Microsoft’s Azure Sentinel security tool has been widely available since September 2019, providing loud-based security information and event management (SIEM). This week, Microsoft is rolling out a new update for the tool, adding user and entity behavior analytics.

According to Microsoft, the new feature means Azure Sentinel can detect unknown users and insider threats in a more efficient way. Of course, when such threats occur speed of detection is important.

Sentinel works with Azure to provide “cloud-native Security Information and Event Management (SIEM) tool.” Sentinel works by gathering huge quantities of data from cloud-based services, such as Office 365 third-party offerings.

Powered by AI, Sentinel can work with inner-organizational machine learning tools to reduce “alert fatigue”.

Azure Sentinel is not a free service. Customers can send security logs to Microsoft for analysis. The company uses a pay-as-you-go pricing model of $2.46 for every gigabyte (GB) of analyzed data. On the pricing page, Microsoft says a 100GB per day capacity costs $123 per day, with 500GB per day costing $492 per day.

It’s Expensive

Speaking to ZDNet, Eric Doerr, vice president of cloud security at Microsoft, admits Sentinel is expensive. In fact, he says it costs more than a customer would pay if they went it along. However, he says the costs are worth it for what Sentinel’s data analysis provides.

“No doubt about it, the total cost of ownership is for sure superior to going and buying a bunch of physical machines. But we have a funny challenge, which is a lot of people say: ‘Oh my god, this is so amazing, so I want to import 10 times as much data as I was importing in my old solution’,” said Doerr.

“And they’re like, ‘Oh wait, but that’s expensive’. And we’re like, ‘Well, right, 10 times the data volume instead of being a different number, right?’ It’s not free, you still have to pay for what you really care about. If all data in the universe were free, you’d store everything for ever. 

“If there was no compliance – obviously for compliance reasons you don’t want to keep data around for too long. But it’s still like, ‘Do I install every firewall log for two years or do I store them for 90 days? Or do I find some hybrid model?'”

Despite the success, Azure Sentinel is an early success and has 6,500 customers since it officially launched last year.