Securing the Cloud: Forcepoint Integration with Azure Sentinel

As organizations adapt to remote work, the pressure of rapid cloud transformation increases—and security implications grow more complex. See how Forcepoint’s integrated solution helps to simplify security—without compromising it.

istock 1156386758

Microsoft Azure Sentinel enables customers to import security log data from existing Microsoft services such as Office 365, Azure AD, and Azure Advanced Threat Protection. It also allows them to use industry-standard log formats, such as CEF and Syslog, to ingest data from third-party sources. Forcepoint is the latest Microsoft Intelligent Security Association (MISA) partner to include pre-built connectors in the Sentinel console for quick and simple integration with our NGFW, DLP, and CASB solutions.

As your enterprise evolves, so must your security strategy

When we recently shared our 2020 Forcepoint Cybersecurity Predictions and Trends report, one theme we discussed was how many organizations race to the cloud (becoming cloud smart) without thinking through security implications (remaining cloud dumb.) And, as organizations around the globe rapidly adopt remote work, the pressure only increases. But for all the benefits the cloud offers, it often complicates security for organizations. With the growing list of data privacy regulations such as GDPR, HIPAA, and CCPA, data privacy represents an increasing concern for individuals and companies alike. Moving to the cloud means having to protect data in more places at a time of heightened data privacy sensitivity.

Becoming cloud smart means building a security strategy that spans on-prem infrastructure as well as cloud environments. It requires organizations to expand their view of network security, all while controlling spending and reducing complexity through the consolidation of vendors. This is forcing a re-evaluation of core tools to determine, “Do our current tools provide the visibility and control necessary to reduce risk and protect our most critical assets—no matter where they reside?”

Securing the cloud with Forcepoint and Azure Sentinel

Forcepoint’s integration with Azure Sentinel enables security teams to automatically export log events from Forcepoint NGFW, CASB, and DLP solutions into Azure Sentinel. Built-in workbooks provide an enriched visualization of actionable security alerts across the enterprise generated by Forcepoint, native Microsoft services such as Azure AD and Office 365, and other Windows events, allowing security teams to accelerate investigations and response times. Sentinel workbooks can also be customized by analysts to reflect the information most relevant to them.

Getting started with an integrated solution

Forcepoint worked directly with Microsoft to simplify the process of prioritizing which levels of alerts are ingested by Azure Sentinel. Customers can start by filtering out high alerts from their on-premise and cloud traffic generated in their Forcepoint Solutions, and then export only those filtered logs into Azure Sentinel. Azure Sentinel then uses machine learning to correlate the incidents from those solutions with data from other sources, such as suspicious AD logins or O365 activities, so security teams can quickly identify where to focus their investigation and response efforts instead of sifting through an endless array of alerts.

Regardless of where you are in your digital transformation, enhancing data visibility and understanding how your users interact with your organization’s most critical data enables you to reduce risk and take a more proactive, dynamic approach to data protection. Choosing solutions that integrate seamlessly help reduce complexity without compromising security, so you can better protect critical data no matter where it resides.

It’s up to you to scale your security strategy to protect people and data wherever work happens. And Forcepoint is here to help. Visit us to learn more about what you can do now to protect your remote work environment.


Copyright © 2020 IDG Communications, Inc.