2020 has been a transitional year, ushering in broad changes in how, and where, “were working”. Security procedures( SecOps) teams face more significant challenges than ever as they protect the organization in this rapidly changing environment. These teams need a flexible, cost-effective, and efficient solution to empower their employees, improve security, and optimize costs against rapidly-changing demands. As a federated, scalable, cloud-native, security information event management( SIEM ), Forrester Consulting found that Azure Sentinel is in conformity with these needs. furnishing alert detection, menace visibility, proactive hunting, and menace response across your enterprise, the commissioned study, The Total Economic Impact of Microsoft Azure Sentinel,conducted by Forrester Consulting shows that Azure Sentinel delivers 😛 TAGEND
A three-year 201 percent return on investment( ROI) with a payback period of less than six months. A 48 percentage reduction in costs compared to legacy SIEM solutions, saving on expenditures like licensing, storage, and infrastructure costs. A 79 percent reduction in false positives and 80 percentage reduction in the amount of labor associated with investigation, reducing mean time to resolution( MTTR) over three years. A 67 percent decrease in time to deployment compared to legacy on-premises SIEMs.
The Forrester study provides an accessible framework for organizations wanting to evaluate the financial impact of Azure Sentinel relative to an on-premises cybersecurity solution. Forrester concluded that Azure Sentinel reduces SIEM expenses at scale, simplifies SIEM management, and improves the efficiency and effectiveness of the Security Procedure Center( SOC ).
Forester interviewed four organizations who, before switching to Azure Sentinel, were applying an on-premises SIEM or an internal, custom-built solution with a managed “providers “( MSP) to replicate SIEM infrastructure. These four organizations serve global markets in service industries of IT services, big data, financial services, and e-commerce. To commit readers a clear comparison, Forrester aggregated the results for all four into a single composite organization. According to the aggregated data, Azure Sentinel demonstrated 😛 TAGEND
Increased SOC efficiency by cutting false positives up to 79 percentage and reducing the amount of labor needed for advanced investigations by 80 percent–leading to$ 2 million in efficiency gains. A 48 percent reduction in costs compared to the legacy SIEM solution, including savings on licensing, storage, and infrastructure totaling $4.9 million. Reduced management endeavours by 56 percent, saving $1.2 million. Automatic updates, an intuitive centralized platform, and reduced upkeep entail organizations could change talent away from servicing infrastructure and concentrate on value-adding initiatives. Accelerated deployment by 67 percent with out-of-the-box functionality, simple connections to data sources, and pre-built SIEM content saving $602 K.
Most marketers give annual or multi-year contracts with capped ingestion and storage restrictions. This forces organizations to choose between paying more for capacity or putting a cap on the amount of data ingested, restriction visibility into their network.
By moving to Azure Sentinel’s cloud-based SIEM, organizations could eliminate their legacy SIEM vendor, reducing licensing expendings and eliminating costly on-premises infrastructure needed to store security log data. And with Azure Sentinel’s flexible, consumption-based pricing, they were no longer locked into long-term contracts or capacity limits.
Azure Sentinel consumers experienced cost savings of $4.9 million when moving from legacy SIEM–a 48 percent lessening. Forrester found that an organization experienced benefits of $ 8.7 million over three years versus cost of $ 2.9 million. As has already mentioned, this adds up to an ROI of 201 percent with payback in less than 6 months. Handling efficiencies saved $1.2 million, with Azure Sentinel’s reduced time to deploy saving an additional $602 K.
“If you take cost of Azure Sentinel and compare it to the costs that we had to simply run our legacy solution, we are seeing a 15 percent savings with Azure Sentinel and we are getting more.”–Sr. Director of Security Technology and Functioning, IT services
The organizations in Forrester’s study reported that, with legacy SIEM solutions, alerts were previously not well correlated; meaning, a single event could trigger multiple others with no easy way for the SOC analyst to resolve false positives.
With Azure Sentinel, SOC squads can view all security logs, alertings, and incidents through a single pane of glass. Azure Sentinel’s AI-powered correlation engine and user-behavior analytics dedicate analysts a prioritized belief of the alarms, elevating high-priority menaces and reducing false positives–enabling the SOC team to respond more efficiently.
Azure Sentinel’s cloud-based SIEM reduces the size and intricacy of on-premises infrastructure. This enabled organizations in the study to reallocate infrastructure professionals and legacy solution experts, reducing management endeavours by 56 percent while freeing staff to serve business interests with value-added tasks.
” Thanks to the management efficiencies with Azure Sentinel, I was able to reprogram the own efforts of around four FTEs. They no longer had to be firefighters–and we got to cancel a overseen operations and maintenance contract simply because we now have the resources to do it ourselves.”–Senior VP of Global Threat Management, financial services
Ease of deployment
All four organizations reported that deploying Azure Sentinel was faster and easier than deploying legacy SIEM. Because Azure Sentinel features a pre-built playbook, queries, and data connections–along with free ingestion for Office 365 examination logs, Azure activity logs, and alerts from Microsoft Threat Protection( MTP) solutions–most organizations can start for free and scale up.
Using Azure Sentinel, organizations were able to add more data connections and sources, allowing them to absorb more data faster, embracing a larger percentage of their network compared to legacy answers. Azure Sentinel subsistences open standards such as Common Event Format( CEF) and broad collaborator linkages, including Check Point, Cisco, F5, Fortinet, Palo Alto Networks, and Symantec, as well as ecosystem partners such as ServiceNow.
Modernize its own security operations today
Azure Sentinel helps defenders to combat rapidly evolving menaces with increased efficiency. Its performance across all metrics is used in the Forrester TEI study lets us know we’re executing on our vision to streamline and strengthen our customers’ security. Getting begins with Azure Sentinel is easy. If “youre not” employing Azure Sentinel, we welcome you to start a trial.
More recently, we shared our unique approach that empowers security professionals to get ahead of today’s complex threat landscape with integrated SIEM and Extended Detection and Response( XDR) solutions from a single marketer. With this combining, you get the best of both worlds–end-to-end threat visibility across all of your resources; correlated, prioritized alerts based on Microsoft’s deep understanding of specific resources with AI that sews that signal together; and coordinated action across the organization.
From November 1, 2020, through May 1, 2021, Microsoft 365 E5 and Microsoft 365 E5 Security patrons can get Azure credits for the costs of up to 100 MB per consumer per month of included Microsoft 365 data ingestion into Azure Sentinel. Data sources included in this benefit include 😛 TAGEND
Azure Active Directory( Azure AD) sign-in and inspection logs. Microsoft Cloud App Security shadow IT discovery logs. Microsoft Knowledge Protection logs. Microsoft 365 advanced hunting data( including Microsoft Defender for Endpoint logs ).
With these credits, a standard 3,500 seat deployment can see calculated savings of up to $ 1,500 per month1. This offer is available to new and existing customers who have Enterprise( EA) or Enterprise Subscription( EAS) Agreements and Enrollments, and you can begin accruing credits in your first month of eligibility. You can learn more about the offering here .
Download the full Forrester Total Economic Impact of Microsoft Azure Sentinel study. Get started and learn more about Azure Sentinel.
To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1 Calculation based on pay-as-you-go prices for Azure Sentinel and Azure Monitor Log Analytics for US East region.
Read more: microsoft.com