Today, security needs are evolving faster than ever—and the importance of being agile and cost-effective has never been clearer. Security teams need to get more done, faster, with less budget. On-premises security information and event management (SIEM) solutions can’t keep up with these demands and are expensive to maintain. By embracing a cloud-native SIEM like Azure Sentinel, you can save money and enable your security operations team to be more effective.

According to an IDG survey of IT leaders, cloud-based SIEM solutions cost 11 percent less to support than on-premises solutions, since they drastically reduce infrastructure, licensing, and labor costs. Plus, that same survey found that cloud-based SIEM users missed fewer threats—only 43 percent of cloud SIEM users reported concerns about missed threats, compared to 66 percent of traditional SIEM users. This is likely because cloud adopters were twice as likely to utilize automation.

We know that right now, security operations teams need these cost savings and efficiency benefits more than ever. To help accelerate your move to the cloud, we’re pleased to announce an Azure Credit offer from Microsoft. For a limited time, get $25,000 of Azure credits when you ingest an average of 50GB/day into Azure Sentinel for three consecutive months.

This offer allows you to experience the benefits of the cloud firsthand by scaling up your Azure Sentinel deployment or accelerating your migration from an on-premises SIEM. With Azure Sentinel, you can get enterprise-wide intelligent security analytics, eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs – all while reducing IT costs.

Details of the $25,000 Azure Credit Offer

This offer is available for qualified customers starting September 1, for a limited time.

Customers must fulfill all the requirements below to be eligible for inclusion into the program:

• Must have a Microsoft Enterprise Agreement
• Must be a new Azure Sentinel customer or an existing customer ingesting less than an average of 5 GB of data per day over the last 6 months
• Must have access to a minimum of 10 E5 security suite licenses or component licenses. Qualifying products include:
  • Microsoft 365 E5
  • Microsoft 365 E5 security
  • Standalone products including Microsoft Defender Advanced Threat Protection, Office Advanced Threat Protection, Azure Advanced Threat Protection, Microsoft Cloud App Security (MCAS), Azure Active Directory P2, Advanced Threat Protection Plan 1, Advanced Threat Protection Plan 2
  • Other suites that include some of the standalone components above, such as Office 365 E5, Windows E5, Enterprise Mobility and Security E5

In order to qualify for the $25,000 Azure Credit Offer, customers must ingest an average of 50GB per day or more into Azure Sentinel for three consecutive full months (measured out of the previous four months to accommodate billing cycle alignment) following their inclusion into the program. This consumption excludes data consumption from other free offers, such as trials, Azure Pass, Azure Access Sponsorship, or ACO, as well as the free data sources offered in Sentinel.

Once a customer’s eligibility to receive the offer has been verified, the customer will receive the Azure credits within two billing cycles. The Azure credits will be available until either the next enrollment anniversary or the end of the customer’s EA term – whichever comes first.

Get started today

Contact your Microsoft representative to learn more about the qualification criteria and how to take advantage of this offer. Or, if you don’t have a Microsoft representative, reach out to sales to learn more about Azure Sentinel.

Visit our website to learn more about Azure Sentinel or Microsoft Security solutions. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Accelerate your adoption of SIEM using Azure Sentinel and a new offer from Microsoft appeared first on Microsoft Security Blog.

Research shows that, on average, 44% of security alerts that are raised by security solutions go uninvestigated. Organizations simply lack the time, tools, and talent to investigate and correlate every single alert. In many cases this results in a focus on alerts that are flagged as “critical” or “very important” and lower severity alerts are ignored. However, experience shows that investigating those lower severity alerts – and how they may be correlated to show more worrying combinations of actions – can reveal attacker behaviors that would otherwise fly under the radar.

Azure Sentinel is an incredibly powerful tool that can help you collect security data across your entire hybrid organization from devices, users, apps, servers, and any cloud. Using these data sources you can build a more complete picture of the threats that your organization faces, conduct deep threat hunts across your environment, and use the power of automation and orchestration in the cloud to help free up your security analysts to focus on their highest-value tasks.

Traditional SIEMs have proven to be expensive to own and operate, often requiring you to commit up front and incur high cost for infrastructure maintenance and data ingestion. Azure Sentinel provides you with SIEM-as-a-service and SOAR-as-a-service for the SOC: your birds-eye view across the enterprise; putting the cloud and large-scale intelligence from decades of Microsoft security experience to work. Following the best practices outlined within this white paper will help you eliminate security infrastructure setup and maintenance and provide you with scalability to meet your security needs— all while reducing costs and increasing visibility and control. 

For more information on Microsoft Security Solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Making Azure Sentinel work for you appeared first on Microsoft Security Blog.