AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content

Microsoft Azure

24x7 detection and response for Azure workloads using built-in Azure API’s and services

Managed detection
and response for Microsoft Azure

(is it weird that Azure is a “cloud” but it means “sky blue”?)

Microsoft provides a boat load of great security capabilities. So, if you’ve already moved your data or built some apps in Azure, it’s a great place to be. But knowing how to sift through Azure logs or chase down alerts in Security Center isn’t always obvious. Expel helps your security strategy keep up by detecting and running security risks to ground in Microsoft Azure.

Detections designed for your
Azure environment

Our Azure detection strategy uses built-in APIs and services:

  • Analyzes Security Center alerts
  • Adds Azure-specific detections for high-risk activities
  • Tunes detections to match your apps and workloads
Azure_Dashboard-1

What we do

Expel-Diamonds_diamond-01
Mobile-Diagram_Mobile 1
AWS-Icons_monitoring

24x7 Azure monitoring

Our analysts chase down your Azure alerts so you can focus on building new features, products and services.

Expel-Diamonds_diamond-02
Mobile-Diagram_Mobile 2
AWS-Icons_investigating

Investigations in Azure

We’ll connect the dots from suspicious alerts in Azure back to their root cause and tell you what they mean.

Expel-Diamonds_diamond-03
Mobile-Diagram_Mobile 3
AWS-Icons_fixes

Fixes “written in Azure”

Whenever possible, our analysts will recommend configuration changes to address activities we tell you about.

It’s not very often that you’ve got a Slack channel with your CSO, your analyst and your managed security provider all talking together at 2:00 AM … It’s a great feeling. It feels like our analysts aren’t alone in the middle of the night.

— Amanda Fennell, Chief Security Officer

What we look for

(updated at Azure speed)

Microsoft is constantly primping and preening (and often renaming) the security capabilities available within Azure. As Microsoft rolls out new services to protect your data and workloads, we’ll evaluate them and update our detection and response strategy where it makes sense so your security strategy can stay in sync. Here are a few examples of things we’ll look for:

Azure-icons-01

Suspicious logins and
unauthorized access

Azure-icons-02

Disabling or changing Azure
security capabilities

Azure-icons-03

Unauthorized sharing or access to
sensitive data

Azure-icons-04

Evidence of
instance compromise

Azure-icons-05

Unusual or risky container
service behavior

Azure-icons-06

Risky violations of Azure best
practices

How we use native Azure capabilities

(hint: it’s a lot more than chasing Security Center alerts)

Expel uses API integrations to connect directly to the Microsoft Azure platform. We support authentication via an Azure Active Directory app. To collect data, Expel communicates directly with APIs including the Microsoft Graph API for services like Security Center, Azure Activity Logs and Microsoft Cloud App Security (MCAS).

Azure Infographic

How Expel uses Azure services for detection, investigation and response

Azure service Examples of how we use them Detect Investigate
Azure Active Directory Monitors who’s accessing your environment
Azure Activity Log Provides insight into events in the Azure infrastructure
Azure ATP Gives us comprehensive alerting based on activity in your Azure organization
Azure Active Directory Identity Protection Flags risky sign-ons
Microsoft Cloud App Security (MCAS) Uses behavioral analytics to flag suspicious behavior
Azure Security Center Sends us alerts which we analyze and run to ground
Gretting To Grip Blog@2x

Blog

Understanding how to think about cloud security differently is half the battle. We’ve thought a lot about it and we’ve identified three key points that should inform your cloud strategy.

Why The Cloud@2x

Blog

Is your data really saveer in the server room next door? Probably not. Here are five reasons why the cloud offers better security than your on-prem environment.

Four Habits Of@2x

Blog

If you’re running workloads on AWS, then you’ll want to know all about the latest and greatest AWS-native security tools. We’ve got you covered in our latest post.

Give us 30 minutes to show you how we can protect your data and workloads in Azure.

Back To Top