Microsoft Azure Sentinel Third-Party Connectors
The shift to remote work amid the coronavirus pandemic has increased the need for organizations to re-evaluate their security and risk management practices, according to Alym Rayani, a senior director of security and compliance solutions at Microsoft.
“With employees accessing corporate data at times on home computers or sharing and collaborating in new ways, organizations could be at greater risk for data leak or other risks,” he said.
Microsoft saw 89 percent of customers move most of their employees to remote working during the pandemic, according to Rayani. Only 54 percent of chief information security officers said their operational resilience plans prepared them adequately for the crisis.
“With security threats becoming more daunting and sophisticated, and regulatory requirements more prevalent, the need for skilled security compliance consultants, architects and state-of-the-art managed services is more essential than ever before,” Rayani said.
Microsoft unveiled new third-party connectors for popular security offerings for Microsoft Azure Sentinel. The scalable, cloud-native, security information and event management (SIEM) and security orchestration automated response (SOAR) solution, which launched last year, helps collect security data across an entire hybrid organization, including devices, users, applications, servers and any cloud.
“Using these data sources, you can build a more complete picture of the threats that your organization faces, conduct deep threat hunts across your environment and use the power of automation and orchestration in the cloud to help free up your security analysts to focus on their highest-value tasks,” Rayani said.
The new third-party connectors, which have sample queries, dashboards and analytics, help collect security data, detect and respond to threats, and provide immediate security insight across partner solutions, including networks, firewalls, endpoint protection and vulnerability management. Third-party connectors are available for Alcide kAudit (Kubernetes logs), Vectra AI, Perimeter 81 (activity logs), Symantec Proxy SG, Symantec VIP, Pulse Connect Secure, Infoblox NIOS, Proofpoint TAP, Qualys VM, VMware Carbon Black, Okta SSO and RiskIQ (Azure Logic Apps custom connector).