Explore Microsoft Sentinel through a focused Proof of Concept to assess benefits, user experience and technical fit
Microsoft Sentinel is a scalable, cloud-native, Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) solution from Microsoft 365. Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for attack detection, threat visibility, proactive hunting, and threat response. Sentinel is a strong addon from Microsoft 365 to existing security measures. It takes security to the next level, by analyzing data collected across all existing security solutions, using advanced queries, to detect suspicious activity, and can function as the central security incident portal for your entire organization. This reduces time spent on figuring out what is happening, allowing the organization to instead focus on what to do.
Establish acceptance of the fact that it is continuous work to manage and maintain Sentinel. Your environment (inside and outside your organization) is constantly changing, and therefore a good setup today is not necessarily a good setup tomorrow. This means that Sentinel is constantly evolving.
You should start small and build from there. Mindcore suggests starting with a Proof of Concept (PoC) with a few data connectors. This is the best way to assess the solution and to understand the insights that you can gain, and how to use this insight to improve your security. Typical scope is 2-4 working days, split over 2-3 weeks.