Microsoft Sentinel, Nasuni stand watch over cloud storage

A new integration between Microsoft Sentinel and Nasuni enables visibility into data compromises or other issues logged by the storage vendor through the SIEM console.

Nasuni's latest integration with Microsoft Sentinel helps storage stand guard and sound alarms for enterprise data under attack.

Nasuni's File Data Platform offers object storage for edge software or hardware devices to cache data, which enables cloud storage to act like a local file system. The Nasuni file system can now deliver audit events and notifications to Microsoft Sentinel, a cloud security information and event management (SIEM) console.

Storage is becoming important for security teams alongside traditional infrastructure teams, according to Dave Raffo, an analyst at Futurum Group. Cyber attacks, including ransomware, target storage to access personally identifiable information, corporate intellectual property or other valuable data, prompting data security and data protection to become a collaborative effort.

"The CISOs [chief information security officers] are getting more involved with storage," Raffo said. "Everybody in storage is working in this area."

Sentinel duty

The Sentinel integration enables security teams to collect security or other IT risk events at each Nasuni edge device, which can number in the hundreds for some customers, according to Russ Kennedy, chief product officer at Nasuni.

Events from edge devices can automatically trigger security protocols within Sentinel for those considered a high-enough priority, such as a massive number of changes to data or deleted files.

"We know what is going on in our edge devices," Kennedy said. "We serve as a sort of early warning system. This allows us to share that information in real time from those edge devices with [Sentinel]."

Specific Sentinel automation capabilities include the ability to send admin alerts, disable flagged user accounts and scan logs for forensic research. The Nasuni-Sentinel connection also enables interoperability with other Azure security services, including Microsoft Defender for endpoint detection and Sentinel data connectors to enable multi-cloud monitoring.

The Nasuni File Data Platform now supports an add-on ransomware protection service with a new targeted restore capability, which can find and mount the last clean files and snapshots prior to a ransomware attack.

The Nasuni integration is now generally available through the Sentinel content hub in the Azure Marketplace. Nasuni's File Data Platform, its primary service, is sold as an annual subscription per terabyte under management. The Ransomware Protection service and targeted restore capability is similarly available now and is sold as an annual subscription based on capacity. Other features of the service include attack detection, automated policies to stop the spread of an attack and a file recovery capability.

No end of watch

Nasuni's partnership with Microsoft Sentinel mirrors Rubrik's own recent partnership with the SIEM console, although Rubrik gives alerts of issues within a backup rather than a primary storage environment.

Storage and backup vendors might tout security features or position security capabilities as part of their overall data protection strategy, but buyers should be aware of the differences, according to Jack Poller, an analyst at TechTarget's Enterprise Strategy Group.

Attackers have to be right once. Defenders have to be right all the time.
Jack PollerAnalyst, Enterprise Strategy Group

"Many practitioners play loose and fast with the terms data protection and data security," he said. "Data protection is about data availability -- security is about controlling access."

Microsoft Sentinel isn't the only SIEM service on the market, competing with the likes of Google Cloud's Chronicle, Splunk and IBM QRadar Suite, according to Poller.

Understanding the difference between access control and data availability will help teams better develop strategies to secure data, especially across the menagerie of services and infrastructure modern IT uses, Poller said. Data protection from storage vendors shouldn't be considered a first or last line of defense, but one piece of reinforced rebar among many.

"Attackers have to be right once," Poller said. "Defenders have to be right all the time. This type of cybersecurity is another layer of in-depth defense."

Tim McCarthy is a journalist from the Merrimack Valley of Massachusetts. He covers cloud and data storage news.

Dig Deeper on Storage management and analytics

Disaster Recovery
Data Backup
Data Center
and ESG