Azure Sentinel Security Service

Microsoft Azure Sentinel is a powerful SIEM/SOAR platform. But just like any tool, it has its own limitations and quirks. Azure Sentinel Extended Value Pack extends built-in Azure Sentinel capabilities to increase efficiency of security analyst daily routines, decrease cost of your Sentinel infrastructure and provide better visibility for company management.

Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.

Core service offering includes (depending on selected service tier):

• 24x7 monitoring and alerting
• Ongoing Azure cost optimization and alert tuning
• Incident triage and coordinated response
• Proactive threat hunting
• Security posture assessments
• Table-top exercises

Managed Services offerings are delivered at fixed monthly price depending on your selected service tier and choice of included services.

Azure Sentinel is cloud-native, which means that no additional hardware is necessary to start using it and it scales automatically. So, you can start benefitting from it almost instantly. 

The project is organized in the following steps: 

1. Project kick-off meeting to align project scope, project schedule, responsibilities, and involved persons. 
2. Azure Sentinel instance deployment. 
3. Configure data connectors, log collection. 
4. Configure workbooks and hunting queries. 
5. Configure and enable analytic rules. 
6. Set up alerts, incidents, and notifications. 
7. Configure sample automated response. 
8. Demonstrate incident investigation on a sample incident. 
9. Q & A session. 
10. Present project results in an online meeting 

• Customized incident processing workflow to account for remediation activities, provide granular insights into incident classification (False Positives, True Positives etc.)
• Unified user activity timeline across all ingested sources. We will work with you to parse and integrate all ingested sources into a single user timeline that is critical for security analyst when investigating incidents
• High Impact Asset prioritization. If you tick all checkboxes when initially implementing Azure Sentinel, security analysts may have hard time to filter through all the signals generated by Sentinel. HIA ar users and sources that may provide high value to intruders. We will work with your team to implement HIA workflow so that assets from that list receive highest priority treatment by security analysts and are prominently featured in management reporting
• Automated incidents for anomalies in data ingest. While Azure Sentinel provides built-in health workbook, it is rarely possible for security analyst to continuously keep track of it. EVP will create incidents automatically whenever data ingestion stops allowing to address it immediately and avoid loss of security data
• Customized Azure Sentinel data archival flow. Data you keep in Sentinel for efficient access does cost money. We will work with your team to define multi staged data retention and archival workflow, passing data from the most readily available Sentinel stores up to the data cold storage and deletion when data is too old to provide value to your SOC. It will allow you to keep costs down while still providing required data to SOC team
• KPI panel – real-time view of the most important SOC metrics all in one place. Integrated with other EVP customizations, it allows bird’s eye view into SOC operations listing Time To Triage, Time To Closure current and past period values, HIA incidents and data ingest volume changes

• No initial deployment costs in the form of expensive licenses.
• No additional servers are required in the organization’s data center.
• Day-to-day monitoring of logs.
• Software is always up-to-date, no upgrade downtimes.
• Records are stored separately from the infrastructure to be monitored in a secure high-availability environment.

WeAreDots, SIA (dots.) is a technology company with more than 20-year experience that combines innovative, dedicated and certified IT professionals with in-depth expertise and extensive know-how in various fields like IT infrastructure and Cybersecurity, Cloud and Machine Learning, Software development, and Mobility.

Our experienced cybersecurity team gathers experienced and highly skilled experts with certifications such as:

• CISSP (Certified Information System Security Professional), 
• CISA (Certified Information System Auditor), 
• CEH (Certified Ethical Hacker), 
• LPT Master (Licensed Penetration Tester), 
• Microsoft Certified Professional, 
• Microsoft Certified System Engineer, 
• Microsoft Certified Technology Specialist and 
• PRINCE2 (Project Manager).

We are proud to be one of the partners, that's service quality, expertise, collaboration, and trustability are verified by Microsoft.

This service is provided by Squalio.

A Squalio representative will contact you shortly.