Vietnamese security engineer wins first prize in Azure Sentinel Hackathon worth 10,000 USD

Three technology engineers of FPT Software won the first prize in the Hackathon Azure Sentinel 2021

Awarded “Excellent” by the Jury, Team SAS demonstrated their creativity with a project using Azure Sentinel as a SIEM/SOAR (Security Event and Information Management/Automation Management) security solution. , Violation Investigation and Response) on the enterprise’s own infrastructure system (On-Premise).

Azure Sentinel is an event management and information security system built by the Microsoft Azure cloud computing platform (Azure Cloud). This is the main security solution used on Azure Cloud, combined with enterprise On-Premise security applications to optimize security efficiency.

The organizers of the Azure Sentinel Hackathon presented a problem for the teams to build an end-to-end network security solution, leveraging Azure Cloud native services such as Azure Functions and AppLogic. Projects must include the ability to improve threat detection, investigation, and response, deliver business value, and drive users to Azure Sentinel.

During the research, the team found that although it is an effective security solution for Azure, Azure Sentinel is only a secondary choice for the enterprise’s internal SIEM system – still using SIEM On-Premise as a habit. IBM QRadar or Splunk. In the trend of moving the entire core of the business to the Cloud, Azure Sentinels had to integrate one-way sending of data to IBM QRadar, lack of initiative in analyzing data and deciding on response options.

Turning the problem around, the SAS Team had the idea to make Sentinel the top security choice in the internal system of the enterprise. As the primary SIEM/SOAR solution, Azure Sentinel acts as the “commander” for the remaining layers of cybersecurity defenses, making it particularly advantageous for enterprises’ journey to the cloud. .

Announce the winning team on the official Microsoft website

After more than 3 months of research and testing, the team has successfully built a new, custom connection protocol for bringing violations from QRadar to Sentinel. The team’s representative said that the biggest challenge was completing the verification protocol and granting access to the databases of the two sides. Through the Hackathon, FPT Software’s engineering team learned many valuable lessons about developing a comprehensive add-on for Azure Sentinel while leveraging Azure Cloud native services.

“In an age of increasingly complex cybersecurity issues, improving SIEM is key to staying ahead,” said Vasu Jakkal, Vice President, Security, Compliance, and Identity, Microsoft. This innovative solution connects QRadar with Azure Sentinel and assists QRadar customers in migrating their systems to Azure Cloud native solutions. Congratulations to Team SAS for their outstanding performance.”

This is the second year that Azure Sentinel organizes a Hackathon – building a cybersecurity solution based on the solution of the Azure Cloud platform. This year, the contest offers a total of $19,000 in prizes – double the value of last year’s prizes and increasingly attracting attention from experts around the world, receiving twice as many entries. all over the world.

To achieve the first prize, the competition team from FPT Software not only created a solution that meets the requirements of the problem, but also has high practicality, stemming from the real needs of businesses. The solution proves the ability of the engineering team, has great application potential, helps businesses move to the Cloud more smoothly, ensures optimal data security and uninterrupted operation. The addition of capacity in network security will help FPT Software perfect its services, opening up the possibility of providing end-to-end solutions to customers.

In the field of network security, FPT Software develops and provides services focusing on three main areas, including: Application Security (consulting, evaluating application information security); Security Engineering (consulting services, building and developing security systems, focusing on cloud platforms (AWS, Azure) and some new services related to information security operation – Security Operation); and Managed Security (outsourcing services for operation, monitoring, attack detection and security incident handling).