New Microsoft Sentinel Data Lake Promises Cost-Effective, AI-Driven Threat Detection

Microsoft has just launched the Microsoft Sentinel Data Lake, now available in public preview for commercial customers. This centralized platform brings together security data from Microsoft and third-party sources, offering cost-effective long-term storage and advanced AI-driven threat detection and analysis.

The problem with fragmented security data

Security teams often struggle with data scattered across various tools, platforms, and formats, making it hard to get a unified view of threats and respond quickly. Traditional SIEM systems force a trade-off between keeping enough data for deep analysis and managing high storage costs. This fragmentation weakens analytics, slows investigations, and undermines overall defense efforts.

The Microsoft Sentinel data lake addresses this problem by consolidating all security data into a single and cost-efficient platform. This AI-powered platform enhances visibility, detection, and response across the entire threat landscape.

“The Microsoft Sentinel data lake is fully managed, without the need to deploy or maintain your data infrastructure. It provides a unified data platform for end-to-end threat analysis and response. It enables you to store one copy of security data across assets, activity logs, and threat intelligence in the lake and leverage multiple analytics tools like KQL and notebooks for deep security analytics,” Microsoft explained.

Key features of Microsoft Sentinel data lake

Microsoft highlighted several key benefits of its new Sentinel data lake solution. It offers data retention capabilities at less than 15 percent of the cost of traditional analytics logs. Moreover, this new solution enables agentic AI by providing long-term, unified visibility across all security data. It also eliminates the need to choose between data retention and budget constraints.

SOC teams can access the Microsoft Sentinel data lake through the Defender portal. This solution supports over 350 built-in connectors for Microsoft and third-party data sources, including all Microsoft Defender and Microsoft Sentinel data sources, Microsoft 365, Microsoft Entra ID, and Microsoft Resource Graph. It also enables custom data ingestion, allowing organizations to bring in logs and signals from virtually any system.

The Microsoft Sentinel data lake provides long-term data retention capabilities, which are important for compliance, forensics, and AI training. Moreover, it supports long-term attack tracking, anomaly detection, and forensic investigations. This service also helps to enhance compliance reporting with easy access to historical logs and events.

Pricing details

Currently, the Microsoft Sentinel data lake solution is available in public preview for commercial customers. During the public preview, data ingestion is just $0.05 per GB, storage costs $0.026 per GB per month, and querying data is only $0.005 per GB analyzed. Users can also benefit from 30 days of free storage and free data processing, and we invite you to check out this support page for more details.