“Think about the quickest way to get from where you are now to where you want to be using Azure Sentinel.”
When implementing Microsoft Azure Sentinel, you must
• understand what you want to accomplish through Microsoft Azure Sentinel, which both monitors and orchestrates automated responses to events;
• understand the IT assets in your environment, endpoints, servers, network devices, clouds, and applications. Think about how much data from your environment Azure Sentinel must consume to achieve your objectives; and
• think about the quickest way to get from where you are now to where you want to be using Azure Sentinel.
Azure Sentinel pulls in data from many sources, which makes it uniquely effective for managing security from a single portal—especially important as companies move more of their assets into the cloud. Azure Sentinel works with more than Microsoft products, as well. It can monitor Amazon Web
Services (AWS), Google Cloud Platform (GCP), and other clouds with application programming interface hooks. Being able to see Azure, AWS, and GCP in one place is valuable because most corporate models today use multiple clouds. Some security information event management solutions have this capability on their technology roadmap, but Microsoft is already there.
This is an excerpt from 7 Experts on Implementing Azure Sentinel. This eBook was generously sponsored by BlueVoyant.