For organizations of 2022, a SIEM (Security Incident Event Management), or any XDR solution (Extended Detection and Response), is becoming a must-have. Ransomware attacks have seen an increase of 130% over the last year and the average cost to recover from a ransomware attack has increased to $1.85 million in 2022. This is only the direct cost — the $1.85 million does not include the lost trust from clients that will no longer pay for services for fear of another breach. Unlike in previous years, security providers can show that there is a return on investment for security products. A lack of investment in security that leads to a breach could be a financial death strike for an organization.
With the growing impacts and risks, Cloudforce has made significant investments to internal security talent and dedicating more resources to expanding our expertise and cyber posture to better support the protection of our clients. Investing in cyber security professionals was only one part of it. The correct SIEM and XDR solutions were also selected from a numerous pool of vendors.
There are many great options for security products, such as antiviruses that perform their jobs very well. But if your security products are not reporting alerts to a centralized view for a security team to analyze, the threat actor has countless tries to bypass your security. Threat actors are becoming better and better at bypassing security controls. The only way to combat attempted breaches that bypass threat protection is to be alerted of the actions.
Especially with the major move of organizations to the cloud, investing in a SIEM is easier said than done. There is a wide range of vendors that offer a SIEM solution. However, many solutions do not utilize artificial intelligence to easily detect anomalous behavior and cut down on labor costs for investigation. Many SIEMs are also built to be placed in an on-premises environment and are still working on integrations with the cloud.
Fortunately, Microsoft has a SIEM and XDR solution for partners to provide their clients. Microsoft Sentinel (SIEM) and Microsoft Defender (XDR) are increasingly respected products that protect organizations’ networks and data. Both are cloud native solutions that utilize artificial intelligence and are built for modern threats, unlike on-premises SIEMs.
785,000 customer organizations trust Microsoft security products. Microsoft has shown it is dedicated to continuous improvements on its security offerings by increasing its security funding by 400%. Forrester, a respected research and advisory company, recognized Microsoft as a leader in 9 reports. These reports include:
- Security Analytics Platform
- Enterprise Email Security
- Endpoint Security as a Service
- Unified Endpoint Management
- Instructed Data Security Platforms
- Cloud Security Gateways
- Identity as a Service
- Extended Detection and Response
This is a strong increase from previous years, showing Microsoft’s growth and trajectory going forward in security offerings.
Most ransomware attacks follow similar paths:
- The threat actors gain some sort of initial access, usually in the form of a phishing email that compromises a device and fights security controls to escalate privilege;
- The threat actors then compromise the identity of a user;
- Using the compromised account, they use cloud apps to exfiltrate sensitive data;
- They then use the compromised identity to work their way into the network infrastructure, attempting to bypass security controls, in order to encrypt company data.
Security operators need to be able to see all aspects of attack surface in a singular view to properly detect and remediate threats in their tracks before they gain total control. Patching multiple products together over the organization’s landscape can lead to the lack of a centralized view and missing gaps of security. The use of Microsoft Defender along with Microsoft Sentinel provides operators with a clear centralized view and smooth integrations that are designed to grow and evolve together.
Those that partner with Microsoft security have a 45% reduced likelihood of a breach and a 50% reduced time to remediate a threat. The centralized view and use of artificial intelligence reduces the amount of labor associated with advanced investigations by 80%, meaning more effective analysis can be achieved at a much lower labor cost.
For customers already using Microsoft services, almost all of Microsoft’s security features are included in E5 licensing which some customers may already have, and the features just need to be configured and turned on.
Cloudforce knows it is a substantial responsibility to choose the correct security solutions to recommend to and protect our clients. The impressive capabilities of both Microsoft Sentinel and Microsoft Defender made them an easy choice when deciding how to arm our cyber security professionals and invest in their expertise.
There is a huge opportunity for both client organizations and managed security providers. Managed security providers have a large opportunity to sell and manage Microsoft Sentinel and Microsoft Defender, while client organizations have a huge opportunity to be protected with high-end security that easily integrates with their Microsoft, Google, or Amazon cloud for an economically reasonable price.
Would you like to learn more about Microsoft Defender and Microsoft Sentinel and how Cloudforce can help you protect your organization? Drop us a line below.