As a cloud-native SIEM, Azure Sentinel offers significant cost benefits. They have seen Azure Sentinel and the promise of cloud-native SIEM result in cost savings, both direct and indirect, for many of their customers. The 2020 commissioned Forrester Consulting Total Economic Impact™ of Microsoft Azure Sentinel study, for example, found that Azure Sentinel delivered a 48% reduction in costs compared to legacy SIEMs, saving on expenses like licensing, storage, and infrastructure costs.
Microsoft are pleased to announce changes to the pricing of Azure Sentinel and Azure Monitor Log Analytics that will offer you additional cost savings. These changes take effect on June 2.
The changes include:
New capacity reservation naming
Capacity reservations are now called commitment tiers. You will see this change reflected in your user interface, in documentation, as well as on Azure Sentinel and Azure Monitor pricing pages and in the pricing calculator.
New, higher commitment tiers
They are introducing new commitment tiers for both Azure Sentinel and Azure Monitor Log Analytics for higher data ingestion: 1 TB/Day, 2 TB/Day, and 5 TB/Day.
Changes to how we bill for data ingestion over your commitment tiers
They are also changing the way we bill for overage. Data ingested beyond your selected commitment tier will now be billed using the effective commitment tier rate, instead of the Pay-as-you-go rate, resulting in a lower bill.
For example, for Azure Sentinel in the East US region, if you are on a 500 GB/day commitment tier, you will now be billed for overage at $0.80/GB (i.e. the effective rate for that tier) instead of the $2/GB pay-as-you-go rate.
Simplification of commitment tiers
They are simplifying commitment tiers to make them easier to manage. You can now select from eight distinct commitment tiers, per your needs, and no longer need to manage tiers due to minor changes in data ingestion patterns.
As part of this change, any workspaces with commitment tiers greater than 500 GB/day will be reset to the lowest available commitment tier – 500 GB/day, 1 TB/day, 2 TB/day, or 5 TB/day. This change should lower your costs due to the lowered cost of overage.
For example, if you were previously on a 600 GB/day commitment tier, your commitment tier would now be to 500 GB/day. Due to the change in overage billing, on days when you ingest more than 600GB, you would get billed at the 500GB effective tier rate, and on days you ingest less than 600GB, you save money because you are at a lower commitment tier – saving you costs overall.
We’re excited to help you save costs with these changes, and look forward to continuing to innovate with Azure Sentinel and Azure Monitor Log Analytics.
Microsoft has lately announced a new capability in Azure Site Recovery to further improve the Business Continuity and Disaster Recovery posture of Azure VMs – in-line enablement of ASR at the time of VM creation.
This capability helps all Azure infrastructure customers avoid the hassle of separately configuring DR across regions (or zones) after the creation of VMs.
Microsoft recognizes that as the customers move and more business-critical applications to Azure, their resilience is of prime importance.
ASR is a key pillar of Microsoft’s resiliency offering, which allows customers to protect their Azure VMs against regional outages.
Previously, there was no seamless way to enable ASR during the creation of a VM. End customers had to follow through and execute a different workflow to protect the VM from regional (or zonal) outages after the VM was up and running.
With Microsoft latest release, now all end customers will be able to enable ASR while creating a VM. ASR will be one of the VM Management options alongside the ones currently available for configuration – Monitoring, Identity, and Backup, among others.
To get started, a customer can simply head over to the Azure portal. Go to ‘Virtual machines’ and click on ‘+ Add’. Go to the Management tab and select ‘Enable Disaster Recovery’ under ‘Site Recovery’. Make the relevant selections and proceed to create Azure VM. Once the VM is created, replication will be automatically enabled within a few minutes.
It shall be noted that so far, this offering is currently limited to Windows VMs and CentOS, Oracle Linux, and Red Hat Linux VMs. Microsoft also do not support zone to zone (in region) disaster recovery through the Create VM workflow currently.
As customers move beyond immediate crisis needs, such as enabling remote work, many are accelerating cloud adoption to increase competitive advantage and stay more digitally resilient. Enabling an agile, scalable, high-performing, and reliable infrastructure is critical to long-term success. Microsoft is committed to continuous innovation in Azure IaaS capabilities to help customers achieve these goals.
Microsoft is announcing new updates to the Azure infrastructure portfolio that help address a wide range of customer needs.
Increase agility with access to more choices and flexibility
Being responsive to rapidly changing business requirements is more important than it has ever been. Organizations need choices and flexibility in their cloud investments to stay agile. New innovations in Azure provide our customers with even more options, and these updates give customers the ultimate flexibility they need.
More options to run memory-intensive workloads. New Msv2 medium memory virtual machines (VMs), available in preview, enable customers to achieve up to a 20 percent increase in central processing units (CPU) performance and access up to 192 vCPU and 4TiB of memory. New Azure Dedicated Host stock keeping unit (SKUs), available soon in preview, let customers run a broader range of memory-intensive workloads in a single-tenant, hardware-isolated environment.
Simplified acquisition of compute capacity at deep discounts. New Azure Spot Virtual Machines (Spot VMs) features, in preview, help customers drastically improve the overall runtime of scale-out apps by letting Azure try and redeploy previously evicted Spot VMs as part of a scale set. Customers can also simulate evictions to test app behavior to ensure tolerance to interruptions.
More options to scale hybrid and edge deployments. The integration of VMware SD-WAN and the Azure Virtual WAN hub, available in preview, allows customers to easily connect branch offices and remote locations to Azure through VMware SD-WAN and take advantage of a complete Secure Access Service Edge solution. Azure Route Server—now in preview, helps customers streamline operations between any networking appliance and Azure’s virtual network by facilitating dynamic routing.
New capabilities to manage Linux environments. Last fall, Microsoft launched Azure Automanage to help customers greatly simplify Windows virtual machine management in Azure. We are now extending Azure Automanage capabilities to Linux Virtual Machines, giving customers the convenience to manage Windows and Linux VMs through one control plane. Additionally, the preview of Azure native integration with Elastic allows customers using Elastic services on Azure to access integrated billing, full technical support, and Azure portal integration.
Scale business-critical apps and improve performance
Many customers are migrating to the cloud to scale their most demanding workloads to achieve efficiency and performance gains. Azure offers one of the fastest networks with the broadest global footprint, enabling customers to build and deploy apps anywhere. They continue to innovate and make it easier for customers to increase workload scale and performance.
Simplified network resource distribution with new Azure Load Balancing capabilities. The new Azure Load Balancing selection tool, now in preview, offers customers guidance to choose the right services based on their workloads and requirements. They’re also increasing flexibility to load balance across IP addresses with Azure Load Balancer, now generally available.
More options to scale deployments with new Azure Virtual Machine Scale Sets features. Customers can simplify application deployment, management, and scalability while improving uptime with the recently introduced flexible orchestration mode. Customers can also gain greater operational agility by changing virtual machine sizes without redeploying the scale set and optimize costs by mixing Spot VMs and pay-as-you-go virtual machines within the same scale set.
Scaling disk performance with new performance tiers on premium SSDs. With the new capability in preview, customers can sustain a higher level of performance for planned events, such as a seasonal promotion, and change performance tiers without disruption to their workloads.
Strengthen business continuity with new reliability and security enhancements
Azure provides built-in high-availability and disaster recovery options to ensure maximum resilience for all workloads. We continue our infrastructure investments, including expanding our already leading number of regions and availability zones and are launching new services to keep apps and data resilient and secure on Azure.
Improving high availability with new on-demand capacity reservations. On-demand capacity reservations, now in preview, enable customers to reserve compute capacity for one or more virtual machine size in an Azure region or Availability Zone for any length of time. Customers can also combine capacity reservations with Reserved Virtual Machine Instances to greatly reduce costs.
Increasing workload portability and availability. Azure Resource Mover, now generally available, lets customers seamlessly move resources between public Azure regions. Customers can also increase workload availability with protection in the event of a zone failure with Zone Redundant Storage support for Premium and Standard SSDs, available in preview.
Built-in backup management at scale with Azure Backup Center. Azure Backup Center, now generally available, supports all Azure-based workloads supported by Azure Backup and offers new Azure policies to deploy backups at scale based on resource groups and tags.
Protection for data-in-use with Azure Confidential Computing. Customers can harden workloads and protect against malicious attacks with Trusted Launch for all Azure Virtual Machines, available in preview. They’re also safeguarding sensitive data in Azure with the preview of SQL Always Encrypted secure enclaves and enabling secure orchestration of confidential containers on Azure Kubernetes Service, now generally available.
Protection for apps and data with auto-key rotation. With the preview of the new feature, customers can automatically update all disks, snapshots, and images, and ensure their data is always secured with the latest encryption key.
Accelerate cloud migration with confidence
Microsoft and BPS will help customers accelerate cloud migration with first-class migration tooling, support, skilling, and resources. New capabilities are continuously being added to Azure Migrate.
Centralized migration across all infrastructure, apps, and data. With new features in Azure Migrate, customers can now assess SQL Server estates with the preview of discovery and assessment for SQL Server migration to Azure SQL.
Additional new features include the general availability of PowerShell support for migration of VMware virtual machines and the preview of a new app containerization tool allowing customers to migrate .NET and web apps to Azure Kubernetes Service.
“BPS” in collaboration with “Al-Iktissad Wal-Aamal organized a webinar entitled “Cloud Talks 2021”, to discuss the services and applications offered by cloud computing providers in order to empower digital business transformation while preserving security, privacy and compliance with laws and regulations. Over 120 persons representing senior executives from 12 different countries participated in the webinar, which hosted experts from leading companies and technology providers from the MENA region.
The Digital Transformation Journey
Mahmoud Moussa -Senior Cloud Solution Architect for Data & AI, Microsoft – confirmed, during his participation in the webinar, that the “Azure IoT Edge” technology provided Microsoft allows the delivery of sensors from all the company’s departments and its use in order to connect to another backend related to the Internet of Things where the data is sent after being initially processed. He explained that cloud services seek to enable digital technology through several domains, most notably: The Internet of Things and Edge technology, advanced analytics, artificial and cognitive intelligence, graphic technique, Blockchain technology, digital workplace and 3D imaging.
For his part, the Sales Manager at Citrix, Abbas Ali-Ahmad pointed out that success will go to the organizations and companies that will be able to provide a stable and safe work experience. He emphasized on the importance of knowing how to support any type of users wanting to access information; whether they were employees, contractors or business partners, and the possibility to work from any place, using any type of device or computing system.
As for Eiad Al-Aqqad -the Principal Solution Architect at “VMware Cloud Providers Program”- he discussed the vision of “VMware Cloud” in the world of cloud computing, he explained that their vision allows users and cloud service providers to activate any application on any device of any kind.
Cyber Security and Cloud Computing
In a panel discussion, moderated by Parthasarathy Pillairkulam – EVP-Chief Information Security Officer at First Abu Dhabi Bank- General Manager of Capital outsourcing, Chadi Ghazal, indicated that his company was the first to own a cloud platform in the MENA region since 2000. He explained that cloud computing is a virtual process for hardware, software, networks, storage spaces and services used by developers to implement complex operations. Adding that when using cloud computing, companies are not compelled to purchase any new devices or services, however they need to upgrade their virtual storage for a certain fee.
As for Alain Sawaya -General Manager of the Jordanian “Zain Datapark”- he explained that his company is an entity that was founded to enable “Zain Group” to provide cyber security and cloud computing services everywhere. He added that every country aspires to have its own cloud located within its territory for multiple reasons: legitimacy, data sovereignty and to secure data especially for governments. Furthermore, he announced the transfer of severl financial and banking applications to private cloud servers.
On his behalf, Mohamed Ayad, Vice President and Business Development Manager of “Libyan Spider” considered that country cloud and public cloud approaches are closer to each other today more than ever, indicating that “Microsoft” is expanding this service very quickly.
Ayad pointed out that there have been concerns about data security and privacy from the very first day of the cloud model’s birth, which has greatly affected companies’ work. He continued adding that many companies have switched to using public cloud more than before due to the flexibility with which entrusted public cloud providers work.
On the other hand, General Manager of “Gulf Infotech” in Oman, Yahya Zakir Sait, said that the largest companies providing cloud services have neglected the Middle East region in 2009 due to the low adoption of cloud solutions, pointing out that the high demand for adopting these solutions has created a quantum leap for the region in general.
“BPS” and Digital Transformation
BPS provides vendors with multiple licensing programs, services and technical supports to partners in order to develop their businesses, in addition to “SAM” consultations. The company focuses on supporting MSP focused channel, telecom companies, internet service providers, database centers, service providers, integrated systems, managed services, software companies and IT distributors who are heading towards digital and cloud transformation.
The company always strives to add more services to its own affiliated program. It started its operations as a cloud distributor in 2005 and has earned years of local experience in the cloud channel business, to become today a pioneer in this field in the MENA region.
Azure UAE Regions are now stronger than ever with the availability of the new Azure Services led by Azure Security!
The new services are:
Azure Sentinel has the capability to see and stop threats before they cause harm, with a SIEM and SOAR reinvented for a modern world, providing a birds-eye view across the enterprise.
Artificial intelligence (AI) makes threat detection and response smarter and faster. The platform allows for elastic scaling and eliminates the need for costly set up and maintenance. For these reasons, customers such as ASOS are leveraging Azure Sentinel to analyze data coming from separate systems and solutions.
Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP and SSH access to virtual machines directly through the Azure Portal. Azure Bastion is provisioned directly in a customer’s Virtual Network (VNet) and supports all VMs using SSL without any exposure through public IP addresses.
Cognitive Services: Immersive Reader and Anomaly Detector
- Immersive Reader is an Azure Cognitive Service that allows for embedding text reading and comprehension capabilities into applications. Users of any age and reading ability are supported with features like reading aloud, translating languages, and focusing attention through highlighting and other design elements. Azure is the only major cloud provider offering this type of reading technology. No machine learning expertise is required.
- Anomaly detection capabilities can be easily embedded into apps so users can quickly identify problems. Through an API, Anomaly Detector ingests time-series data of all types and selects the best-fitting detection model for particular data to ensure high accuracy. The service can be customized to detect any level of anomaly and deployed where need it is needed most inside containers – from the cloud to the intelligent edge. Azure is the only major cloud provider that offers anomaly detection as an AI service.
This application can connect with business-critical apps and services, automating workflows without writing a single line of code. Its advantages include leveraging a write-once, run anywhere ability, a consistent integration with developer tools and services, creating business processes and workflows visually and integrating with SaaS and enterprise applications.
- Container Instances & App Configuration
Container Instances and App Configuration provide simplicity, scalability and security while modernizing applications.
Security and Protection, Artificial Intelligence, Cognitive Services, Application Integration and Modernization are leading this round of the new services announcement.
Security Center is in active development and receives daily improvements that help you strengthen your environment and your hybrid cloud posture while tracking compliance with the policies and standards.
The added enhancements are explained in details below.
- Azure Defender for SQL servers on machines: Azure Security Center offers two Azure Defender plans for SQL Servers to protect your databases and their data wherever they are located.
- Azure Defender for Azure SQL database servers – defends your Azure-native SQL Servers.
- Azure Defender for SQL servers on machines– extends the same protections to your SQL servers in hybrid, multi-cloud, and on-premises environments.
Azure Defender for SQL includes vulnerability assessment capabilities.
The vulnerability assessment tool includes the following advanced features:
- Baseline configuration to intelligently refine the results of vulnerability scans to those that might represent real security issues.
After you have established your baseline security state, the vulnerability assessment tool only reports deviations from that baseline state.
Results that match the baseline are considered as passing subsequent scans.
This lets you and your analysts focus your attention where it matters.
- Detailed benchmark information to help you understand the discovered findings, and why they
relate to your resources.
- Remediation scripts to help you mitigate identified risks.
- Two new Azure Defender plans have been newly added.
Microsoft Azure has added two new cloud-native breadth threat protection capabilities for your Azure environment. These new protections greatly enhance your resiliency against attacks from threat actors, and significantly increase the number of Azure resources protected by Azure Defender.
- Azure Defender for DNS – continuously monitors all DNS queries from your Azure resources.
- Azure Defender for Resource Manager – automatically monitors all resource management operations performed in your organization.
- Revitalized Security Center experience in Azure SQL Database & SQL Managed Instance
The Security Center experience within SQL provides access to the following Security Center and Azure Defender for SQL features:
Security Center periodically analyzes the security state of all connected Azure resources to identify potential security misconfigurations.
It then provides recommendations on how to remediate those vulnerabilities and improve organizations’ security posture.
A detection service that continuously monitors Azure SQL activities for threats such as SQL injection, brute-force attacks, and privilege abuse.
This service triggers detailed and action-oriented security alerts in Security Center and provides options for continuing investigations with Azure Sentinel, Microsoft’s Azure-native SIEM solution.
A vulnerability assessment service that continuously monitors Azure SQL configurations and helps remediate vulnerabilities.
Assessment scans provide an overview of Azure SQL security states together with detailed security findings.
- Azure Defender for SQL support for Azure Synapse Analytics dedicated SQL pool:
Azure Synapse Analytics is an analytics service that combines enterprise data warehousing and big data analytics.
Azure Defender for SQL protects your dedicated SQL pools with:
- Advanced threat protection to detect threats and attacks.
- Vulnerability assessment capabilities to identify and remediate security misconfigurations.
- Recommendations page has new filters for environment, severity, and available responses:
Azure Security Center monitors all connected resources and generates security recommendations. You can use these recommendations to strengthen your hybrid cloud posture and track compliance with the policies and standards relevant to your organization, industry, and country.
As Security Center continues to expand its coverage and features, the list of security recommendations is growing every month.
With the growing list, there is a need to be able to filter to the recommendations of greatest interest. You can now filter the list of security recommendations according to a range of criteria.
In the following example, the recommendations list has been filtered to show recommendations that:
- are generally available (that is, not preview)
- are for storage accounts.
- support quick fix remediation.
The filters that were recently added provide options to refine the recommendations list according to:
- Environment– View recommendations for your AWS, GCP, or Azure resources (or any combination)
- Severity– View recommendations according to the severity classification set by Security Center.
- Response actions– View recommendations according to the availability of Security Center response options: Quick fix, Deny, and Enforce.