Microsoft today took Azure Sentinel out of public preview and into general availability, making it an official Azure service. With Azure Sentinel, Microsoft has now officially entered the SIEM market.
SIEM stands for security information and event management (SIEM) and is a type of software used by cyber-security teams.
SIEM products can be cloud-based systems or locally-running apps. They work by gathering information from different sources, such as OS, application, antivirus, database, or server logs, and analyzing these large quantities of data for anomalies or signs of a security incident.
Because of their ability to spot the needle in the haystack,SIEM products have become widely adopted in enterprise networks, where cyber-security departments need to keep an eye on hundreds, if not thousands, of threat indicators.
Microsoft’s new Azure Sentinel service works in the same manner, except it’s also deeply integrated with Microsoft’s cloud services, such as Office 365 and the other Azure offerings, making it a go-to solution for companies running on Azure-first infrastructure.
Nonetheless, Azure Sentinel also supports importing data from a large number of third-party software solutions, and will also handle importing from any custom data streams in the Common Event Format (CEF).
Microsoft announced Azure Sentinel in February this year, when it launched the cloud-based SIEM into a public preview, ahead of the RSA cyber-security conference.
The company said Sentinel’s main feature was the use of machine learning and artificial intelligence (AI) to analyze incoming data and adapt to evolving threats.
Pay-as-you-go pricing is $2.46 per gigabyte (GB) of data analyzed by Azure Sentinel. Other pricing schemes are also available.