ConnectDS are a Microsoft partner, reseller & service provider for Azure Sentinel – offering SIEM as a service for clients across the UK.
Azure Sentinel is a cloud-native SIEM (security information event management) system that centralises information logs from devices across a network in order to create a central repository and visibility across the enterprise. this data can be enriched with advanced correlation and threat intelligence feeds to enable enhanced detection and response powered by the ConnectDS security monitoring and threat hunting team.
Sentinel provides centralised and intelligent security analytics across the entire enterprise with Its ability to log data from local and cloud services and combining these multiple data sources enables security operations teams to receive deep visibility for threat detection and to automate the threat response leveraging custom playbooks upon predefined threat scenarios. As a result, clients and managed security teams can rest assured that monitoring is proactive through intelligent automation.
ConnectDS are in the top 5% of Microsoft partners and we are a managed security service provider (MSSP). Our SOC team leverage the full Security Orchestration, Automation, and Response (SOAR) capabilities of the Microsoft offering to offer managed detection and response services to secure the both the client and the customer environment for businesses globally. Companies we work with receive the full advantage of Sentinel and the threat intelligence supplied by our SOC to ensure that access to their operations and data are monitored and proactively secured.
Threat Intelligence Feeds
ConnectDS are a CREST-accredited organisation that thrives on the continuous improvement of security and reduction of disruptive incidents for customers. Azure sentinel can consume from threat intelligence aggregation services from a large number of external resources to identify possible malicious hosts and Indicators of compromise (IOCs) with active alerting for our Security Operations Centre to monitor, investigation and validate as part of our Azure Sentinel managed service and cyber security protection. Sentinel can consume structured STIX/TAXII threat intelligence feeds, including the following open and commercial sources:
Azure Sentinel SIEM Environment
The Azure environment provides a large resource group for tenants. Having Azure Sentinel either as a standalone piece of SaaS integrated with third party applications or integrated with other Microsoft services is an enterprise solution for businesses ensuring that incidents are mitigated against and security alerts are improved. The Azure Sentinel environment allows for more information to be crawled through using automation, and for human intelligence to be applied to the process. This results in great capabilities when it comes to managing security and data security.
Azure Lighthouse & Azure Sentinel
Azure Lighthouse is leveraged by the ConnectDS team to provide granular and multi-tenant access to client Azure Sentinel instances. This ensures your organisation controls access to the Azure Sentinel platform with delegated access control from an single approved Azure MSSP Tenant leveraging by RBAC at the resource group level.