Microsoft Sentinel is a scalable, cloud-native solution that provides Security information and event management (SIEM) & Security orchestration, automation, and response (SOAR) capabilities.
For organizations, Sentinel is your bird's-eye view across the enterprise alleviating the stress of increasingly sophisticated attacks, increasing volumes of alerts, and long resolution time frames. We bring the technical expertise, world class SIEM/SOAR architects, to enable companies to accelerate past the technical intricacies of implementing SIEM/SOAR technology into their environments.
Engagement Overview
Grant Thornton will help you better understand how to maximize your Microsoft license spend and assist in developing a strategy that aligns with your needs. Examples of areas that are covered during the engagement:
- Conduct assessments that include a Threat Check & Microsoft Sentinel Analysis
- Data source viability for Microsoft Sentinel, a cloud native SIEM and SOAR solution that provides comprehensive visibility and intelligent security analytics across your entire enterprise.
- Ongoing onboarding and development of telemetry, detection logic, control refinement, and automations to drive more value from security investments.
Engagement Approach
- Pre-Engagement Call
- Kick-off Meeting
- Weekly Status Updates
- Configure Microsoft Sentinel
- Configure data connectors
- Configure Analytics Rules, Workbooks, and Playbooks
- Configure Threat Hunting queries (Optional)
- Endpoint & Hybrid Protection (Optional)
- Threat and Alerts Exploration
- Threat landscape results & next steps
Engagement Deliverables
During this engagement, we partner with you to strengthen your organization's security posture and help you better understand how to prioritize and mitigate potential threats by:
- Identifying other data connectors that will enhance security logging in Sentinel
- Configuration of all data connectors for data ingestion process into Sentinel
- Actionable recommendations to help mitigate the identified threats and alerts
- Best practices and standards-aligned to your technical and business operations
- Identifying Microsoft capabilities that can be leveraged to increase the value of resources you currently have
- The next steps for getting started or building out your capabilities
Why Grant Thornton?
Experience and expertise with the implementation and operation of Microsoft technologies for numerous programs including, but not limited to Microsoft Defender, Sentinel, Entra ID, Purview, and Intune. Our deeply qualified teams bring the right mix of technical expertise and operational acumen to align your Microsoft investment with your overall program goals and objectives.
- Our team members are comprised exclusively of Microsoft certified Engineers and Analysts dedicated to providing implementation and monitoring services support to our customers for Microsoft’s entire product suite.
- Our services and recommendations are based on lessons learned in the field performing this work, not theories. Our integration and monitoring services experience guide success by avoiding items that sound good but don’t work and the reason why.
- Purpose-built content and models to align implementations to leading risk areas such as insider threat, cyber fraud, and cyber operations automation.