AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content
X

Q2 Threat Report. SOC trends to take action on | Vegas, baby! Let’s Connect at Black Hat

X

Microsoft Azure Monitoring

24x7 detection and response for Azure workloads using built-in Azure API’s and services

Managed detection
and response for Microsoft Azure

(is it weird that Azure is a “cloud” but it means “sky blue”?)

Microsoft provides a boat load of great security capabilities. So, if you’ve already moved your data or built some apps in Azure, it’s a great place to be. But knowing how to sift through Azure logs or chase down alerts in Defender for Cloud (Security Center) isn’t always obvious. Expel helps your security strategy keep up by detecting and running security risks to ground in Microsoft Azure.

Detections designed for your
Azure environment

Our Azure detection strategy uses built-in APIs and services:

  • Analyzes Defender for Cloud (Security Center) alerts
  • Adds Azure-specific detections for high-risk activities
  • Tunes detections to match your apps and workloads

What we do

24x7 Azure monitoring

Our analysts chase down your Azure alerts so you can focus on building new features, products and services.

Investigations in Azure

We’ll connect the dots from suspicious alerts in Azure back to their root cause and tell you what they mean.

Fixes “written in Azure”

Whenever possible, our analysts will recommend configuration changes to address activities we tell you about.

It’s not very often that you’ve got a Slack channel with your CSO, your analyst and your managed security provider all talking together at 2:00 AM … It’s a great feeling. It feels like our analysts aren’t alone in the middle of the night.

— Amanda Fennell, Chief Security Officer

What we look for

(updated at Azure speed)

Microsoft is constantly primping and preening (and often renaming) the security capabilities available within Azure. As Microsoft rolls out new services to protect your data and workloads, we’ll evaluate them and update our detection and response strategy where it makes sense so your security strategy can stay in sync. Here are a few examples of things we’ll look for:

Suspicious logins and
unauthorized access

Disabling or changing Azure
security capabilities

Unauthorized sharing or access to
sensitive data

Evidence of an
account compromise

Unusual or risky interaction
with Azure management plane

Azure-icons-06

Risky violations of Azure best
practices

How we use native Azure capabilities

(hint: it’s a lot more than chasing Defender for Cloud (Security Center) alerts)

Expel uses API integrations to connect directly to the Microsoft Azure platform. We support authentication via an Azure Active Directory app. To collect data, Expel communicates directly with APIs including the Microsoft Graph API for services like Defender for Cloud (Security Center), Azure Activity Logs and Microsoft Defender for Cloud Apps (formerly MCAS).

How Expel uses Azure services for detection, investigation and response

Azure service Examples of how we use them Detect Investigate
Azure Active Directory Monitors who’s accessing your environment
Azure Platform Logs Provides insight into events in the Azure infrastructure
Azure ATP Uses behavioral analytics to flag suspicious behavior
Azure Active Directory Identity Protection Flags risky sign-ons
Microsoft Defender for Cloud Apps (formerly MCAS) Gives us a comprehensive alerting based on activity in your Azure environment
Defender for Cloud (Security Center) Sends us alerts which we analyze and run to ground
Azure Sentinel Azure’s cloud-native SIEM looking for things that go bump

Blog

Getting a grip on your
cloud security strategy

Understanding how to think about cloud security differently is half the battle. We’ve thought a lot about it and we’ve identified three key points that should inform your cloud strategy.

Blog

Why the cloud is
probably more secure
than your on-prem environment

Is your data really safer in the server room next door? Probably not. Here are five reasons why the cloud offers better security than your on-prem environment.

Blog

Four habits of highly
effective security
teams

Practice these habits consistently and you’ll have an engaged, talented and all-around awesome security team.

Give us 30 minutes to show you how we can protect your data and workloads in Azure.

Review Expel on G2

© 2022 Expel, Inc. All Rights Reserved

Back To Top