Introducing Senserva, From our Guest And Microsoft Sentinel expert Cameron Fuller

Who is Senserva from Guest Cameron Fuller

Who is Senserva

Senserva is the brainchild of Mark Shavlik. For those of you who have been in the industry for a while that may ring some bells. Mark worked with Microsoft and Microsoft technology since 1985, including being an early member of the Windows NT development team in Redmond . He later formed Shavlik Technologies which made his name commonly known in the patch management circles.

Rod Trent has noted in Azure Sentinel this Week Anything Mark is part of you know its going to be stellar.

Where did the name Senserva come from?

The name Senserva comes from a variation on the combination of two words in Esperanto: sen which means without, and servio which means server (for a great translation from English to Esperanto see this link). So, the company name translates roughly to “Without Servers”. Senserva sees the serverless world as more than Azure functions or AWS lambda. They define serverless as anything that does not have to be patched. They see the large shift forward in our industry where serverless computing reaches the stage where “There will be a time when people will not have to know the difference between Windows and Linux servers“.

What does Senserva focus on?

Senserva’s goal is to help IT personnel quickly gain benefits from the current security products they have already purchased.

How does Senserva integrate with Azure?

Senserva complements and extends Azure’s security solutions and components by continually gathering a wide range information from the Azure Active Directory, analyzing it and then streaming it into the Log Analytics workspace Azure Sentinel is built on. It is designed as a turn-key solution that does not require a separate user interface (UI). Instead, it works the underlying Log Analytics workspace, in an industry first. Their solution provides data into Microsoft Sentinel as well as queries and assets that augment Azure Sentinel. Senserva is built multi-tenant from the ground up, bringing full MSSP support to Azure Sentinel.

MISA member

Senserva is recognized as a member of the Microsoft Intelligent Security Association (an invite only association)

“Members of MISA, like Senserva, offer solutions that extend Microsoft security to quickly identify and remediate security incidents before they cause business impact,” said Eric Burkholder, PM, Technology Partnerships, Azure Sentinel at Microsoft Corp. “The integration of Microsoft Sentinel with the Senserva’s award-winning Cloud Management Solutions allows us to work together to enhance customers’ security posture with less complexity.”

What solutions does Senserva provide?

Senserva’s technology is focused on gathering deep insights about user security from Azure Active Directory (and related technologies including SharePoint Online, OneDrive, Exchange Online).
The graphic below shows Senserva’s solutions. The items above the blue box (Azure Sentinel and Log Analytics Workspace) are available for free to the community. The items below the same box are paid solutions provided by the company.

Free resources

One of the common challenges in Azure Sentinel is the development of effective queries. Senserva has provided a GitHub repository that includes Queries (written in KQL) and workbooks. These contributions are provided for free to the community. If you are using Microsoft Sentinel, you should check these out! In the future, there are plans to add playbooks and alerts, and other content as would be beneficial for the Microsoft Sentinel community.

Paid services:

The Senserva solution automates Azure Active Directory Security Configuration Management – Providing visibility into critical changes to configuration within Azure Active Directory. The solution provides insights into security aspects of Azure Active Directory (including users, applications, groups, service principals, conditional access, PIM and more) into the Log Analytics Works Space or Microsoft Sentinel, including custom KQL queries and dashboards.

While it is common to believe that Azure Active Directory is like Active Directory, there are significant differences between the solutions. Active Directory is primarily focused on groups and users and computers. Azure Active Directory is a different beast as there are new features available such as zero trust through conditional access, and it even has a full developer API available for it for use in custom application development.

Key features:

Providing continuous cloud security and enabling rapid detection and remediation of risks, vulnerabilities, and adherence to compliance
Automates Compliance Management – Maintaining adherence to regulations, best practices, frameworks, and partner requirements

Provides Full API, and dynamic report and dashboard creation
Build on Microsoft Lighthouse to remotely update and manage the instance (Senserva never sees your data, but it maintains the solution in your environment through Lighthouse).

Multi-tenant from the group up as is shown in the graphic below which show a quick multi-tenant view into various Azure Tenants, all automatically updated by Senserva.

How are the solutions deployed?

Senserva’s solution is currently deployable through the Microsoft marketplace. It is installed via a template that includes the steps to do the data gathering, and pre-built visualizations. You can gather managed tenants (if you are a CSP). There is a monthly charge that is applied by the Microsoft store.