Defender for Cloud + Sentinel - How to futureproof your cybersecurity
Now more than ever is the time to update your organization’s security to meet future challenges. This article discusses how we build futureproof security by combining the features of Microsoft Defender for Cloud and Microsoft Sentinel.
This blog is a translation of an article I wrote in finnish to my employer Sulava's blog.
Now more than ever is the time to update your organization’s security to meet future challenges. This article discusses how we build futureproof security by combining the features of Microsoft Defender for Cloud and Microsoft Sentinel.
Microsoft's rich security tools are ready for today's and tomorrow's threats, which is why we at Sulava have been working with them for a long time. Microsoft recently merged Azure Security Center and Azure Defender into a new Microsoft Defender for Cloud, as this name more accurately reflects the scope of the product's features. The product was not just a control panel for Azure’s resource security alerts, but a comprehensive product for maintaining security across your entire cloud infrastructure.
Many features of Defender for Cloud, such as Secure Score, provide a quick overview of the security status of an organization's cloud resources, at no extra charge. In addition, the product also provides support for monitoring and maintaining the security status of servers located in on-premise data centers in hybrid environments.
Microsoft Sentinel, on the other hand, is a cloud-based SIEM / SOAR solution built on Azure. Sentinel specializes in collecting together and drawing conclusions from the log data of many data points. Sentinel does not focus on just one resource type or component, but is able to identify and respond extensively to attacks across the organization that do not appear to be a concern when examining a single device. These responses, or SOAR capabilities, are easily automated, speeding up response time to threats, stopping them faster than humans.
So will Sentinel completely replace Defender for Cloud? Not so much, as the services support each other. Where Sentinel makes it easier for an organization to manage day-to-day security and investigate alerts, Defender for Cloud provides better tools for properly configuring and building the environment. Sentinel, for its part, does not comment on configurations and does not recommend fixes to settings, unlike Defender for Cloud, which raises these issues as soon as the environment is deployed. Sentinel also does not include some useful features of Defender for Cloud, such as Endpoint Detection and Response (EDR) functionality.
Why combine these?
Sentinel is already deployed in many organizations, especially for managing and investigating security alerts in Azure Active Directory and other Microsoft 365 environments. At times, however, it is forgotten that systems that monitor the security of cloud services, such as Defender for Cloud, can also be connected to Sentinel. Of course, this works best with an Azure environment, which protects all resources, but Defender for Cloud also offers simpler virtual machine protection in other cloud services, not just Azure.
Combining the two is worthwhile because it provides the organization with clarity and ease in managing security. Once connected to the Sentinel Dashboard, Defender for Cloud alerts will be found among other environment alerts and no longer need to be checked from a different panel. Sentinel’s playbooks make automation more efficient and easier to maintain, allowing attacks to be stopped in record time. Defender for Cloud, along with other security products from Sentinel and Microsoft, provides industry-leading Extended Detection and Response (XDR) capabilities for managing and maintaining your organization's security.
However, the full and effective use of these tools requires resources from the organization to review Sentinel reports and alerts, among other things. Security issues can no longer be swept under the rug in 2022, so you should also check out Sulava's SOC service, which is built on top of Microsoft Sentinel. The use of Sentinel enables the agility and low operational costs of the SOC service, which is why it has been an easy addition to the security of many organizations.
Sulava is a born-in-the-cloud Microsoft-focused consultancy company serving clients all over Finland and the United Arab Emirates.