Microsoft Sentinel
Microsoft’s Sentinel is a scalable, cloud native Security Information and Event Management (SIEM) platform.
Microsoft Sentinel provides enterprises with the ability to ingest data at cloud scale and utilise this to detect threats, this, coupled with the analytics and threat intelligence that Microsoft provides allows for rapid detection and response for the threats that would previously go undetected.
Bytes believe that customers should be maturing their incident response capabilities by utilising Sentinel, especially in Microsoft Cloud Environments where there are several services enabled. This will allow for a single point to view and track and assess any suspicious activity within the Microsoft Cloud stack.
Data Collection
Detection of Threats
Investigation of Incidents
Respond and Contain
What does the onboarding include?
Depending on your Microsoft Licensing and Cloud utilisation, we will determine which services we can ingest into Sentinel. This will be ascertained during the planning element of the session and will identify which data sources should be ingested as part of this session.
Requirements Gathering
Bytes consultants will look to get an idea of the business and technical requirements and expectations you have of Sentinel.
Planning and Considerations
Bytes consultants will look to get an understanding of your current environment and provide guidance on how best to deploy Sentinel in a structured manner.
Estimate Pricing
Our consultant will look to get a rough idea of what log sources you will need to ingest into Sentinel, combined with your assets we can provide an estimated price of Sentinel.
Sentinel Provisioning
Our consultant will work with you to implement an instance of Sentinel into your Azure Subscription.
Connecting M365 Data Sources
Our consultants will walk you through the setup and configuration of Sentinel to begin collecting logs and data from your enabled Microsoft Cloud Services.
Next Steps
The final part of the session will be to assess and recommend next steps, such as exploring options around further professional services and managed services to support you with enhancing your response capability.
Why Bytes offer this
To facilitate this belief, Bytes are offering a session that will provide a planning exercise to ensure that core considerations are evaluated and planned accordingly. Additionally, we can investigate the various options around utilising your M365 licensing for greater visibility and explore areas such as Security Co-Pilot for future AI enhancement. Following this, Bytes will support you with a basic implementation of Microsoft Sentinel for your Microsoft Cloud Environment.
This acts as a springboard into using Microsoft Sentinel to begin analysing and detecting threats within your cloud environment. The session is split into 2 x 1-hour sessions, at free of charge to Bytes Customers, with the result being that your Microsoft Sentinel instance is configured to your Microsoft Cloud Services to begin receiving insights and alerts on possible threats.