Security management on a large scale can benefit from a dedicated security information and event management (SIEM) system. A SIEM system aggregates security data from many different sources (as long as those sources support an open-standard logging format). It also provides capabilities for threat detection and response.
Azure Sentinel is Microsoft’s cloud-based SIEM system. It uses intelligent security analytics and threat analysis.
Azure Sentinel enables you to:
Collect cloud data at scale: Collect data across all users, devices, applications, and infrastructure, both on-premises and from multiple clouds.
Detect previously undetected threats: Minimize false positives by using Microsoft’s comprehensive analytics and threat intelligence.
Investigate threats with artificial intelligence: Examine suspicious activities at scale, tapping into years of cybersecurity experience from Microsoft.
Respond to incidents rapidly: Utilize built-in orchestration and automation of common tasks.