Modern XDR + SOC using Azure Sentinel

Share This Post

Share on linkedin
Share on facebook
Share on twitter
Share on email

Microsoft recently announced its new approach with Extended Detection and Response (XDR) to deliver intelligent, automated, and integrated security across domains to help defenders connect seemingly disparate alerts and get ahead of attackers. At the same time, Microsoft announced its unique approach for a Modern SOC by integrating SIEM and XDR solutions together. Microsoft offers its SIEM and SOAR capabilities with their new serverless offering which is Azure Sentinel. I did write in detail about Azure Sentinel in my last article.

Based on the customer feedback from the field, we realized that there was a pressing need to bring in all the Microsoft Security threat detection solutions under one roof. The below reference architecture provides a complete understanding of various Microsoft Security solutions (XDR + SIEM) and their native as well as third party solution integrations. The architecture also includes a CISO dashboard developed by kloudynet to provide full visibility across all the security products, multiple cloud platforms (Azure, AWS, GCP), and the organization’s security posture.

Modern XDR + SOC Architecture

Click here to download the image in the formats: SVG, PDF or PNG

Microsoft Defender

Microsoft Defender is offered as, Microsoft 365 Defender for end-user environments and Azure Defender for cloud and hybrid infrastructure.

Microsoft 365 Defender

Microsoft 365 Defender delivers XDR capabilities for identities, endpoints, cloud apps, and emails. Microsoft 365 Defender includes the below technologies

  • Microsoft Defender for Endpoint
  • Microsoft Defender for Office 365
  • Microsoft Defender for Identity
  • Azure Active Directory Identity Protection
  • Microsoft Cloud App Security

Azure Defender

Azure Defender delivers XDR left capabilities to protect multi-cloud and hybrid workloads, that includes below capabilities

  • Azure Defender which covers
    • Servers (VMs running on Azure or anywhere using Azure Arc)
    • App Service
    • SQL servers on machines
    • Azure Storage
    • Kubernetes
    • Container Registries
    • Azure Key Vault
  • Azure Defender for IoT
  • Azure Defender for SQL

Azure Sentinel

The XDR capabilities of Microsoft Defender delivered through Azure Defender and Microsoft 365 Defender provides rich insights and prioritized alerts, but to gain visibility across your entire environment and include data from other security solutions such as firewalls and existing security tools, we connect Microsoft Defender to Azure Sentinel, Microsoft cloud-native SIEM.

Special thanks to Ahsim Nisar (Technical Specialist, Cyber Security) for providing guidance and technical inputs to build the architecture diagram

 

Fahad, Founder & CEO, kloudynet Technologies

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Cybersecurity

Modern XDR + SOC using Azure Sentinel

Microsoft recently announced its new approach with Extended Detection and Response (XDR) to deliver intelligent, automated, and integrated security across domains to help defenders connect

small_c_popup.png

Let's have a chat

Happy to help you with Digital Transformation

What type of projects are you interested in?
Where can we reach you?
What would you like to discuss?