For the last couple of years, Microsoft has invested heavily in the Defender brand and ecosystem. This typifies a wider shift in Microsoft’s strategy away from developing disparate portals and products to a more streamlined, centralised Security Operations platform. The change effectively aligns Microsoft with other market competitors, including the adoption of an XDR (extended detection and response) title for the whole Defender stack.
Microsoft Sentinel (formerly Azure Sentinel) has, however, always existed on the outside. Created almost four and a half years ago, Sentinel is Microsoft’s answer for customers comfortable within the Microsoft ecosystem who are looking for a cloud-native SIEM. Built upon the foundations of pre-existing Azure technologies such as Log Analytics, Azure Monitor and Logic Apps, Sentinel has quickly found a place in the market amongst even the most well-established SIEM vendors.
It should then come as no surprise that Microsoft, after several years of pouring development resources into Defender and its capabilities, is ready to bring the two platforms together. Microsoft has just made public the ability to connect a Sentinel workspace to your Defender tenant.
This change smoothly integrates Sentinel’s UI into the main Defender portal, creating a new section in the navigation blade:
Most of the important Sentinel menus can now be found directly within the Microsoft Sentinel blade, including Data Connectors, Workbooks, MITRE ATT&CK coverage and Analytics Rules. The menus for which can all be found natively tied into Defender:
Perhaps the most impactful development beyond the visual changes is the ability to query Sentinel tables straight from the Advanced Hunting blade:
This allows analysts to utilise some of Defender’s built-in correlation features, such as the ability to click on an IP address and immediately see geolocation information, reputation, and where else that IP has been seen in the environment.
Like any tools, Sentinel and Defender are only as effective as the team managing them, and ongoing staff training is required to get the most out of these platforms. Intalock offers a range of related services including Microsoft optimisation services and Managed Detection and Response (MDR).
We utilise the latest cutting-edge solutions to provide cyber protection that minimises your risk profile and enhances overall organisational resilience. Contact us for more information about your cyber security requirements today.
