Gartner isn’t the only technology research group that classifies Microsoft as a Leader. Forrester Research has also named Azure Sentinel a Leader in its recently released report, The Forrester Wave™: Security Analytics Platform Providers, Q4 2020. The Forrester Wave is similar to Gartner’s Magic Quadrant chart in that it classifies technology vendors on a scale ranging from Challengers to Leaders. This is based on a combination of strategy and current offering. So, as with the Magic Quadrant, the goal is to land a spot as far to the top right of the graph as possible—the Leader area.
The Forrester Wave for Security Analytics Platform Providers
In the Forrester Wave chart, you can see the three elements of a platform’s strength: in strategy, current offering, and market presence. While a company like Exabeam performs well in strategy and offering, it doesn’t have much market presence. The chart above show that IBM, Securonix, Splunk, and Microsoft are doing well with all three elements.
About Azure Sentinel
Released by Microsoft last year, Azure Sentinel is a cloud-native SIEM + SOAR solution for Security Operation Centers (SOCs). It was the industry’s first cloud-native SIEM to emerge in a major public cloud setting. These are some of the key features that Azure Sentinel provides:
- Easy, scalable deployment and use. Visual workbooks, dashboards and graphics make it easy to manage data.
- Collection and analysis of data across users, devices, applications, and infrastructure. This can be done in multiple clouds and makes use of several third-party connectors.
- Fast and intelligent threat detection equipped with AI and machine learning. One interesting ML technique that is applied in Azure Sentinel is called Fusion. It combines data from disparate data sets (including from partner data sources), then puts this data into graph-based machine learning and a probabilistic kill chain to create accurate alerts that incorporate both high-fidelity incidents and low-fidelity anomalous activities that otherwise could go unnoticed. This efficient process can reduce alert fatigue by 90%.
Vice President of Cloud Security Eric Doerr said in a recent Microsoft blog post that the company is especially honored to have earned the highest Strategy ranking (the point furthest to the right on the chart), because it’s a core value of the team “to do more with less by offering a different path forward than traditional, on-premises SIEMs.” The cloud-based model allows customers to redirect efforts from on-premise management toward improving strategy and value, as it has done for the IT consulting company Avanade. It also frees up resources from unnecessary infrastructure since you can pay for it according to the resources you actually need.
Other New Azure Sentinel Innovations
Microsoft announced several new innovations for Azure Sentinel at the Ignite 2020 conference. Among them were these announcements:
- User and Entity Behavioral Analytics (UEBA), which pinpoints unknown and insider threats.
- A new ability to build your own ML models.
- Threat Intelligence improvements such as threat indicator management.
- New connectors that simplify data collection.
- Watchlists that eliminate the need for time-consuming manual analysis of external data sources and allow administrators to correlate security events with other non-security data sources.
Other Forrester Findings on Azure Sentinel
Forrester also recently published a Total Economic Impact™ (TEI) study that found Azure Sentinel to give a return on investment of 201% over three years, reducing costs and saving time. Check out our article with details on what Forrester found in that economic study. Also see the Forrester Wave for Cloud Security Gateways, Q2 2021.
Learn how to integrate RiskIQ’s External Attack Surface Management (EASM) service with Azure Sentinel here.