Microsoft Azure Security Monitoring With Securonix

Secure Your Cloud Platform From Identity Attacks, Advanced Threats, Malware, Phishing, and More

Azure handles many things for enterprises today – from identity (with Azure Active Directory (AD)) and email (Microsoft Exchange), to cloud resource provisioning and a full featured platform as a service (PaaS) environment. These services, however, also provide a broad attack surface to be exploited through identity, malware, phishing, and other advanced threats. These threats can be perpetrated by external attackers or malicious insiders with legit privileges.

 

Multi-Point, Multi-Level Integrated Security

By connecting to multiple sources logs, Securonix ensures constant threat monitoring of Azure. In addition to standard benefits, such as analyzing user entitlements and events to look for malicious activity, the platform also supports multiple built-in Microsoft Azure specific use cases. It correlates cloud-based data with data from on-premises sources (such as Active Directory) to add entity context information and analyze the end-to-end activities of users. Securonix threat modeling then automatically stitches together anomalies over a period to detect and prioritize high risk threats.

Through integrations with Azure Sentinel, Security Center, and Windows Defender, Securonix is able to leverage Microsoft security infrastructure and collate all threat information into a single source of truth.

A Complete, Comprehensively Secure Cloud Environment for Your Enterprise

  • Identify sensitive data movement and suspicious login activity.

  • Monitor unauthorized and/or unexpected activities.

  • Detect privilege misuse or compromise.

  • Detect unauthorized sharing and data exfiltration.

Streamlined Integration

Multi-point API integration allows you to collect relevant events from multiple data sources.

Context Enrichment

Events are enriched with additional context.

Threat Modeling

Detect suspicious behavior patterns which indicate an advanced threat.

Data Insights

Visualize activities and changes with customizable dashboards and reports.

Securonix Integration with Microsoft Azure

Securonix has built-in API integration with multiple Microsoft Azure components, collecting data from Microsoft Office 365, multiple Azure APIs, and the Microsoft Management and Reporting API.

Events collected include:

  • Windows Defender and Azure Security alerts
  • Azure AD, Azure access and identity management logs
  • Azure administrative logs (instance creation, privilege changes, and others)
  • Office 365, Windows Defender, and Azure Sentinel logs
  • Azure AD authentication events
  • Azure resource and service health
Securonix has built-in API integration with multiple Microsoft Azure components, collecting data from Microsoft Office 365, multiple Azure APIs, and the Microsoft Management and Reporting API.
Securonix collects data from Microsoft Azure and enriches it with user and entity context. Enriched events are then analyzed for behavioral anomalies using various machine learning algorithms.

Securonix Use Cases for Microsoft Azure

Securonix collects data from Microsoft Azure and enriches it with user and entity context. Enriched events are then analyzed for behavioral anomalies using various machine learning algorithms.

Common use cases include:

  • Detect suspicious instance and resource usage, permission changes, downloads
  • Detect account compromise
  • Identify phishing attempts
  • Identify suspicious email patterns
  • Spot unauthorized account permission changes
  • Detect credential sharing
  • Identify privileged account misuse
  • Locate insider threats
  • Identify suspicious login events
  • Detect password attacks
  • Detect advanced threats

Securonix Threat Modeling

Individual anomalies can be important, but finding patterns based on a series of anomalies is critical. Securonix uses behavior-based analytics to detect suspicious behaviors such as a rare login location or a spike in email forwards.

Direct API integration with Microsoft Office 365, Azure AD, and other cloud sources provides the Securonix solution with the relevant event logs. Securonix correlates events with contextual information from other on-premises data feeds, such as Active Directory watchlists. Securonix threat modeling then automatically stitches together related anomalies over a period to detect and prioritize high risk threats.

office1D
office1E

Monitoring Microsoft Azure Using Securonix

Securonix enables end-to-end monitoring and visualization to prevent against advanced insider and cyber threats. Securonix provides you with dashboards to visualize your Azure environment, so you can monitor for events and violations. The dashboards are shareable and can be customized as needed.

Securonix Fusion Partner Program

Securonix Fusion Partners are committed to providing you with robust integrated solutions.