Azure Sentinel was announced in February and has been running in preview since then. Microsoft says over the preview window, it has been working with partners to tweak Sentinel into a production-ready solution. “Traditional on-premises SIEMs require a combination of infrastructure costs and software costs, all paired with annual commitments or inflexible contracts. We are removing those pain points, since Azure Sentinel is a cost-effective, cloud-native SIEM with predictable billing and flexible commitments.” Indeed, Redmond took “feedback from 12,000 customers”, according to Ann Johnson, corporate vice president for MS Cybersecurity Solutions Group. Johnson says one of the things that makes Sentinel stand out is its low maintenance compared to other SIEM services. Sentinel works with Azure to provide “cloud-native Security Information and Event Management (SIEM) tool.” Sentinel works by gathering huge quantities of data from cloud-based services, such as Office 365 third-party offerings. Powered by AI, Sentinel can work with inner-organizational machine learning tools to reduce “alert fatigue”.
Availability
As is becoming the norm for Microsoft, Sentinel supports open standard like the Common Event Format (CEF). It is also compatible with several major third-party security solutions, such as Cisco, F5, Palo Alto, and Symantec. Another benefit of Azure Sentinel is that customers can pay for what you use. Organizations are billed only on the data stored in Azure Monitor Log Analytics workspace. However, through the Capacity Reservations option, billing is on a “fixed fee based on the selected tier”. On the pricing page, Microsoft says a 100GB per day capacity costs $123 per day, with 500GB per day costing $492 per day.