February 25, 2020

Securing the Cloud: Forcepoint integration with Azure Sentinel

Connie Dodmead

Microsoft Azure Sentinel enables customers to import security log data from existing Microsoft services such as Office 365Azure AD and Azure Advanced Threat Protection. It also allows them to use industry-standard log formats, such as CEF and Syslog, to ingest data from third party sources.  Forcepoint is the latest Microsoft Intelligent Security Association  (MISA), partner to include pre-built connectors in the Sentinel console for quick and simple integration with our Forcepoint NGFWForcepoint DLP, and Forcepoint CASB solutions. 

As your enterprise evolves, so must your security strategy

When we recently shared our 2020 Forcepoint Cybersecurity Predictions and Trends report, one theme  we discussed was how many organizations race to the cloud (becoming cloud smart) without thinking through security implications (remaining cloud dumb.)  For all the benefits the cloud offers, it often complicates security for organizations. With the growing list of data privacy regulations such as GDPR, HIPAA, CCPA, data privacy represents an increasing concern for individuals and companies alike. Moving to the cloud means having to protect data in more places at a time of heightened data privacy sensitivity.

Becoming cloud smart means building a security strategy that spans both on-prem infrastructure as well as cloud environments. It requires organizations to expand their view of network security, all while controlling spending and reducing complexity through the consolidation of vendors.  This is forcing a re-evaluation of core tools to determine – “Do our current tools provide the visibility and control necessary to reduce risk and protect our most critical assets no matter where they reside?”

Securing the cloud with Forcepoint and Azure Sentinel

Forcepoint’s integration with Azure Sentinel enables security teams to automatically export log events from Forcepoint NGFW, CASB, and DLP solutions into Azure Sentinel. Built-in workbooks provide an enriched visualization of actionable security alerts across the enterprise generated by Forcepoint, native Microsoft services such as Azure AD and Office 365, and other Windows events allowing security teams to accelerate investigations and response times.  Sentinel workbooks can also be customized by analysts to reflect the information most relevant to them.

Getting started with an integrated solution

Forcepoint worked directly with Microsoft to simplify the process of prioritizing which levels of alerts are ingested by Azure Sentinel. Customers can start by filtering out high alerts from their on-premise and cloud traffic generated in their Forcepoint Solutions and then export only those filtered logs into Azure Sentinel. Azure Sentinel then uses machine learning to correlate the incidents from those solutions with data from other sources, such as suspicious AD logins or O365 activities, so security teams can quickly identify where to focus their investigation and response efforts instead of sifting through an endless array of alerts.

To get started, you can access our Azure Sentinel Integration Guides and step-by-step videos through the following links:


Regardless of where you are in your digital transformation, enhancing data visibility and understanding how your users interact with your organization’s most critical data enables you to reduce risk and  allows you to take a more proactive, dynamic approach to data protection. Choosing solutions that integrate seamlessly help reduce complexity without compromising security, no matter where your critical data resides. To learn more about how Forcepoint can help you, visit www.forcepoint.com.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.