Microsoft Consulting

Microsoft Security provides organisations with a suite of tools that are often misconfigured and scoped by their existing partners. Chief amongst these misunderstood and misconfigured tools is Microsoft Sentinel.

When use cases and expectations are defined correctly, Microsoft Sentinel can become a powerful threat hunting and response platform. Sentinel can be complex and daunting to start with start but with the support of Kontex’s SMEs, organisations can be up-and-running, combatting threats in hours.

Microsoft

What is Microsoft Sentinel?

Microsoft Sentinel is your birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make your threat detection and response smarter and faster with artificial intelligence (AI). Eliminate security infrastructure setup and maintenance and elastically scale to meet your security needs—while reducing IT costs.

Focus on finding real threats quickly. Reduce noise from legitimate events with built-in machine learning and knowledge based on analysing trillions of signals daily. Accelerate proactive threat hunting with pre-built queries based on years of security experience. View a prioritised list of alerts, get correlated analysis of thousands of security events within seconds and visualise the entire scope of every attack. Simplify security operations and speed up threat response with integrated automation and orchestration of common tasks and workflows.

Capabilities

  • Collect data at cloud scale—across all users, devices, applications and infrastructure, both on-premises and in multiple clouds
  • Detect previously uncovered threats and minimise false positives using analytics and unparalleled threat intelligence from Microsoft.
  • Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft.
  • Respond to incidents rapidly with built-in orchestration and automation of common tasks.

Azure Sentinel

How can Kontex help?

Kontex’s Sentinel SMEs can support organisations from strategy development to design and implementation of threat detection “Notebooks”.

Allow Kontex to develop a SIEM / SOC strategy by focusing on what matters – Use cases and playbooks. Understanding what you want to achieve and how you are going to operationalise it is often neglected by organisations resulting in multiple failed SIEM and SOC programs.

The foundation of Azure Sentinel is the data store; it combines high performance querying, dynamic schema, and scales to massive data volumes. The Azure portal and all Azure Sentinel tools use a common API to access this data store. The same API is also available for external tools such as Jupyter notebooks and Python. While many common tasks can be carried out in the portal, Jupyter extends the scope of what you can do with this data. It combines full programmability with a huge collection of libraries for machine learning, visualization, and data analysis. These attributes make Jupyter a compelling tool for security investigation and hunting.

Kontex will support you in defining attack scenarios and then testing / enhancing your Sentinel environment to respond to defined attack patterns quicker. The definition of playbooks and runbooks is a critical component to this exercise and will be used to enhance an organisation’s Blue Team capabilities.

Kontex will support you in integrating threat indicators from a variety of sources for use with Azure Sentinel analytics, hunting, and workbooks. Sentinel Threat Intelligence TAXII connectors add support for threat indicator feeds from open source threat intelligence (OSINT) and threat intelligence platforms.

Microsoft Graph Security API integrations enable organisations to sync alerts from Azure Sentinel, as well as other Microsoft solutions, with ticketing and security management solutions such as ServiceNow. Kontex will support organisations in ensuring that threats are tracked and responded to in-line with predefined SLAs and expectations.

If you are an organisation using one of Microsoft’s business plans, odds are your Microsoft service partner has not implemented the best of breed security controls available as part of your subscription. By not implementing an effective protection strategy, your data, systems and employee safety will be at risk.

O365 Security Capability Review

Kontex’s Microsoft 365 Capabilities Review will ensure that an organisation is augmenting their existing security controls with the capabilities available as part of their M365 enterprise subscription.

Our review methodology will involve the following activities:

DISCOVERY ASSESSMENT

Details of Available Capabilities in Your Microsoft Subscription, Details of Enabled Capabilities, Details of Controls Configuration Effectiveness, Measurement of Identity Management / Privileged Management Capabilities, Device Management Capabilities and Effectiveness of Data Governance Controls.

RISK IDENTIFICATION

Briefing on Vulnerabilities Identified, Evidence of Historical Compromise and Threats mapped to Capabilities

CONTROLS RECOMMENDATION

Control Recommendations from Current Subscription Linked to ISO Standard Controls, Complete Roadmap on how to Deploy Controls Within Microsoft Subscription to Mitigate Against Identified Risks and Production of a Security Roadmap to Enable the Onboarding of Cloud Services Over the Next 3 Years

CIS STANDARDS ASSESSMENT

Assessment of Configurations Against the Centre for Information – CIS Security Hardening Guidelines

CONTROLS ANALYSIS

Details of Misconfigured Services, Non-Enabled Capabilities, Compensating Controls and Existing Third-Party Capabilities

Our review methodology will involve the following activities:

Details of Available Capabilities in Your Microsoft Subscription, Details of Enabled Capabilities, Details of Controls Configuration Effectiveness, Measurement of Identity Management / Privileged Management Capabilities, Device Management Capabilities and Effectiveness of Data Governance Controls.

Briefing on Vulnerabilities Identified, Evidence of Historical Compromise and Threats mapped to Capabilities

Details of Misconfigured Services, Non-Enabled Capabilities, Compensating Controls and Existing Third-Party Capabilities

Assessment of Configurations Against the Centre for Information – CIS Security Hardening Guidelines

Control Recommendations from Current Subscription Linked to ISO Standard Controls, Complete Roadmap on how to Deploy Controls Within Microsoft Subscription to Mitigate Against Identified Risks and Production of a Security Roadmap to Enable the Onboarding of Cloud Services Over the Next 3 Years