• Protecting on-premises Exchange Servers against recent attacks - Read More
  • Attack simulation training in Microsoft Defender for Office 365 now Generally Available - Read More
  • 5 steps to enable your corporate SOC to rapidly detect and respond to IoT/OT threats - Read More
  • Modern XDR + SOC using Azure Sentinel - Read More
  • Password-Less in Organizations - Read More
KloudyNet

Modern XDR + SOC using Azure Sentinel

1st December 2020 / in Cybersecurity / by

Kloudynet Blog

Microsoft recently announced its new approach with Extended Detection and Response (XDR) to deliver intelligent, automated, and integrated security across domains to help defenders connect seemingly disparate alerts and get ahead of attackers. At the same time, Microsoft announced its unique approach for a Modern SOC by integrating SIEM and XDR solutions together. Microsoft offers its SIEM and SOAR capabilities with their new serverless offering which is Azure Sentinel. I did write in detail about Azure Sentinel in my last article.

Based on the customer feedback from the field, we realized that there was a pressing need to bring in all the Microsoft Security threat detection solutions under one roof. The below reference architecture provides a complete understanding of various Microsoft Security solutions (XDR + SIEM) and their native as well as third party solution integrations. The architecture also includes a CISO dashboard developed by kloudynet to provide full visibility across all the security products, multiple cloud platforms (Azure, AWS, GCP), and the organization’s security posture.

Modern XDR + SOC Architecture

Click here to download the image in the formats: SVG, PDF or PNG

Microsoft Defender

Microsoft Defender is offered as, Microsoft 365 Defender for end-user environments and Azure Defender for cloud and hybrid infrastructure.

Microsoft 365 Defender

Microsoft 365 Defender delivers XDR capabilities for identities, endpoints, cloud apps, and emails. Microsoft 365 Defender includes the below technologies

  • Microsoft Defender for Endpoint
  • Microsoft Defender for Office 365
  • Microsoft Defender for Identity
  • Azure Active Directory Identity Protection
  • Microsoft Cloud App Security

Azure Defender

Azure Defender delivers XDR left capabilities to protect multi-cloud and hybrid workloads, that includes below capabilities

  • Azure Defender which covers
    • Servers (VMs running on Azure or anywhere using Azure Arc)
    • App Service
    • SQL servers on machines
    • Azure Storage
    • Kubernetes
    • Container Registries
    • Azure Key Vault
  • Azure Defender for IoT
  • Azure Defender for SQL

Azure Sentinel

The XDR capabilities of Microsoft Defender delivered through Azure Defender and Microsoft 365 Defender provides rich insights and prioritized alerts, but to gain visibility across your entire environment and include data from other security solutions such as firewalls and existing security tools, we connect Microsoft Defender to Azure Sentinel, Microsoft cloud-native SIEM.

Special thanks to Ahsim Nisar (Technical Specialist, Cyber Security) for providing guidance and technical inputs to build the architecture diagram

 

Fahad, Founder & CEO, kloudynet Technologies