How to Add Managed Detection and Response to Azure Sentinel and Microsoft Defender

Written by: Jason Meilleur
Published: August 11, 2021




    Businesses of all sizes worldwide have been downsizing their local data centers and moving their critical business applications, storage, and infrastructure to cloud solutions. The result has been considerable cost savings, realization of expanded digital transformation initiatives, support for remote workers, and better customer experiences.

    Despite the overwhelming success of the cloud computing model in recent years, there’s a dark side, too: The migration of valuable business data to the cloud has attracted enterprising cybercriminals who will stop at nothing to steal data, sabotage systems, and cause general mischief.

    And despite the development of automated tools to detect and mitigate cyberattacks, the tools go only so far. Whether IT security experts or entry-level end-users, humans are the last line of cybersecurity defense for any organization. With this challenge, we start to understand how the managed detection and response model came about.

    Cloud Security

    Most cloud computing platforms offer robust security tools, but they are often not configured or enabled automatically as part of a cloud deployment. Many cloud customers are not even aware of their providers’ security options–they believe that it’s part of the package and that they are protected from day 1.

    This is a dangerous misconception, but one that is easily remediated with a little education. In the case of Microsoft’s cloud service offerings, there are three related security options:

    • Azure Sentinel is an AI-based security information and event management (SIEM) tool that integrates with Microsoft Defender products and sends alerts to appropriate personnel.
    • Microsoft 365 Defender is an extended detection and response (XDR) system that monitors Microsoft 365 environments for threats.
    • Azure Defender is similar to Microsoft 365 defender, but for Azure cloud service environments.

    Taking advantage of these products is as simple as activating the appropriate licenses and performing some configurations.

    Taking Cloud Security to the Next Level: Managed Detection and Response

    A new security service model has been developed in recent years that adds an extra human layer to tools-based security measures: managed detection and response (MDR).

    In the MDR model, a security operations center (SOC) staffed around the clock by experts in security detection, and response monitors clients’ cloud computing environments and tools (such as Azure Sentinel and Defender). The SOC takes proactive steps when a threat is detected to lock down applications, services, and endpoints (user devices) as necessary to ward off attacks or contain the damage if a breach occurs.

    The MDR model is superior to tools-only models because cybercriminals are quite good at working around automated security systems. Trained human experts can characterize the nature of a detected attack and determine and execute appropriate actions with greater reliability than an automated system alone.

    360 Visibility and MDR

    The MDR service landscape is new and evolving. Still, given the increasing sophistication with which cybercriminals are circumventing traditional approaches to cybersecurity, MDR is poised to become the go-to security model for businesses large and small.

    If your organization’s IT environment is already in the cloud or if you have plans to migrate to the cloud, MDR might be a prudent approach to your cloud security. If so, or if you still have questions about MDR, contact 360 Visibility today. We can help you navigate the often confusing MDR landscape and engage with a reputable MDR service provider.

    Related Posts