(From our guest and good friend, Cameron Fuller and his detailed Azure Sentinel Blog)
Welcome to the “Introducing” series (check here for the full list of blog posts in this series). In the previous blog post, we introduced Azure ARM. In this blog post, we will introduce a vendor that is making enhancements to Azure Sentinel: Senserva!
Who is Senserva
Senserva is the brainchild of Mark Shavlik. For those of you who have been in the industry for a while that may ring some bells. Mark worked with Microsoft and Microsoft technology since 1985, including being an early member of the Windows NT development team in Redmond . He later formed Shavlik Technologies which made his name commonly known in the patch management circles. Rod Trent notes in Azure Sentinel this Week – Issue #14 | Revue (getrevue.co) “Anything Mark is part of you know its going to be stellar.”
Where did the name Senserva come from?
The name Senserva comes from a variation on the combination of two words in Esperanto: sen which means without, and servio which means server (for a great translation from English to Esperanto see this link). So, the company name translates roughly to “Without Servers”. Senserva sees the serverless world as more than Azure functions or AWS lambda. They define serverless as anything that does not have to be patched. They see the large shift forward in our industry where serverless computing reaches the stage where “There will be a time when people will not have to know the difference between Windows and Linux servers“.
What does Senserva focus on?
Senserva’s goal is to help IT personnel quickly gain benefits from Azure Sentinel and to drive Azure Sentinel forward to new capabilities.
How does Senserva integrate with Azure?
Senserva complements and extends Azure’s security solutions and components by continually gathering a wide range information from the Azure Active Directory, analyzing it and then streaming it into the Log Analytics workspace Azure Sentinel is built on. It is designed as a turn-key solution that does not require a separate user interface (UI). Instead, it works within Azure Sentinel and the underlying Log Analytics workspace, in an industry first. Their solution provides data into Azure Sentinel as well as queries and assets that augment Azure Sentinel. Senserva is built multi-tenant from the ground up, bringing full MSSP support to Azure Sentinel, and has extensive support for NIST 800-53 controls and the MITRE ATT@CK Framework.
“Members of MISA, like Senserva, offer solutions that extend Microsoft security to quickly identify and remediate security incidents before they cause business impact,” said Eric Burkholder, PM, Technology Partnerships, Azure Sentinel at Microsoft Corp. “The integration of Microsoft Sentinel with the Senserva’s award-winning Cloud Management Solutions allows us to work together to enhance customers’ security posture with less complexity.”
What solutions does Senserva provide?
Senserva’s technology is focused on gathering deep insights about user security from Azure Active Directory (and related technologies including SharePoint Online, OneDrive, Exchange Online) and integrating these into Azure Sentinel.
The graphic below shows Senserva’s solutions. The items above the blue box (Azure Sentinel and Log Analytics Workspace) are available for free to the community. The items below the same box are paid solutions provided by the company.
One of the common challenges in Azure Sentinel is the development of effective queries. Senserva has provided a GitHub repository that includes Azure Sentinel Queries (written in KQL) and workbooks. These contributions are provided for free to the community. If you are using Azure Sentinel, you should check these out! In the future, there are plans to add playbooks and alerts, and other content as would be beneficial for the Azure Sentinel community.
The Senserva solution automates Azure Active Directory Security Configuration Management – Providing visibility into critical changes to configuration within Azure Active Directory. The solution provides insights into security aspects of Azure Active Directory (including users, applications, groups, service principals, conditional access, PIM – coming soon) into Azure Sentinel including custom queries and dashboards.
While it is common to believe that Azure Active Directory is like Active Directory, there are significant differences between the solutions. Active Directory is primarily focused on groups and users and computers. Azure Active Directory is a different beast as there are new features available such as zero trust through conditional access, and it even has a full developer API available for it for use in custom application development.
- Providing continuous cloud security and enabling rapid detection and remediation of risks, vulnerabilities, and adherence to compliance
- Automates Compliance Management – Maintaining adherence to regulations, best practices, frameworks, and partner requirements
- Full support of MITRE ATT&CK and NIST 800-53
- Provides Full API, and dynamic report and dashboard creation
- Build on Microsoft Lighthouse to remotely update and manage the instance (Senserva never sees your data, but it maintains the solution in your environment through Lighthouse).
- Multi-tenant from the group up as is shown in the graphic below which show a quick multi-tenant view into various Azure Tenants, all automatically updated by Senserva.
Figure 1Multi-tenant with Senserva + Azure Sentinel
How are the solutions deployed?
Senserva’s solution is currently deployable through the following methods:
- Azure Marketplace: The solution can be purchased from the Microsoft marketplace. It is installed via a template that includes the steps to do the data gathering, and pre-built visualizations. You can gather managed tenants (if you are a CSP). There is a monthly charge that is applied by the Microsoft store. They currently have an introductory price of $1k a month for the service, with unlimited usage and all updates from Senserva. (Senserva is hosted in the customer tenant)
- Azure Sentinel Solutions (Sentinel Marketplace): At the RSA conference, Microsoft announced the Azure Sentinel Marketplace for Partner solutions.
Additional Reference material:
- Introducing Sentinel solutions: Introducing Azure Sentinel Solutions! – Microsoft Tech Community
- Senserva resources on GitHub: https://github.com/Senserva-LLC
- Sentinel solutions marketplace: Microsoft Previews Solutions Marketplace and Teams Support for Azure Sentinel — Redmondmag.com
- Sentinel solutions catalog: Azure Sentinel solutions catalog | Microsoft Docs
- The best easy next step is to take a look at the Senserva queries and workbooks available in the GitHub repo.
- The first 10 people that want in can get into the interactive trial program, working directly with Mark and Senserva, is available by sending an email referencing this blog post to email@example.com!
- Go back to the previous article in the series: Introducing Azure Resource Manager (ARM)
- Continue to the next in this series: TBD, let me know if you have a request!