Click here to learn about our Azure Sentinel MSSP services

Microsoft Azure Sentinel MSSP – 24/7 Managed Security Services

ConnectDS are a Microsoft partner, reseller & service provider for Azure Sentinel – offering SIEM as a service for clients across the UK.

Microsoft Azure Sentinel logoAzure Sentinel is a cloud-native SIEM (security information event management) system that centralises information logs from devices across a network in order to create a central repository and visibility across the enterprise. this data can be enriched with advanced correlation and threat intelligence feeds to enable enhanced detection and response powered by the ConnectDS security monitoring and threat hunting team.

Sentinel provides centralised and intelligent security analytics across the entire enterprise with Its ability to log data from local and cloud services and combining these multiple data sources enables security operations teams to receive deep visibility for threat detection and to automate the threat response leveraging custom playbooks upon predefined threat scenarios. As a result, clients and managed security teams can rest assured that monitoring is proactive through intelligent automation.

ConnectDS are in the top 5% of Microsoft partners and we are a managed security service provider (MSSP). Our SOC team leverage the full Security Orchestration, Automation, and Response (SOAR) capabilities of the Microsoft offering to offer managed detection and response services to secure the both the client and the customer environment for businesses globally. Companies we work with receive the full advantage of Sentinel and the threat intelligence supplied by our SOC to ensure that access to their operations and data are monitored and proactively secured.

Threat Intelligence Feeds

ConnectDS are a CREST-accredited organisation that thrives on the continuous improvement of security and reduction of disruptive incidents for customers. Azure sentinel can consume from threat intelligence aggregation services from a large number of external resources to identify possible malicious hosts and Indicators of compromise (IOCs) with active alerting for our Security Operations Centre to monitor, investigation and validate as part of our Azure Sentinel managed service and cyber security protection. Sentinel can consume structured STIX/TAXII threat intelligence feeds, including the following open and commercial sources:

Azure Sentinel SIEM Environment

The Azure environment provides a large resource group for tenants. Having Azure Sentinel either as a standalone piece of SaaS integrated with third party applications or integrated with other Microsoft services is an enterprise solution for businesses ensuring that incidents are mitigated against and security alerts are improved. The Azure Sentinel environment allows for more information to be crawled through using automation, and for human intelligence to be applied to the process. This results in great capabilities when it comes to managing security and data security.

Azure Lighthouse & Azure Sentinel

Azure Lighthouse is leveraged by the ConnectDS team to provide granular and multi-tenant access to client Azure Sentinel instances. This ensures your organisation controls access to the Azure Sentinel platform with delegated access control from an single approved Azure MSSP Tenant leveraging by RBAC at the resource group level.

Azure Sentinel MSSP

ConnectDS are an Azure Sentinel MSSP and our security operations centre supports businesses by managing, detecting, and responding to malicious threats.

Service Type: Managed Security Service

6 Reasons Why ConnectDS Should Implement An Azure Sentinel MSSP For Your Business

We are security experts with many years of experience working across multiple sectors. By using ConnectDS to implement Sentinel for your operations we are able to do the following:

1) Aggregate logs from your workstations, networks and cloud services into a single dashboard for centralised visibility and log retention to meet your security and compliance requirements

2) Detect malicious activity from all digital assets from log analysis, and advanced correlation use cases and custom content developed by our analysts, Intel and threat hunting teams.

3) Offer a dedicated threat hunting team – this means a deep review of activity and development of automation to improve detection, identification, validation and threat actor attribution of targeted threats.

4) Integrate industry threat intelligence including blacklisted domains, IP’s and file hashes to improve your security detection.

5) Automate threat response by executing playbooks automatically upon a threat detection alert trigger.

6) Integrate behavioural analytics into your security program to leverage artificial intelligence and machine learning to enhance the effectiveness of our security analysts and create additional “signals” for our team to investigate and validate.

Frequently Asked Questions about our Azure Sentinel Managed Service & Azure Sentinel Threat Hunting

Take a look at some of our frequently asked questions. For any other information, or to begin onboarding, please get in touch with us.

Azure Sentinel is a standalone offering, however Microsoft 365 E5 customers can get credit towards data consumption with Azure Sentinel.

Microsoft Azure Sentinel is a Security information and event management (SIEM) Platform, designed to provide centralised visibility of logs, advanced analytics and log retention. The implementation of a SIEM solution is a huge task for all organisations due to the technical implementation and processes and the requirement for ongoing SIEM monitoring and the expertise required for threat hunting.

No – it is a standalone application applied to a specific set of data. Azure Lighthouse is multi-tenant within which our team can setup and manage MSSP Azure Sentinel access for multiple tenants.

Azure Sentinel is a Microsoft security platform that delivers cloud-native SIEM and intelligent security analytics and in conjunction with the Azure security centrer and an Azure Sentinel MSSP provides visibility, threat hunting, and threat detection and response to threats in systems across the organisation. By ingesting multiple data logs our analysts can leverage Microsoft Security analytics to alert you to the presence of any irregular or malicious activity and validate false positives and start finding real threats quickly.

The data for Azure Sentinel is stored in an Microsoft Azure Monitor Log Analytics workspace and leverages the massively scalable cloud storage and same secure platform capabilities available for security analytics in Azure.

Billing is calculated using the amount of data processed by Azure Sentinel as well as the amount stored in Azure Monitor Log Analytics.

Yes – the data analysed by Azure Sentinel is stored in Azure Monitor Log Analytics. The program is used as Sentinel’s backend provide advanced analytics for your entire IT environment in conjunction with the full Azure Security Center to protect your organisational assets.

Azure Sentinel MSSP’s are required to operate on a 24/7/365 basis to ensure continuous monitoring of the Azure Sentinel SIEM platform. Sentinel MSSP partners should be approved Microsoft partners with demonstrable and intelligent security capabilities. ConnectDS are in the top 5% of global and a recommended solutions and support partners. Our experienced Azure Sentinel MSSP service provides your business with continuous threat detection and faster more efficient decision

Azure Sentinel pricing is based on the volume of data ingested for analysis in Azure Sentinel – as a premium Microsoft Azure Sentinel Partner, ConnectDS can include Sentinel pricing as part of our MSSP service.

A significant amount of Microsoft Logs can be ingested into Azure Sentinel for free, this includes:

Azure Activity Logs, Office 365 Audit Logs and alerts from Microsoft Defender products (Azure Defender, Microsoft 365 Defender, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Endpoint), Azure Security centre and Microsoft Cloud App Security and advanced threat protection (ATP) can be ingested at no additional cost into both Azure Sentinel & Azure Monitor Analytics. There are some Microsoft logs that are are charged for ingestion, including Azure Active Directory (Azure AD/AAD).

Azure Sentinel is a commercial service which can be enabled at not cost on an Azure workspace for the first 31-days – after this point the solution will require licensing. Speak to ConnectDS about our fully managed SOC services and how we can deliver licensing as part of the security service.

crown-commercial-service-logo
cyber exchange member logo
Cyber Essentials logo
CISP logo
IASME logo

SIGN UP TO OUR NEWSLETTER

Sign up to our email newsletter – opt out at anytime – view our Privacy Policy.