanced Threat Protection  

Threat Hunting
For organizations that prefer to maintain a human layer to their threat-hunting efforts, Microsoft Sentinel gives security teams a set of intelligent search and query tools their analysts can use to unearth threats and catch other suspicious behavior that may have passed under the radar. 

  • Built-in queries to get threat hunters familiar with tables and query language

     

  • Create your bookmarks to revisit suspicious findings

  • Create threat hunting playbooks (SOPs) to document investigation steps 
  • Query storage data

     

  • Access to community resources 
Cloud Adoption and Migration (Sidebar)