The Sentinel XDR - Accelerator Deployment service is designed to quickly get you up and running with a sophisticated protection and detection capability using Microsoft Sentinel. The Accelerator Deployment Service can be combined with our 24x7 Sentinel XDR Managed service providing Monitoring, detection and response capability to defend against todays Cyber threats

Sentinel XDR Accelerator deployment is delivered as a professional services consultancy engagement enabling you to access highly certified CREST and Microsoft security experts to help plan, configure and deliver the Microsoft Sentinel solution

Nettitude’s Sentinel XDR - Accelerator Deployment service will:

• Get you quickly up and running to minimise onboarding time and maximise your investment in Microsoft Security technologies
• Take the headache and pain away from the complex planning, design and deployment of Sentinel
• Ensure that the Sentinel solution is designed and deployed to Microsoft best practices
• Provide you with the extended skills and experience to deliver a capable monitoring and detection service
• Take the load off your security team and resources with a fully planned and proven delivery methodology

Sentinel XDR - Accelerator Deployment

Organisations struggle to deploy Microsoft Sentinel, collect the right data and define the correct security use cases to ensure alarms and use cases provide a high-fidelity threat detection capability. Nettitude has a tried and tested deployment methodology spanning 150+ customers that will enable you to realise the maximum value.

Nettitude’s standard Sentinel XDR Accelerator Deployment will deliver the below capability:

• Ten (10) Days of Cyber consultancy expertise to plan, design and deliver a Sentinel solution

Phase 1 - Business intelligence Workshop & Reporting (2 days)

• 1 Day workshop followed by a BIW report delivered by a Security Operations Consultant to perform discovery and assessment of your environment and business taking a threat led approach to understand critical environment assets, risks and threats faced by your organisation to define the deployment and security monitoring capability

Phase 2 - Sentinel Deployment & Integration (2.5 days)

• Azure Sentinel High level Design & Documentation creation
• Build and configuration of your Azure Sentinel Log analytics workspace within your Azure subscription

Phase 3 - Onboarding (3 days)

During the onboarding phase Nettitude experts will guide the client through the onboarding of key log sources and technologies to enable the delivery of a Detection and Response capability and consist of the below activities

3.1- Integration & Onboarding of the below Azure core data connectors:

• Azure AD, Azure Identity Protection, Defender All products (Alerts only), Azure activity logs, Office 365, Microsoft Security events, Windows Firewall

3.2 - In addition to the listed Microsoft & Azure log source onboarding into Sentinel above, the client may select up to five (5) additional log source types as long as they are in the Nettitude Library. Types of suggested logs sources

• Infrastructure logs (Syslog/CEF with Log Collector)
• Other Cloud Logs
• SaaS applications (SalesForce, GSuite)
• Non-Microsoft Endpoint Security tools (EDR & AV)
• Other Security Controls (PAM/PIM solutions, MFA, DLP)

Phase 4 - Detection Rule Deployment (2 days)

• Deployment of Alert rules from the Nettitude standard detection catalogue
• Three (3) x custom detections created for non standard detection capability

Phase 5 - Handover Workshop (0.5 days)

• During the final phase Nettitude will perform a structured handover of the Project incorporating a documentation handover and knowledge transfer session of the deployed Sentinel solution

Why Nettitude?

• Nettitude are an award-winning organisation with unparalleled technical and security capability in delivering cloud security and Security Operations Centre (SOC) services with over 20 years experience.
• Nettitude specialises in the sharp end of cyber security assurance testing, detection, incident response and research
• We are highly certified and accredited recognising our expertise across CREST disciplines and Microsoft Security tooling
• Extensive experience in provisioning SOC Operations in a wide variety of environments from 100% cloud through to highly complex, hybrid, IT/OT and global, multi-vendor technology stacks
• The service is deployed with access to our standard propriety sophisticated and mature detection suite built from decades of offensive red team experience