Microsoft Sentinel - Business Considerations

 






Cost Management

Cost management is an integral part of an organization's risk management where Microsoft Sentinel creates analytic rules for detecting an attacker's behavior with the help of the data provided to it. However, every bite of the data ingested into Log Analytics carries a cost which implies that one should come up with some knowledge or ideas to build as well as evaluate a business case for adopting Microsoft Sentinel. Some of them are discussed below:
  • Evaluating Your Data Ingestion Against Use Cases- A cost-effective analysis is highly required for the ingestion of different types of log data that may lead to extra costing in your Microsoft Sentinel deployment. It is recommended to recognize the high business risk applications with the of project teams that can survey and easily analyze the log volume or anticipated risk mitigation. Naturally, a high volume of log data with a relatively small number of potential risk issues can be excluded from Microsoft Sentinel budget after discussing with the stakeholders and decision makers to take the final call.

  • Log Ingestion Strategies- Due to the increase in the number of internet users along with the introduction of various linking devices like mobiles, SaaS, Internet Of Things (IOT), etc. the malicious activities of the threat actors have increased, and to cover all this, the "log everything" approach generally either leads to unmanageable costs or poor performance via quickly overwhelmed SIEM solutions. Hence, it is recommended to identify and analyze each type of log source in detail as well as their cost vs benefits of ingestion while considering all the important aspects for a fruitful result.

  • Budgeting For Microsoft Sentinel Costs- Microsoft Sentinel may prove highly cost-effective if proper attention is given to the cost management as it offers various benefits over physical and premises-based virtualized solutions, but, since there is a shift of IT infrastructure to cloud, all the assumptions and modes of operations for on-premises world should be re-examined and potentially adjusted. 

  • Ongoing Cost Monitoring & Evaluation- Regularly monitor the costs for log ingestion on an ongoing basis is very vital in making sure the ongoing viability of Microsoft Sentinel platform for an organization. 






















































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)