This site is currently using a generated translation

Meet Sentinel - Microsoft's intelligent security tool

In a previous article, our security expert Thomas Öberg talked about SIEM systems, what they are and why you need one. In this article, Thomas presents Microsoft's own SIEM solution called Sentinel.

Sentinel is a complete SIEM solution

Simply put, a SIEM solution collects all the logs from your IT environment into one large database. Based on the collected logs from, for example, firewalls, clients, apps, cloud services, on-prem systems and logs from your Active Directory, SIEM searches for patterns and anomalies. Who is logging in where and accessing which app? What data is being shared or read frequently? SIEM creates a clear picture of what's happening in your IT environment in a way that's virtually impossible in a traditional security solution.

Furthermore, a modern SIEM has built-in capabilities to automatically manage events, alerts and intrusions, thereby enhancing security, plugging vulnerabilities and responding quickly to new threats.

Advanced security with Microsoft Sentinel

Sentinel from Microsoft does everything you'd expect from an advanced SIEM system. Sentinel becomes the tool that manages the increased exposure to threats as data and users move to the cloud. The Internet of Things, IoT, increases the amount of data you need to manage and all the digital touch points your business has with employees and customers add up to a complex environment that can be difficult to get an overview of. Sentinel leverages Artificial Intelligence (AI) and Machine Learning to manage all the data that needs to be analyzed to prevent threats and attacks.

When anyone can access your data from anywhere, can you trust anyone?

Sentinel is Microsoft's Zero Trust tool

Zero Trust is about viewing every event as a potential threat until proven otherwise. With a myriad of signals from a single user's login: location, network, device, what data or application the user is trying to access - it becomes almost impossible to set up rules in a traditional system. Here, AI can act in an agile manner, assessing the credibility of each login based on collected data and narrowing it down in steps based on threat level. For example, Sentinel can restrict access to sensitive documents for logins coming from an unexpected location. The next step could be to require multi-factor authentication (MFA) for users who use a secure device but connect from an unknown network. There may also be fixed rules such as not allowing rooted phones to log in at all.

Guide Zero Trust
Sentinel, together with Microsoft's cloud service Azure Active Directory (AD), offers the possibility to become an identity provider. This means that Azure AD becomes the central login service to other cloud services. The benefits of centrally managing all of a user's logins significantly increase security and ease of use.

Get started with Sentinel

Because Sentinel is a cloud service in Azure, there is no need to install servers or systems. What needs to be activated are licenses. Then your company needs to get a security policy in place, if you don't already have one. In order for Sentinel to know what is sensitive and needs extra protection, you should security clear documents and data. Screen your employees as well. Who needs access to what information? Review your licences. Not everyone needs to get up to the highest level of Microsoft 365, but those who handle business-critical information probably do.

By giving Sentinel access to as many logs as possible, the system is better able to make the right decisions quickly and protect your business.

Sentinel doesn't put users at a standstill

Sentinel will not close the doors to users, but Sentinel will be careful about who it lets in. Known users will be welcomed with open arms while unknown ones will be scrutinised. Sure, a known user out on a mission might be forced into multifactor authentication, but that's probably less of an inconvenience than a breach and losing all the data. Sentinel's main purpose is to enable secure data and user management in the cloud with all the benefits of flexibility and agile working the cloud offers.

Do you feel your business needs a more secure IT environment? Read our guide to modern IT security based on Zero Trust. It's always cheaper to prevent than to be prevented.