Securing the Cloud: Forcepoint integration with Azure Sentinel
Microsoft Azure Sentinel enables customers to import security log data from existing Microsoft services such as Office 365, Azure AD and Azure Advanced Threat Protection. It also allows them to use industry-standard log formats, such as CEF and Syslog, to ingest data from third party sources. Forcepoint is the latest Microsoft Intelligent Security Association (MISA), partner to include pre-built connectors in the Sentinel console for quick and simple integration with our NGFW, DLP, and CASB solutions.
As your enterprise evolves, so must your security strategy
When we recently shared our 2020 Forcepoint Cybersecurity Predictions and Trends report, one theme we discussed was how many organizations race to the cloud (becoming cloud smart) without thinking through security implications (remaining cloud dumb.) For all the benefits the cloud offers, it often complicates security for organizations. With the growing list of data privacy regulations such as GDPR, HIPAA, CCPA, data privacy represents an increasing concern for individuals and companies alike. Moving to the cloud means having to protect data in more places at a time of heightened data privacy sensitivity.
Becoming cloud smart means building a security strategy that spans both on-prem infrastructure as well as cloud environments. It requires organizations to expand their view of network security, all while controlling spending and reducing complexity through the consolidation of vendors. This is forcing a re-evaluation of core tools to determine – “Do our current tools provide the visibility and control necessary to reduce risk and protect our most critical assets no matter where they reside?”
Securing the cloud with Forcepoint and Azure Sentinel
Forcepoint’s integration with Azure Sentinel enables security teams to automatically export log events from Forcepoint NGFW, CASB, and DLP solutions into Azure Sentinel. Built-in workbooks provide an enriched visualization of actionable security alerts across the enterprise generated by Forcepoint, native Microsoft services such as Azure AD and Office 365, and other Windows events allowing security teams to accelerate investigations and response times. Sentinel workbooks can also be customized by analysts to reflect the information most relevant to them.
Getting started with an integrated solution
Forcepoint worked directly with Microsoft to simplify the process of prioritizing which levels of alerts are ingested by Azure Sentinel. Customers can start by filtering out high alerts from their on-premise and cloud traffic generated in their Forcepoint Solutions and then export only those filtered logs into Azure Sentinel. Azure Sentinel then uses machine learning to correlate the incidents from those solutions with data from other sources, such as suspicious AD logins or O365 activities, so security teams can quickly identify where to focus their investigation and response efforts instead of sifting through an endless array of alerts.
To get started, you can access our Azure Sentinel Integration Guides and step-by-step videos through the following links:
Regardless of where you are in your digital transformation, enhancing data visibility and understanding how your users interact with your organization’s most critical data enables you to reduce risk and allows you to take a more proactive, dynamic approach to data protection. Choosing solutions that integrate seamlessly help reduce complexity without compromising security, no matter where your critical data resides. To learn more about how Forcepoint can help you, visit www.forcepoint.com.