Microsoft Azure Sentinel security system has new features that allow behavioural analytics to detect insider and new threats faster. This new feature is also an incentive for users to send their security logs to Azure cloud for analysis.

The model used here is the pay-as-you-go pricing plan. Users pay $2.46 per GB of data analyzed by the Azure Sentinel security information and event management system, otherwise known as SIEM.

Rather than spending a lot of money on their own hardware for SIEM solutions, Sentinel is now available without needing hardware set up or high licensing costs.

Don’t be surprised by the bill

Azure’s product is cheaper than the traditional SIEM solutions, but it is not free. Eric Doerr, the VP of cloud security at Microsoft, said that sometimes, customers are surprised by the cost of the service, after seeing how well it works. They send a lot of data and logs that they may not have done using the legacy SIEM.

The total cost of ownership is a much better plan than buying several physical machines. That is where customers get tempted to send more data and find out that the system is impressive but not free.


Microsoft Sentinel now has 6,500 customers, since the system generally became available a year ago. The sentinel User and Entity Behavioral Analytics solution (known as UEBA) allows customers to detect insider or unknown threats.

The feature is available in preview and works through the careful construction of a user’s behavior profile to detect anomalies.

These profiles have contextual information, timelines, and alerts across the different relevant sources. There are provisions for customers using rival clouds like AWS, to have the same level of security that they do in Azure.