Microsoft Sentinel
Proof of Concept (POC)
With Microsoft Sentinel SIEM/SOAR
Whether you already have a Microsoft Sentinel license, or if you have a separate SIEM tool altogether, Quzara will demonstrate the value of adding Microsoft Sentinel to your Security Operations technology stack.
Microsoft Sentinel delivers a cloud SIEM that scales based on your workload. Sentinel offers the following capabilities: Threat Hunting, Threat Intelligence, User and Entity Behavior Analytics (UEBA), and Security Orchestration Automation & Response (SOAR).
After identifying key use cases and value points, we deploy Sentinel and Defender XDR to a pilot group for a four-week period, report our findings, and give you the option to scale directly to production.
There are 5 steps involved in delivering the POC
- 01 INITIATE
- 02 DESIGN
- 03 IMPLEMENT
- 04 ANALYZE
- 05 DELIVER
We will hold a series of preliminary meetings (including a kickoff call) to determine the overall scope of the engagement and capture key considerations and success criteria. This step will cover:
- Defining the size of the deployment
- Agreeing on event and log sources
- Guidance for design and deployment considerations
- Understanding logical access requirements
- Identifying key stakeholders and their requirements
- Agreeing on the success criteria
In this design step, our team of security analysts and engineers design use cases and key technical requirements. This step will cover:
- Documenting the delivery plan
- Creating & implementing use case detections
- Process design
- Define reporting requirements
- Agreement of any additional requirements
The technical implementation and enablement of Microsoft’s security solutions will cover:
- Enablement & configuration of key technologies
- Technology deployment
- Implementation of use case detection rules
- Deployment of any required remedial actions
- Implementation of identified integrations
- Implementation of approved areas of automation
- Implementation of agreed process
- Delivery of short stand-up reporting sessions
In the Analyze step we work with key stakeholders to analyze alerts and incidents. This step will cover:
- Management of alerts and incidents
- Analysis and collation of triggered use cases
- Weekly updates on the progress of the POC
- Delivery of success criteria
The outcomes of the POC are delivered and presented to key stakeholders, concluding with a Q&A session. The final presentation will cover:
- Executive Summary
- Deployment Evaluation
- Use Case Validation
- Success Criteria
- Microsoft Sentinel Visibility & Results
- POC Recommendations