What is the difference between Azure Security Center and Azure Sentinel? | by John Yoon | The Cloud Builders Guild | Medium Sign in AWS Azure Google Computing Coding Networking Security What is the difference between Azure Security Center and Azure Sentinel? John YoonFollow Feb 22, 2020 · 5 min read Azure Security Center vs Azure Sentinel Many Cloud Architects and Cloud Engineers are somewhat confused to grasp the difference between Azure Security Center (ASC) and Azure Sentinel. Both products look quite similar at a first glance and both offered by Microsoft to secure your Azure infrastructure. Moreover, in all Microsoft’s Cybersecurity reference designs these products work shoulder-to-shoulder. There are several main reasons for this confusion: the historical set of functionality that both products offer, the complementary functionality they perform and, the most important, is that they share a subset of functionality in the Cybersecurity activities life-cycle. End-to-end Cybersecurity cycle.The picture above represents a high-level sequence of activities happening in a typical Security Operations Center (SOC). Both ASC and Sentinel play a significant part in some of these activities. Azure Security Center plays a vital role in “Collect” and “Detect” roles. While Azure Sentinel in addition to the first two roles also designed to perform “Investigate” and “Respond” roles. To understand the differences, we shall look deeper into both offerings. Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud — whether they’re in Azure or not — as well as on-premises. Azure Security Center addresses the three most urgent security challenges: Rapidly changing workloads — It’s both a strength and a challenge of the cloud. On the one hand, end-users are empowered to do more. On the other, how do you make sure that the ever-changing services people are using and creating are up to your security standards and follow security best practices? Increasingly sophisticated attacks — Wherever you run your workloads, the attacks keep getting more sophisticated. You have to secure your public cloud workloads, which are, in effect, an Internet-facing workload that can leave you even more vulnerable if you don’t follow security best practices. Security skills are in short supply — The number of security alerts and alerting systems far outnumbers the number of administrators with the necessary background and experience to make sure your environments are protected. Staying up-to-date with the latest attacks is a constant challenge, making it impossible to stay in place while the world of security is an ever-changing front. To help you protect yourself against these challenges, Security Center provides you with the tools to: Strengthen security posture: Security Center assesses your environment and enables you to understand the status of your resources, and whether they are secure. Protect against threats: Security Center assesses your workloads and raises threat prevention recommendations and threat detection alerts. Get secure faster: In Security Center, everything is done in cloud speed. Because it is natively integrated, deployment of Security Center is easy, providing you with auto-provisioning and protection with Azure services. Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Azure Sentinel core capabilitiesCollect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds. Detect previously undetected threats, and minimize false positives using Microsoft’s analytics and unparalleled threat intelligence. Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cybersecurity work at Microsoft. Respond to incidents rapidly with built-in orchestration and automation of common tasks. Azure Sentinel performs more roles including hunting, automated playbooks and incident responses as well as assistance with manual incident investigations. On the other hand, Azure Security Center is a great source of recommendations, alerts and diagnostics that can be utilised by Azure Sentinel to provide even better analytics and incident alerts. Therefore, both products must be used in a well-architectured SOC. These products are highly complementary and can be easily enabled thanks to the great out-of-the-box integration. Below is an illustration of the entire process and where Azure Sentinel and ASC play their roles. Security Center is one of the many sources of threat protection information that Azure Sentinel collects data from, to create a view for the entire organization. Microsoft recommends that customers using Azure use Azure Security Center for threat protection of workloads such as VMs, SQL, Storage, and IoT, in just a few clicks can connect Azure Security Center to Azure Sentinel. Once the Security Center data is in Azure Sentinel, customers can combine that data with other sources like firewalls, users, and devices, for proactive hunting and threat mitigation with advanced querying and the power of artificial intelligence. To reduce confusion and simplify the user experience, two of the early SIEM-like features in Security Center, namely investigation flow in security alerts and custom alerts will be removed in the near future. Individual alerts remain in Security Center, and there are equivalents for both security alerts and custom alerts in Azure Sentinel. Microsoft will continue to invest in both Azure Security Center and Azure Sentinel. Azure Security Center will continue to be the unified infrastructure security management system for cloud security posture management and cloud workload protection. Azure Sentinel will continue to focus on SIEM. If you have any Business or Technology ideas or challenges that you would like to discuss, then please post your questions, challenge my opinion and please send me a message. John Yoon. Cloud Solution Architect The Cloud Builders Guild Cloud enthusiasts building things in the cloud. Follow 39 Azure Azure Security Azure Security Center Azure Sentinel Cybersecurity 39 claps 39 claps Written by John Yoon Follow Cloud Solution Architect Follow The Cloud Builders Guild Follow We are Cloud enthusiasts writing about coding and building things in the Cloud. Follow Written by John Yoon Follow Cloud Solution Architect The Cloud Builders Guild Follow We are Cloud enthusiasts writing about coding and building things in the Cloud. More From Medium Apple Caught Apps Spying Keystrokes On Millions Of Devices Anupam Chugh in The Big Tech Alternatives to third-party cookies in 2020 Rafał Rybnik in The Innovation Passkb: how to reliably and securely bypass password paste blocking Ignat Infiltrating Python’s Software Supply Chain Chetan Conikee in Analytics Vidhya Top 3 corporate data breaches of 2019 — why business VPN is a must Mary Clatson in The Startup Wi-fi Signals Can Reveal Your Password Prof Bill Buchanan OBE Slow Loris — Rethinking DoS attacks Lev Perlman in Frontend Weekly Detecting Malware In Android Stores Prof Bill Buchanan OBE in ASecuritySite: When Bob Met Alice Learn more. Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more Make Medium yours. Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore Share your thinking. If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium About Help Legal Get the Medium app