Blog

Introducing LogLocker: the future of log data management for Microsoft Sentinel

Written by Alex Cawthorne | Feb 6, 2024 4:42:19 PM
 
The introduction of LogLocker for Microsoft Sentinel marks a groundbreaking advancement. This new platform, designed to simplify and rationalise the management of log data, is a game-changer for organisations that want to reduce storage costs whilst retaining the ability to navigate the complexities of modern compliance requirements.
 

Retain and preserve high-value logs with ease

In today's data and AI economy, managing log data efficiently is more critical than ever. 

Logs provide the details of how data has been accessed, used and shared - essential information for showing what really happens with data and systems that are subject to compliance. Being able to find, analyse and securely share this information is essential for both analytics and legal purposes.

However, even in the short term, the cost of retaining logs mounts up so quickly that few organisations can afford to retain logs for any meaningful amount of time. 

Similarly, demonstrating the lineage of logs and their trustworthiness is key in any legal defence. 

LogLocker addresses these issues head-on, offering a cost-effective, data-minimising solution that preserves and protects logs with unparalleled blockchain-based security.

How LogLocker enhances Microsoft Sentinel

LogLocker enhances the capabilities of Microsoft Sentinel by providing targeted protection and cost-effective long-term storage for specific logs. It enables efficient log data management, using existing Sentinel alerts and queries to capture and store only the necessary information in LogLocker’s high-security, private blockchain. 

This targeted approach ensures that critical logs are ready for search, sharing, and review without the overhead of managing extraneous data. The blockchain basis of the solution ensures that logs can be shown to be preserved in their original state. 

Moreover, the system is easy to implement and use as it piggybacks on the queries already written by security teams to monitor and record sensitive data and telemetry. LogLocker uses the same KQL (Kusto Query Language) code security teams already use for monitoring purposes.

Getting started couldn't be easier for Azure customers as LogLocker is now available to purchase on the Azure Marketplace. 

What you get from LogLocker

  • Cost reduction: LogLocker offers an affordable long-term alternative to traditional log retention methods, mitigating the long-term financial impact.
  • Data minimisation: The platform allows organisations to archive and retain only the necessary logs, aligning with business requirements and compliance mandates.
  • Preservation and protection: Using distributed ledger technology, LogLocker ensures your logs are safeguarded as defensible legal evidence.
  • Seamless integration: Designed for easy integration with Microsoft Sentinel and other Microsoft services, LogLocker complements your existing security infrastructure without the need for retraining.
  • Extensibility: LogLocker is not limited to specific data types or volumes, offering flexibility to accommodate various data sources.

Rapid installation and deployment

A few clicks are all it takes to review LogLocker’s suitability for your purposes and start implementation, with deployment taking just a few days, thanks to free support from the LogLocker team.

Deployed directly into your Azure subscription, LogLocker gives you complete control over the security and location of your data. It supports deployment in any Azure region, respecting data sovereignty requirements and offering additional storage options for larger data sets.

Pricing options

LogLocker offers various pricing plans to cater to different needs. Options include:

  • Business plan: Ideal for smaller log volumes, providing basic features for effective log management.
  • Enterprise plan: Includes off-chain storage options for handling larger log volumes.
  • Premium plan: Offers API integration and third-party data sharing, suitable for more complex log management needs.

The future of log data management

With LogLocker, businesses can now harness the full potential of their SIEM investments, bridging the gap between security and compliance teams and promoting a unified approach to cybersecurity and compliance.  The platform streamlines compliance operations and ensures adherence to regulatory standards. 

This represents a significant leap forward in log data management. The ability to reduce costs, minimise data, and preserve logs securely positions LogLocker as an essential tool for any organisation committed to robust digital compliance and security. 

For more detailed information about LogLocker and its integration with Microsoft Sentinel, please visit LogLocker's official website and the LogLocker listing on the Azure Marketplace