Microsoft Sentinel, Nasuni stand watch over cloud storage

Sentinel duty

The Sentinel integration enables security teams to collect security or other IT risk events at each Nasuni edge device, which can number in the hundreds for some customers, according to Russ Kennedy, chief product officer at Nasuni.

Events from edge devices can automatically trigger security protocols within Sentinel for those considered a high-enough priority, such as a massive number of changes to data or deleted files.

"We know what is going on in our edge devices," Kennedy said. "We serve as a sort of early warning system. This allows us to share that information in real time from those edge devices with [Sentinel]."

Specific Sentinel automation capabilities include the ability to send admin alerts, disable flagged user accounts and scan logs for forensic research. The Nasuni-Sentinel connection also enables interoperability with other Azure security services, including Microsoft Defender for endpoint detection and Sentinel data connectors to enable multi-cloud monitoring.

The Nasuni File Data Platform now supports an add-on ransomware protection service with a new targeted restore capability, which can find and mount the last clean files and snapshots prior to a ransomware attack.

The Nasuni integration is now generally available through the Sentinel content hub in the Azure Marketplace. Nasuni's File Data Platform, its primary service, is sold as an annual subscription per terabyte under management. The Ransomware Protection service and targeted restore capability is similarly available now and is sold as an annual subscription based on capacity. Other features of the service include attack detection, automated policies to stop the spread of an attack and a file recovery capability.

No end of watch

Nasuni's partnership with Microsoft Sentinel mirrors Rubrik's own recent partnership with the SIEM console, although Rubrik gives alerts of issues within a backup rather than a primary storage environment.

Storage and backup vendors might tout security features or position security capabilities as part of their overall data protection strategy, but buyers should be aware of the differences, according to Jack Poller, an analyst at TechTarget's Enterprise Strategy Group.

Attackers have to be right once. Defenders have to be right all the time.

"Many practitioners play loose and fast with the terms data protection and data security," he said. "Data protection is about data availability -- security is about controlling access."

Microsoft Sentinel isn't the only SIEM service on the market, competing with the likes of Google Cloud's Chronicle, Splunk and IBM QRadar Suite, according to Poller.

Understanding the difference between access control and data availability will help teams better develop strategies to secure data, especially across the menagerie of services and infrastructure modern IT uses, Poller said. Data protection from storage vendors shouldn't be considered a first or last line of defense, but one piece of reinforced rebar among many.

"Attackers have to be right once," Poller said. "Defenders have to be right all the time. This type of cybersecurity is another layer of in-depth defense."

Tim McCarthy is a journalist from the Merrimack Valley of Massachusetts. He covers cloud and data storage news.