https://store-images.s-microsoft.com/image/apps.51588.ed5289a3-64a0-40c4-a319-02a624cf9756.d10020f1-58bb-4ab2-a84e-bbf55ee778ef.00749eff-1265-4f40-8a5b-debc3574ce61

Managed Detection and Response

Amesto Fortytwo AS

Managed Detection and Response

Amesto Fortytwo AS

A continuously deployed managed Sentinel solution, always up to date with the latest detection rules, backed by an experienced Incident Response Team.

Amesto Fortytwo Managed Detection and Response is a service that lets you focus on your core business. Our security experts makes sure you as a customer have a Microsoft Sentinel solution that is always up to date with the latest threat detection mechanisms and properly integrated with the other Microsoft security products, such as Microsoft 365 Defender. Should a threat be detected, our Incident Response Team will quickly investigate and perform countermeasures, in order to keep your environment safe.

All of Amesto Fortytwo's managed service are deployed using Continuous Integration / Continuous Deployment (CI/CD). This means that you will always be on the "latest version", and never be in the situation where an implementation or upgrade project is needed in order to get to the most recent release. What this also means, is that any new detection rules, workbooks, or other functionality added to the managed service, is automatically available to you.

Expertise

Amesto Fortytwo have security experts with extensive platform knowledge on Microsoft Sentinel, and more importantly on all the Microsoft cloud services logging to Microsoft Sentinel. This makes us able to properly identify what to look for in your logs, implement analytics rules, evaluate the criticality of the resulting incidents and properly respond to detections.

Amesto Fortytwo services

Apart from the Incident Response Team, the following services are provided by Amesto Fortytwo to properly manage, maintain and monitor your Microsoft Sentinel solution:

  • Security Experts available for you to "play ball" with, when it comes to adding even more rules, connectors or other services (T&M)
  • Continuous Deployment from Amesto Fortytwo, always running the latest version of our recommended Microsoft Sentinel configuration
  • Large set of analytics rules that will create incidents, such as:
    • User signing in from IP address related to ransomware attack
    • Unusual usage pattern from service principal
    • Changes have been made to conditional access policies
    • Break glass account has been used to sign in
    • One of the designated VIPs have denied a multi-factor authentication notification
  • A large set of useful community made workbooks
  • Configuration of recommended TAXII providers for threat information
  • Connector and log monitoring
    • Get notified if any anomaly is detected in log sources, such as a service that stops logging
    • Guidance on adding the correct connectors

Because the service runs in your own Azure Subscription, in unlikely event that you should choose to cancel the service, the Microsoft Sentinel configuration will remain in your environment and Sentinel will continue to function.

If you have an existing Microsoft Sentinel workspace, already populated with logs, we can deploy to that workspace rather than establishing a new workspace.

Onboarding process

We have a structured milestone based onboarding process, completed over 5 weeks. Each week consists of a workshop and an extended Sentinel configuration.

  • Week 1
    • Customer training session - What is Microsoft Sentinel?
    • Initial configuration of Microsoft Sentinel
      • Initial connectors
      • Configuration of retention
      • Configuration of daily cap
      • Enablement of CI/CD from Amesto Fortytwo
      • Enablement of Incident Response Team
  • Week 2
    • Rule tuning
    • First week checkup workshop
      • Incidents
      • Cost
      • Workbooks
  • Week 3
    • Rule tuning
    • Expanding log sources
      • Azure resources
      • Servers
    • Incident Response Team active
  • Week 4
    • Rule tuning
    • Expanding log sources
      • Network equipment
  • Week 5
    • Rule tuning
    • Cost analysis

Incident handling process

Incident Response Team can be provided by us, or you can have your own team that responds to incidents. Please see the different plans for available options.

https://store-images.s-microsoft.com/image/apps.17282.ed5289a3-64a0-40c4-a319-02a624cf9756.d10020f1-58bb-4ab2-a84e-bbf55ee778ef.d1e33bce-e11c-4bdd-a35b-ab086225aaa6
https://store-images.s-microsoft.com/image/apps.17282.ed5289a3-64a0-40c4-a319-02a624cf9756.d10020f1-58bb-4ab2-a84e-bbf55ee778ef.d1e33bce-e11c-4bdd-a35b-ab086225aaa6
https://store-images.s-microsoft.com/image/apps.19193.ed5289a3-64a0-40c4-a319-02a624cf9756.d10020f1-58bb-4ab2-a84e-bbf55ee778ef.7737c642-b2b6-46be-9573-335fa9f62597
https://store-images.s-microsoft.com/image/apps.21761.ed5289a3-64a0-40c4-a319-02a624cf9756.d10020f1-58bb-4ab2-a84e-bbf55ee778ef.c0b21cd2-1897-416e-8e30-5cfa500b243b
https://store-images.s-microsoft.com/image/apps.55834.ed5289a3-64a0-40c4-a319-02a624cf9756.d10020f1-58bb-4ab2-a84e-bbf55ee778ef.0e18745c-0f76-4a68-95ea-933141337fe5