The Microsoft Azure Lighthouse product group is worked up to launch a weblog collection masking areas in Azure Lighthouse the place we’re investing to make our service supplier companions and enterprise prospects profitable with Azure. Our first weblog on this collection covers a high space of consideration for corporations worldwide—Safety with concentrate on how Azure Lighthouse can be utilized alongside Microsoft’s Azure Sentinel service to construct an environment friendly and scalable safety apply.
At present, organizations of all sizes want to scale back prices, complexity, and acquire efficiencies of their safety operations. As cloud safety options assist meet these necessities by offering flexibility, simplicity, pay to be used, computerized scalability and safety throughout heterogenous environments, increasingly more corporations are embracing cloud safety options.
Whereas reaching efficiencies is the necessity of the hour, organizations are additionally confronted with scarcity of safety specialists available in the market. Right here is the place there may be super potential for service suppliers to fill this hole by constructing and providing safety providers on high of cloud safety options. Earlier than diving deeper, let me begin with a quick introduction to Azure Lighthouse and Azure Sentinel.
Azure Lighthouse helps service suppliers and huge enterprises handle environments of a number of prospects or particular person subsidiaries, at scale from inside their single centralized management aircraft. Because the launch of Azure Lighthouse at Inspire, Azure Lighthouse has seen wide adoption from each service suppliers and enterprises, with hundreds of thousands of Azure sources being managed at scale throughout heterogenous environments.
Azure Sentinel is a cloud native safety data occasion administration (SIEM) and safety orchestration automated response (SOAR) answer from Microsoft. It permits assortment of safety information at scale throughout your whole enterprise together with Azure providers, Microsoft 365 providers or from hybrid environments,from hybrid environments, akin to different clouds, firewalls, and accomplice safety instruments. Azure Sentinel additionally makes use of built-in AI and superior querying capabilities to detect, examine, reply to and mitigate threats effectively.
We are going to now have a look at how you should utilize each these providers collectively to architect a scalable safety apply.
To begin constructing a safety apply that scales throughout a number of buyer environments for a service supplier or helps organizations centrally monitor and handle the safety operations throughout their particular person subsidiaries, we advocate utilizing a distributed deployment and centralized administration mannequin. That is the place you deploy Azure Sentinel workspaces throughout the tenant that belongs to the shopper or subsidiary (information stays domestically throughout the buyer’s or particular person subsidiary’s surroundings) and handle it centrally from inside a service supplier’s or from a central safety operations heart (SOC) unit’s tenant inside a company.
You may then leverage Azure Lighthouse’s capabilities to handle and carry out safety operations from the central managing tenant on the Azure Sentinel workspaces situated within the managed tenant. To be taught extra about this mannequin and its applicability to your state of affairs, learn Extend Azure Sentinel across workspaces and tenants.
To deploy and configure these workspaces at scale, each Azure Sentinel and Azure Lighthouse supply highly effective automation capabilities that you should utilize successfully with CI/CD pipelines throughout tenants. Here’s what ITCSecure, Managed Safety Providers Supplier and Microsoft Associate primarily based in London has to say:
“With Azure Lighthouse’s ability to get delegated access to a customer’s environment and the powerful automation capabilities of both Azure Lighthouse and Azure Sentinel, we are now able to leverage a common set of automations to deploy Azure Sentinel. In real terms, this enables us to configure Azure Sentinel with existing content like queries and analytical rules. This has resulted in significant reductions in customer onboarding times, reducing delivery times from months to a few weeks and even a few hours in certain scenarios. This has enabled us to scale our onboarding processes and practices significantly and delivers faster ROI for our customers. Azure Lighthouse has also provided greater transparency and visibility for our customers, where they can clearly see work delivered. We run queries and apply workbooks across our customer’s subscriptions, deploy playbooks in our customer’s tenants, all from a central pane of glass, further adding to the overall speed of delivery of our service.” —Arno Robbertse, Chief Govt, ITC Safe
Risk searching and investigation via cross-tenant queries
Operating queries to seek for threats and as a subsequent step investigating them is a necessary a part of a SOC analyst’s job. With Azure Lighthouse, you possibly can deploy Log Analytics queries or hunting queries within the central managing tenant (preserving IP for a service supplier) and run these queries throughout the managed tenants utilizing the union operator and workspace expression.
Visualizing and monitoring information throughout buyer environments
One other know-how that works effectively throughout tenants is Azure Monitor Workbooks, Azure Sentinel’s dashboarding know-how. You may select to deploy workbooks within the managing tenant or managed tenant per your necessities. For workbooks deployed within the managing tenant, you possibly can add a multi-workspace selector inside a workbook (in case it doesn’t have one already constructed into it), to visualise and monitor information and primarily get information insights throughout a number of workspaces and throughout a number of prospects/subsidiaries if wanted.
Automated responses via playbooks
Security Playbooks can be utilized for computerized mitigation when an alert is triggered. The playbooks will be deployed both within the managing tenant or the person managed tenant, with the response procedures configured primarily based on which tenant’s customers might want to take motion in response to a safety risk.
Xcellent, a managed providers supplier and Microsoft accomplice primarily based in Netherlands has benefited from entry to a central safety answer powered by Azure Sentinel and Azure Lighthouse, to watch the completely different Microsoft 365 elements throughout buyer tenants. Response administration and querying towards their buyer base has additionally turn out to be extra environment friendly—dropping Xcellent’s normal response time to lower than 45 minutes and allowed the crew to create a extra proactive safety answer for his or her prospects.
Cross-tenant incident administration
Multiple workspace incident view facilitates centralized incident monitoring and administration throughout a number of Azure Sentinel workspaces and throughout Azure Lively Listing (Azure AD) tenants utilizing Azure Lighthouse. This centralized incident view enables you to handle incidents straight or drill down transparently to the incident particulars within the context of the originating workspace.
Assets to get you began
Azure Lighthouse extends Azure Sentinel’s powerful security capabilities that will help you centrally monitor and handle safety operations from a single interface and effectively scale your safety operations throughout a number of Azure tenants and prospects.
The next sources will enable you get began: