Free SIEM for Microsoft 365?

Today, our partner Blumira announced a free SIEM offering for Microsoft 365. This means there’s no excuse for not having security monitoring if you use Microsoft 365!

Blumira is a cloud-based SIEM platform backed by a 24x7 SOC that builds and tunes automations to help customers detect and respond to cybersecurity threats.

As we’ve mentioned previously in reviews, Blumira can’t properly be compared with traditional SIEM platforms like Splunk, LogRhythm, etc. These platforms offer a lot more capability and flexibility for customizing your own analytics or the logic behind detections and alerts, but they’re also deployed and managed by the customer (and they’re a lot more expensive).

In contrast, Blumira hosts the SIEM, manages all of the detection logic for you, and provides guided workflows with recommendations for responses to threats and security events - so you get what they give you, but if you don’t have a SOC or a DevSecOps team tuning your SIEM, what Blumira gives you will provide a far more effective defense than a more expensive SIEM without the right resources behind it.

According to Blumira’s announcement, their free offering will include the following features:

• Security monitoring and guided responses for Microsoft 365

• Deployment in minutes (it’s true, we’ve done it)

• Unlimited users

• Basic reporting and ongoing automated detection rule updates

• One week of log retention (this can be upgraded to the same 1 year that they include in their standard offering, as required for compliance frameworks, insurance, etc.)

Blumira’s announcement on their free M365 edition can be found here. Also, you can find their list of integrations here to determine whether their standard offering can provide coverage for your entire tech stack.

If you have any questions about our managed detection and response offerings, Blumira, or SIEM in general, don’t hestitate to contact us.