London, UK – 10th March 2021 – Satisnet are excited to announce the first ‘Threat-Informed SOC’ Service available to all Microsoft Azure Sentinel users - maximising the benefits of their SIEM.
Threat-Informed SOC Service
Microsoft own two of the most attacked surfaces within any organisation, email (Office 365) and identity (Acive Directory).
In this noisy world of cyber security, what are we all trying to achieve?
Data and breach protection are really the core drivers. Microsoft delivers this with a unified data protection platform using the Microsoft Information Protection (MIP) framework and, within that, Azure Information Protection (AIP) providing true data loss identification and prevention across the whole infrastructure. The technology stack is formed from the Defender Extended Detection and Response (XDR) platforms. Their security platforms are comprised of the Microsoft 365 defender suite (covering: email documents, identity applications, and endpoints) and the Azure Defender suite (covering: the cloud virtual machines, databases, containers, and IoT devices). What is so interesting about the whole strategy, is it now allows joined up security across all of these platforms, and then take it to the ‘nth’ degree to provide true data protection on top, with Azure Sentinel being the overarching ‘Hub’.
Satisnet work with their customers in all aspects of designing and implementing a SIEM and SOC solution.
Implementations consist of four main phases: Collect, Detect, Investigate, and Respond. The journey typically starts with requirements-gathering and customers often know they require a SIEM but are unsure of what the ‘art of possible’ is in using it and this is where Satisnet can really help.
Bear in mind SIEM is not always the answer, depending on the gap analysis Satisnet can jointly do, it may be that other security controls need to be prioritised first, with the SIEM being a phased approach thereafter. When onboarding Azure Sentinel, Satisnet have created a Proof of Value (PoV) portal that uses a wizard approach to set up and configure your Azure Sentinel SIEM and prepopulate it with your chosen log sources (i.e. your own data!) within minutes. This portal also includes a cost modeller, enabling accurate calculations to how much Azure Sentinel will cost you on an ongoing basis. Satisnet truly are skilled in optimising SIEM licensing, only collecting the logs you need, allowing you to get away from the SIEM as a ‘bucket’ mentality of old!
Once the journey begins, Satisnet has a range of services that can further assist the customer with the functions outlined below to ensure they obtain maximum benefit from Azure Sentinel.
MSSP Services - Pay As You Go
Satisnet also offer a unique Azure Sentinel ‘Zero-Hour Contract’ MSSP Service - Pay As You Go - for their customers with a manageable monthly investment and minimum period. No lock-in means you can cancel the service at any time. This Service is also offered as ‘24x7x365’, ‘business hours’, or as ‘Out of Hours (OOH)’.
Highlights of The MSSP Service
Let me now highlight where Satisnet stand out from the crowd as an MSSP.
With SIEMs, content is paramount and that is why they have created the Microsoft Threat Hunting library. Think of this as patch management for security platforms - essentially researching and packaging new dynamic threat content based on real-world threat observations, mapped to MITRE ATT&CK. This conten is ready to be applied ‘on the fly’ to Azure Sentinel to give you the latest protection possible. Content takes the form of rules and also automation packages that can be added to Azure Sentinel.
And there is more…
...XDR is the latest buzzword, and Satisnet make it a reality. Utilising latest content, Satisnet create threat hunting rules and automations to proactively look for any backdoor activity, not just on the SIEM but also to query other platforms and data stores. For example, they can automate email forensics to spot any phishing campaigns, inspect file stores for ‘dodgy’ file hashes, and also network traffic for unusual behaviour, etc. Satisnet also utilise purple teaming and Breach and Attack Simulation (BAS) to constantly test Azure Sentinel controls and any point security tooling - such as EDR - that could be feeding it, to ensure they are constantly tuning the environment to keep pace with attackers. And, finally, the most important part of all is the Satisnet SOC Team. Working as an extension of the customers' security team means they don't just report alerts and incidents, but they work through triaging and applying context to those alerts and then putting in measures to ensure incidents don't reoccur.