Accesa logo white
Microsoft Sentinel Optimisation and SOC Handover

Microsoft Sentinel Optimisation and SOC Handover

Global operator of workspace providers

The company is a global operator of workspace providers with services tailored to businesses of all sizes.

Industry

  • Manufacturing

Service

  • Cybersecurity

Company Size

10.000+ employees

Duration

2022- present

Accesa arrow icon

Challenge

The company was experiencing a significant number of false positives, which overwhelmed their security team and reduced the effectiveness of their security operations. They needed to optimise their Microsoft Sentinel usage to reduce false alerts as well as lower costs.

Accesa plane icon

Solution

After reviewing the configurations in Microsoft Sentinel, we fine-tuned them to reduce false positives and enhance the overall security posture and integrated Security Orchestration, Automation, and Response (SOAR) capabilities. Afterwards, we onboarded our own SOC team and performed an operational integration. 

Accesa speaking icon

Impact

We achieved a significant reduction in false positive alerts and improved efficiency and response times. Our SOC team provided effective Security Operations in accordance with the client's needs and established robust threat-hunting and intelligence processes. 

Project Overview

The project consisted of two phases. First, we focused on reviewing and fine-tuning the rules in Microsoft Sentinel. Then, we onboarded our SOC team and worked on the operational integration.

Rule review and fine-tuning

In order to perform a review of the rules in place and fine-tune them, our team proceeded with a staged approach.

Initial assessment through a comprehensive review of existing Sentinel rules with a focus on those contributing to high volumes of false positives.

Rule fine-tuning by adjusting rule thresholds and conditions to better reflect actual threats. We analysed false positives to understand common patterns and modified redundant or misconfigured rules.

SOAR integration, including configured playbooks and automation scripts to streamline response to genuine alerts and automated incident response actions to reduce manual workload.

Extensive validation and testing to ensure that the rule modifications effectively reduced false positives and that the SOAR configurations were functioning as intended.

SOC team onboarding and operational integration

Onboarding our SOC team to the client's environment and tools and conducting detailed briefings on their specific security landscape and requirements.

Collaborative process walkthrough to map out and understand all existing security processes and identify gaps and areas for improvement in current processes.

Threat Hunting (TH) activities used advanced search queries and analytics at regular intervals to identify potential threats proactively.

Threat Intelligence (TI), gathered through integrated feeds and developed into standard procedures to enhance detection and response capabilities.

Continuous monitoring practices, dashboards, and reporting mechanisms that provide real-time insights and trend analysis and ensure ongoing vigilance.

Transitioning to total operational management, handling all aspects of security monitoring and incident response and maintaining close communication with the client to ensure alignment with their security objectives.

Results

Our cybersecurity team's contribution made possible the following results:

  • Reduced false positives Significant reduction in false positive alerts, allowing the client's security team to focus on genuine threats.

  • Enhanced automation Improved efficiency and response times through SOAR integration.

  • Proactive security posture Established robust threat-hunting and intelligence processes.

  • Seamless operations Our SOC team provided consistent and effective security operations aligned with the client's goals.

GET IN TOUCH

0

WHAT HAPPENS NEXT?

1

After you submit a contact form on accesa.eu, one of our representatives will review the information and get back to you in 1-2 business days.

2

We will then assign a Technical Presales expert to have a deep dive and assess your requirements and objectives.

3

The Presales expert will work with a bid team and a Software Architect to prepare a high level project estimation and the Sales expert will provide you with a commercial offer.

We will get back to you within 1 to 2 business days. We will also provide a proposed project allocation and start date after a minimum of 15 days from the deep dive session.

Address: Constanta 12, Cluj-Napoca, Romania 

Phone number: +4989215485115