Automate Alert Enrichment and Enable Remediation Playbooks in Microsoft Sentinel

More than ever, enterprise security teams are under pressure to monitor and protect IT assets from security threats and incidents. There were 1291 data breaches from January to September 2021, exceeding the total number of breaches in 2020 by 17%. There were also more than 500 million attempted ransomware attacks, and Tessian reports that employees receive an average of 14 malicious emails per year. With the hybrid workplace becoming the norm, and digital transformation initiatives resulting in an expanding and increasingly complex IT infrastructure, the intense pressure on security teams isn't likely to let up.

To stay on top of potential security threats, security analysts rely on Security Information and Event Management (SIEM) systems to aggregate data from across the enterprise, alert them to potential threats, respond to incidents quickly, and meet requirements for compliance and regulatory reporting. Microsoft® Sentinel is a leading SIEM tool that provides a bird's-eye view across the enterprise, making threat detection and response smarter and faster with artificial intelligence (AI). 

Delivered as a cloud service, Sentinel requires no infrastructure setup or maintenance and can scale to meet evolving security needs without additional capital expense. The solution was named a leader in The Forrester WaveTM: Security Analytics Platform Providers, Q4 2020, with the top ranking in Strategy. However, SIEM tools such as Sentinel are only effective if they provide rich IT asset data along with alerts, to help teams quickly identify, locate and isolate devices, and make data-driven decisions about how to mitigate risk. Without such data, teams spend hours manually searching for information, and meanwhile, a successful attack could be causing massive damage and financial losses. To address this issue, Lansweeper integrates seamlessly with multiple SIEM/SOAR solutions - including Sentinel.

Seamlessly Integrate Microsoft Sentinel with Lansweeper

Enrich Asset Data in Microsoft Sentinel with Lansweeper.

The Azure Logic App for Lansweeper

SIEM solutions aggregate event data generated by security devices, network infrastructure, systems, and applications. While the primary data source for a SIEM is log data, it can also process other forms of data. Microsoft's Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate apps, data, services, and systems. The Logic App for Lansweeper seamlessly connects Sentinel with Lansweeper, so users can receive enriched alerts and contextualized IT asset data automatically, to simplify and enhance threat hunting, event investigation, and incident response.

Lansweeper is the leading IT asset data discovery and inventory solution. It continuously discovers IT assets across an organization's IT estate, detecting and recognizing all servers, devices, virtual machines, operating systems, software, and IoT on the network - even shadow IT and idle or forgotten devices. Even if a device only touches the network briefly, Lanswseeper's deep scanning engine and credential-free device recognition (CDR) technology detect it and gather in-depth granular information that helps security teams triage incidents, and analyze their potential impact and prioritize their work. Rather than working off an IP or MAC address alone, users can simply query Lansseeper from within Sentinel and gain instant access to contextualized data, for rapid decision-making and faster MTTR.

Playbooks Accelerate Response, Cut Costs

Using the information available from Lansweeper, Sentinel users can develop playbooks for executing a defined set of remediation actions in response to alerts and incidents. Most of these alerts and incidents conform to recurring patterns, and playbooks help to orchestrate and accelerate threat response for rapid resolution, reducing risk, while lightening the load on security teams. If a machine is compromised, Sentinel users can leverage Lansweeper data to identify, locate and isolate the machine, and automatically block the account until the SOC team can analyze the issue. 

Playbooks not only enhance security but also eliminate manual tasks that can drive up costs. By Microsoft's estimate, Sentinel users can improve security while reducing costs by as much as 48% compared to traditional SIEMs. By leveraging the Logic App for Lansweeper, they can further reduce overhead by eliminating manual work associated with enriching alerts and taking action to remediate threats. 

"The key for customers is that Lansweeper is an InfoSec tool primarily, which means that customers MUST have end-to-end visibility of all assets, independent from the company's ITSM CMDB," said Cassandra Lloyd, Director of Technology alliances at Lansweeper. "Many Factory / OT assets are out of scope for typical CMDB inventory, yet customers need visibility into those assets. Lansweeper provides that insight, helping customers secure all of their assets." 

Interested in seeing for yourself how the solution delivers rich IT asset data, when and where you need it? Watch this on-demand webinar.

Webinar: Microsoft Sentinel strategic integration with Lansweeper

Enrich Asset Data in Microsoft Sentinel with Lansweeper.

Lansweeper's integration with Microsoft Sentinel is one of many integrations with leading SIEM and SOAR tools that fit seamlessly into a SOC's existing technology stack, helping to enhance cybersecurity, lower costs and mitigate risk. Learn more about Lansweeper's integration partners today.

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​