This helped them better serve their large customers that have similar challenges, requirements, and needs. Not only were our requirements met, but we were able to provide feedback and testing for the Microsoft Sentinel product team. This close collaboration meant that the product team could identify what enterprise-scale customers needed more quickly. We received significant incident-response benefits from Microsoft Sentinel while the product team worked with us as if we were a customer. Our engagement with the Microsoft Sentinel team addressed two sets of needs simultaneously. Throughout the assessment period and into migration, we worked closely with the Microsoft Sentinel product team to ensure that Microsoft Sentinel could provide the feature set we required. The issues that our previous solution presented narrowed our focus with respect to whether Sentinel would work, including throughput, agility, and usability. Some of these teams had mature monitoring and detection definitions in place, and we needed to understand those scenarios to accommodate feature-performance requirements. We aligned security teams across Microsoft to ensure that we met all requirements. To move to Microsoft Sentinel, we needed to verify that equivalent features and capabilities were available in the new environment. A broad set of out-of-the-box data connectivity and ingestion solutions.Sentinel is a Microsoft-developed, cloud-native enterprise SIEM solution that uses the cloud’s agility and scalability to ensure rapid threat detection and response through: In partnership with the Microsoft Sentinel product team, our internal security division assessed whether Sentinel would be a suitable replacement for our previous solution. In response to the challenges presented, we began assessing options for a new SIEM environment that would address the challenges positioning our team to manage continued growth of the cybersecurity landscape. Modernizing SIEM with Microsoft Sentinel We need our technology stack to evolve at the speed of our business. If we recruited employees from outside Microsoft, they needed to learn the new solution-including its complex on-premises architecture-from the ground up.Īs part of our ongoing digital transformation, we’re moving to cloud-based solutions with proven track records and active, customer-facing development and involvement. We needed to invest more resources in training and onboarding with the previous solution, because it was on-premises and customized to meet our requirements. The previous solution’s on-premises nature limited our ability to scale effectively and respond to changing business and security requirements at the speed that we required. On-premises scalability and agility issues.As the number of incoming cybersecurity events continued to grow, it became more evident that the solution we were using wouldn’t be able to maintain the necessary throughput for data ingestion. Ingesting data into the previous SIEM tool was time consuming due to limited ingestion processes. Limited ability to accommodate increasing incoming traffic.Some of the challenges when using the old tool included: However, we recognized several areas in which they could improve their service by implementing a next-generation SIEM tool. Historically, we have performed SIEM using a third-party tool hosted on-premises in Microsoft datacenters. Managing the massive volume of incoming security-related data is critical to Microsoft’s business health. Our team is responsible for maintaining security and compliance standards across Microsoft. Microsoft Sentinel supplies cloud-scale SIEM functionality that allows integration with crucial systems, provides accurate and timely response to security threats, and supports the SIEM requirements of our team. With Microsoft Sentinel, we can ingest and appropriately respond to more than 20 billion cybersecurity events per day. We recently implemented Microsoft Sentinel to replace a preexisting, on-premises solution for security information and event management (SIEM). Our internal security team works diligently 24 hours a day, 7 days a week to help protect Microsoft IP, its employees, and its overall business health from security threats.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |