IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom
Azure cloud security shield with blue data streams cost monitoring
#
Hybrid Cloud
#
SIEM
#
Digital Transformation

DataBahn deepens Microsoft Sentinel tie-up to cut SIEM costs

Wed, 11th Mar 2026
Author image
By Sofiah Nichole Salivio, News Editor

DataBahn has expanded its strategic partnership with Microsoft, adding deeper integration to help organisations onboard and manage security telemetry for Microsoft Sentinel.

The companies say the move addresses operational friction that can delay SIEM roll-outs. Security teams often spend weeks or months onboarding complex log sources. Data volumes also keep rising across cloud, hybrid and SaaS environments, increasing pressure on budgets and data engineering teams.

DataBahn sells a security data pipeline product that sits in front of SIEM platforms. The expanded partnership adds tighter integration with Sentinel and closer engineering collaboration with Microsoft.

Deeper Integration

The integration places DataBahn's data pipeline in Sentinel's ingestion path. DataBahn says it can normalise, enrich, transform and route security telemetry from more than 500 sources into the service.

Security data onboarding remains a pain point even for organisations that have standardised on a SIEM, the companies say. Many deployments still rely on manual normalisation and parsing workflows, which can break when formats change or when teams add new data sources.

DataBahn argues the main constraint sits upstream of the SIEM: ingesting, transforming and routing modern telemetry across mixed environments, rather than limits in the SIEM layer itself.

Cost And Routing

DataBahn says the integration includes classification and routing features that split data between tiers in Microsoft's security stack. In its model, higher-value detection data goes to the Sentinel analytics tier, while higher-volume retention data routes to the Sentinel data lake.

The company cited "60% cost reduction from DataBahn customer deployment metrics" tied to this tiering approach. Ingestion costs for analytics-focused SIEM tiers can rise quickly as organisations add log sources and retain more data for investigations and compliance.

DataBahn also says its product reduces reliance on custom scripts, bespoke parsing rules and professional services. It says its Cruz AI tooling accelerates pipeline configuration and integration development for Sentinel deployments.

The integrated offering will be available through Microsoft Marketplace, according to DataBahn. Customers can also apply Microsoft Azure Consumption Commitments to DataBahn purchases.

Security Operations

The partnership builds on existing connections between the two companies. DataBahn already integrated with Sentinel and was available through Microsoft Marketplace, the announcement said. This latest step adds deeper product work and closer alignment with the Microsoft Security ecosystem.

The move comes as security operations teams push for faster deployment cycles while managing a growing mix of telemetry sources. Many organisations collect signals from endpoint tools, identity systems, cloud services, network devices and application logs, and increasingly need to route data to different destinations for analytics, long-term retention and investigation.

DataBahn describes the approach as part of a shift toward AI-driven security data operations. It says future enhancements will extend across Microsoft Security services, with "AI-augmented data operations and advanced investigative workflows".

Speed of deployment is a central part of the pitch. DataBahn says integrated connectors can cut onboarding timelines from weeks to hours for some data sources, depending on the environment, data quality and required customisation.

For security leaders, the companies framed the partnership around three themes: quicker time to value, lower total cost of ownership and simpler operations. The cost claim is tied to tiering and routing decisions, rather than reducing the volume of telemetry collected.

"Security teams don't have the luxury of waiting weeks to see their data. Adversaries move in minutes," said Nanda Santhana, CEO & co-founder at DataBahn. "This partnership collapses that gap. By integrating DataBahn's AI-native data fabric directly into the Microsoft Sentinel ecosystem, customers can connect complex data sources in hours, intelligently optimize costs across Sentinel and Sentinel data lake, and begin detecting threats on day one. This is not incremental improvement - it's a structural shift in how SIEM deployments operate."

Microsoft said the collaboration is intended to remove operational steps that slow SIEM adoption. "Our customers consistently look for faster time to value from their security investments," said Vivek Kokkengada, Partner Director of Product Management at Microsoft. "Through our expanded collaboration with DataBahn, we are simplifying the operational complexity that can slow SIEM adoption. Together, we are enabling security teams to deploy Microsoft Sentinel with greater speed, efficiency and confidence."

DataBahn says the solution runs on Azure infrastructure and will extend further across Microsoft's security services as the companies add new integrations and workflows.

Related stories
Backblaze names Anuj Kumar as chief revenue officer
Sparq launches The Shop to test AI in live systems
ACTO launches role-based AI SuperAgents for Life Sciences
Q4 buys Virtua Research to add analyst consensus data
Actionstep adds iManage integration for midsize law firms

Top stories

GitLab expands Google Cloud partnership for Vertex AI
WatchGuard & HaloPSA integrate security tools for MSPs
Cloudflare Mesh links AI agents to private networks
Gallagher Security spotlights integrated systems at ISC West
Operator XR launches portable VR counter-drone training