Monitor, correlate and analyze events from the data in your Azure logs
Logging in Azure is essential to protecting your Azure cloud environment. Good log management practices form the basis of an effective security program, in the cloud just as in on-premises environments. Capturing and correlating log data is critical for effective threat detection, incident response, and compliance.
Microsoft provides some native tools for logging in Azure, such as Azure Insights. But for complete Azure cloud security and compliance, you need a comprehensive log management and monitoring solution that is natively built for the Azure cloud.
USM Anywhere™, with its native Azure sensor, automatically monitors Azure Insights and captures all log data. Purpose-built for the Azure cloud, USM Anywhere delivers five essential security monitoring features, including asset discovery, intrusion detection, vulnerability scanning, behavioral monitoring, and Security Information and Event Management (SIEM).
Comprehensive Azure log monitoring and analytics
Automate Azure monitoring with detailed log parsing, fast searching and filtering and access to an extensive plugin list for log data sources.
Strong correlation to detect the latest threats
Log management fueled with threat intelligence from AT&T Alien Labs automatically correlates log data from different data sources.
Compliance-ready log retention & management
Meet log management requirements with short and long term storage of raw logs and out-of-the-box compliance reports and custom reporting.
You have made the move to the Azure cloud and you may be wondering about logging best practices in Azure. To protect your Azure cloud environment, you will need to follow standard log management practices to ensure you are capturing and correlating log events from the applications and systems in your Azure environment. This is critical for effective threat detection and response.
Logging in the Azure cloud is a bit different than on-premises logging, as there are various storage systems and instances you will need to keep track of. Azure provides some native tools to capture logs, such as Azure Insights, and you need a solution to hook into these native tools. But capturing the logs is just one part of the process. You also need a tool that captures, parses, and analyzes the logs together to identify threats and help you respond to malicious or suspicious activity in your Azure environment—all in an integrated solution that ties everything together.
USM Anywhere, with its purpose-built Azure sensor, delivers these capabilities you need for comprehensive Azure logging and log analysis. USM Anywhere automatically monitors Azure Insights and captures all log events in your Azure environment. Its sleek user interface enables fast searching and filtering of events. USM Anywhere also performs detailed event parsing and analysis, and includes an extensive plugin list for parsing logs from your Azure-based data sources. This ensures that USM Anywhere has complete visibility into your Azure systems, applications, and workloads, allowing you to effectively detect and respond to malicious or suspicious activity that threatens your business.
Azure log monitoring is the first step in the threat detection and response process. Log data is collected, parsed, normalized, and stored within the log management solution to support reporting and analysis. The data is also made available to the correlation engine to look for defined patterns of behavior that can lead to discovery of threats in your Azure environment. Correlation is an essential part of every threat detection program and helps to identify relationships between events from a single system and across multiple systems and devices.
Few log management solutions effectively monitor systems within the Azure environment. Fewer enable monitoring of applications, systems, and devices in a hybrid cloud environment that includes both Azure and on-premises infrastructures. You need a solution that provides you with strong correlation and coverage of your hybrid environment.
USM Anywhere, with its native Azure Sensor, is that solution. USM Anywhere’s automated logging capability is complemented by a strong correlation engine built in to USM Anywhere. This integrated log management and correlation functionality automatically correlates log data from your Azure cloud and any other data source in your hybrid environment. And the unified capabilities of USM Anywhere, including asset discovery, vulnerability assessment, intrusion detection, and behavioral monitoring, work in concert with the Azure log management and event correlation to deliver threat detection and response capabilities across your hybrid cloud environment.
USM Anywhere also delivers integrated Threat Intelligence, which is actionable information your IT team needs to automatically detect threats in your network and prioritize the response to those threats. The AT&T Alien Labs Threat Research team collects millions of threat indicators daily, including data from the Open Threat Exchange® (OTX™), the world’s largest open threat intelligence community.
The Labs team continuously tunes the USM Anywhere platform to identify the latest threats across both cloud and on-premises environments. The Labs team incorporates their research into USM Anywhere's extensive library of customizable correlation rules and threat signatures, which are included with the USM Anywhere platform. This eliminates the need for you to conduct research and tune your systems on your own.
Logging the activity within your Azure environment and of the systems you have running in Azure is also critical for compliance with many regulations. Although Azure Insights can effectively feed data into log management platforms, simply using Insights on its own does not help achieve compliance. You need to supplement Azure Insights with a comprehensive log management and security monitoring tool that provides secure collection and retention of log data of your Azure and on-premises environments in a single, centralized location.
USM Anywhere and its Azure-native sensor delivers these comprehensive Azure log management and log analytics capabilities to help you achieve compliance with regulations such as PCI DSS, HIPAA, GLBA, and others. With granular visibility into raw logs you can simplify forensic analysis, making compliance and audit trail preparation a much easier process. Although specific requirements for monitoring and event management can vary from one regulatory standard to the next, USM Anywhere can help you quickly achieve compliance with of all the essential security capabilities you need in a single console.