Most of the organizations are at an early stage of a process where they want to improve log analysis and build a SIEM capability for cloud-based workloads. The existing SIEM works perfectly for on-prem, but the organizations going digitally are adopting public cloud technologies rapidly.
I am responsible for the Cyber Platform Engineering at Adfolks LLC in Dubai. We are building a new approach for system monitoring and data collection called ops_brew the observability pipeline, which is a zero-code cloud-native platform build on highly standardized open-source components. It helps the DevSecOps teams(in Modern World) or System Administrators to seamlessly build and manage the data pipeline for SOC and Cyber Team with the amount of data and the number of tools modern systems demand these days.
We use Azure Sentinel for a few months now with our customers, and I must say it is delivering much value to them. The speed of releasing new functionality is also rather impressive. Most of our clients run a large “old-fashioned” IT estated across the Middle East, and for that, they use a SOC managed by an external vendor, which is based either on Splunk or Qradar. But the customer already sees the information, actions, correlation information by Sentinel is far more superior than the “homegrown” Splunk/Qradar implementation. As you can imagine, most of these customers, there is still an internal battle ongoing what to use in the future for on-prem environments, which will stay for a while. Still, they have chosen Sentinal as their modern SIEM 1st line of defense environment for the Cloud workloads. Of course, we helped these customers to use Sentinel to handle their on-prem environments as well, but as said, still ongoing debates.