Securing the Modern Workplace
with Microsoft 365 Defender
& Azure Sentinel
Managed Microsoft 365
Security Services
by Black Cell
The Black Cell Managed Microsoft 365 Security Services rely on the Microsoft 365 Defender solutions developed by Microsoft. Microsoft 365 Defender is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.
With the integrated Microsoft 365 Defender solution, Black Cell can stitch together the threat signals that each of these products receive and determine the full scope and impact of the threat; how it entered the environment, what it affected, and how it’s currently impacting the organization. Microsoft 365 Defender takes automatic action to prevent or stop the attack and self-heal affected mailboxes, endpoints, and user identities.
Black Cell has earned the Solutions Partner designation in the Security solution area, as well as the Threat Protection Specialization. These certifications demonstrate the breadth of Black Cell’s capabilities in delivering customer success based on Microsoft cloud security technologies.
Securing the modern workplace
Microsoft 365 Defender suite protects:
- Endpoints with Microsoft Defender for Endpoint
- Email and collaboration with Microsoft Defender for Office 365
- Identities with Microsoft Defender for Identity and
- Azure AD Identity Protection
- Applications with Microsoft Cloud App Security
Microsoft 365 Defender has native integration with Azure Sentinel therefore there is no need to develop any unique/custom data connectors. By using these additional Security Operations Center capabilities, Azure Sentinel provides valuable insights to identify the end-to-end attack chain.
Licensing
Before the implementation, Black Cell assesses your Microsoft licenses to accommodate the Microsoft 365 Defender solutions in a cost-effective way. The properly designed license package can strengthen your daily security operations and remediate vulnerabilities against sophisticated cyber-attacks.
Implementation
The implementation starts with a pilot project to test the chosen solution in your environment. After the successful pilot project, Black Cell extends the solution to the full scope of the project and performs the required configuration to optimize the operations. Depending on the size of the project and the complexity of the implementation, Black Cell assigns a Project Manager for the seamless delivery.
Integration with SIEM tools
Once you have enabled Azure Sentinel or implemented other SIEM solutions, the required data sources need to be integrated. Azure Sentinel comes with a number of connectors for Microsoft and non-Microsoft solutions as well. Our certified and experienced professionals have in-depth knowledge of SIEM technologies and implementation processes. Black Cell’s delivery approach is tailored to your operations and business needs and covers the full project cycle.
Advanced Hunting
Advanced hunting is a query-based threat-hunting tool that lets you explore up to 30 days of raw data. You can proactively inspect events in your network to locate threat indicators and entities. The flexible access to data enables unconstrained hunting for both known and potential threats.
Black Cell security analysts and automated systems engage in threat hunting and validation to verify the threat, its impact, and any additional information associated with the potential breach. Our professionals provide you with detailed summary and actionable response plan in order to significantly reduce the time required to take measures.
The feature is available in Microsoft 365 security centre, this capability supports queries that check a broader data set from:
- Microsoft Defender for Endpoint
- Microsoft Defender for Office 365
- Microsoft Cloud App Security
- Microsoft Defender for Identity
Prevent data leakage and spillage
Black Cell Compliance helps understand your data landscape and identify sensitive data across your hybrid environment, to enable applying flexible protection actions that include encryption, access restrictions, and visual markings. To prevent accidental oversharing of sensitive information, use Data Loss Prevention (DLP) in the cloud and extend DLP capabilities to other workloads (endpoints, on-prem file shares, SharePoint, Teams).
Black Cell’s three-step DLP assessment and implementation offering can meet your business and cloud transformation needs. The first step is the assessment to review your organisation’s existing data loss protection protocols and rules. The second step is to validate the business impact and viability of implementing or refining data loss protection solutions. The last step is to implement and deploy the data loss prevention policy and technologies into the environment.
Hardening services
Black Cell Hardening services are based on Microsoft Secure Score, that is a measurement of an organization’s security posture, with a higher number indicating more improvement actions taken. Following the Secure Score recommendations, you can protect your organization from threats. Black Cell professionals determine the cybersecurity maturity based on the current score and provide you with detailed action plan to improve the overall security and remediate the vulnerabilities. You can also get an all-up view of the total score, historical trend of your secure score with benchmark comparisons, and prioritized improvement actions that can be taken to improve your score
Cloud Compliance Assessment
Microsoft Compliance Score is a feature in Microsoft Purview that enables mapping the organization’s compliance posture with greater ease and convenience. Black Cell’s tailored Cloud Compliance Assessment, relying on the Compliance Score, can help you throughout your compliance journey, from taking inventory of your data protection risks to managing the complexities of implementing controls, staying current with regulations and certifications, and reporting to auditors.
The Compliance team of Black Cell leverages the full functionality of Microsoft Purview and provides you with control-based action plan. Black Cell specialists also manage the remediation tasks and document creation procedures in order to achieve the required level of compliance in terms of the Microsoft cloud environment.
Managed Detection and Response
Black Cell Managed Detection and Response services increase the visibility into your cloud and on-prem environment, streamlining and improving the incident escalation process while running proactive hunting activities and supporting the mitigation.
Detailed incident reports of cyber-attacks provide real-time visibility of your environment. Notable security events are analysed by certified Microsoft experts and analysts with well-defined escalation processes. Black Cell specialists deliver incident reports in a timely manner in order to trigger the necessary remediation actions.
Services
- 24/7 Service coverage for security monitoring
Staffed with Microsoft certified security experts - Configuration and fine-tuning of the chosen Microsoft solution(s)
- Standard dashboards and reports validated by SOC Analyst
- End-to-End incident management
- Triage
- Investigation
- Response & Remediation support
- Proactive threat hunting
- Based on:
- Queries provided by Microsoft
- Queries developed by Black Cell
- Standard compliance monitoring, reporting and notification
- Consultancy / Continuous Service Improvement
- Based on:
Manage insider risk
Managing privacy and information security risks posed by organisation’s own employees and contractors has never been easy, but in the past few years the difficulty has multiplicated. Remote work has retained its popularity in today’s post-pandemic landscape, digital transformation has all but eliminated the traditional network perimeter, and enterprises have come to rely on cloud apps to boost productivity and enable scalable response to volatile demand.
Black Cell provides Microsoft Insider Risk Management (IRM) implementation guidance and ongoing support services to enterprises seeking to proactively detect and act on potentially risky behaviours related to employee access to sensitive information. Black Cell assists clients with implementing Microsoft Insider Risk Management workloads by conducting an initial proof of concept assessment to validate project requirements, followed by a full-scale business process implementation across the entire enterprise.
Cloud based
SOC as a service
The Black Cell Cloud-based Security Operations Center [SOC] as a Service package relies on the Azure Sentinel SIEM/SOAR solution and its additional capabilities developed by Microsoft. With the cutting-edge solution powered by Azure Sentinel, your company will be capable of detecting and responding to the threats before they cause serious harm. Implementing and applying Azure Sentinel does not require CAPEX costs regarding hardware procurement, configuration and management. The solution can be easily scaled up and down based on the usage or capacity requirement generated by the ingested data. Black Cell’s SOC service is fully tailored and easy to implement [within a few hours], thereby it offers our Customers a significantly cost-effective solution.
- Management at scale
- Greater visibility and control for Customers
- Comprehensive and unified platform tooling
- There are no additional costs associated with using
- Azure Lighthouse to implement and manage Black Cell’s Security Operations Center services
- Predefined rules, views and settings reduce the implementation time
Cloud SOC
Black Cell SOCaaS provides Customers with a fully tailored and modular service package to maximize the value of security investments and help them to achieve the desired security posture. SOCaaS increases the visibility into your cloud and on-prem environment, streamlining and improving the incident escalation process while running proactive hunting activities and supporting the mitigation.
Detailed incident reports of Cyber-attacks backed by advanced visualization provide near real-time visibility of your environment for all forms of security monitoring. Notable security events are analysed by certified Microsoft experts and analysts with well-defined escalation processes. Black Cell SOCaaS delivers incident reports in timely manner in order to trigger the necessary actions.
Our solution is customized to every business, regulatory and industry specific requirements. SOCaaS combines Azure Sentinel SIEM/SOAR and Microsoft 365 Defender native capabilities with advanced analytics and threat intelligence to provide a fully managed and tailored service package for its Customers with microsoft and non-Microsoft environment.
Explore our additional services!
General Services
- Planning and consultancy
- Implementation / Integration
Black Cell initially performs an assessment in order to identify the key elements such as topology, licenses implemented, log sources, processes/operation model and cyber security maturity [via People, Process & Technology] - Black Cell also applies a business-focused approach to find the “crown Jewels” of the organization [MITRE – Crown Jewel Analysis]
- Implementation / Integration
- Continuous Service Improvement
- Process improvement
- Fine-tuning
- SOAR based automatization
- Services underpinned by strict Service Level Agreements [e.g. Incident Response Time within 30 min]
- Service Management
Standard Services
- 24/7 Service coverage for security monitoring Cybersecurity Operations Center staffed with Microsoft certified security experts
- SIEM configuration and fine-tuning of standard rules provided by Microsoft
- Standard dashboards and reports validated by SOC Analyst
- End-to-End incident management
- Triage
- Investigation
- Response & Remediation support
- Proactive threat hunting
- Based on automated queries provided by Microsoft
- Standard compliance monitoring, reporting and notification
Advanced Services
- Unique detection rules developed by Black Cell based on the Customer requirements
- Fully tailored advanced dashboards and reports validated by dedicated SOC Expert
- Proactive Threat Hunting
- Based on unique queries designed by Black Cell
- Threat Hunting services supported by Cyber Threat Intelligence capabilities
- Advanced compliance monitoring, reporting and notification with remediation guide
Vulnerability assessment and management
Modular training programs
Microsoft 365 Defender is a modular cloud-based solution package. Microsoft modules can be purchased and implemented as „add-on” products on top of various Microsoft licenses. We often identify demands, that our customers would need a fully tailored training package focusing on specific Microsoft products (e.g., Defender for Endpoint). Demands are usually driven by planned and scheduled IT Security developments, which involve cloud-based migration. In this case, transitions are gradual and roadmap like processes, so the project moves from function to function, that determines the modular nature of the internal training plan. The modular training package designed by Black Cell’s Microsoft architects offers an adequate solution to the needs described above.
The portfolio consists of four main domains:
- Identity and Access Management
- Threat protection
- Information protection
- Governance and compliance
In addition to the management of the given products, the training package covers the related implementation processes as well. The modules contain several product-specific submodules that provide our customers with an additional opportunity to put together a fully tailored training plan. After a brief theoretical introduction related to the selected Microsoft solution, Black Cell experts present the practical application of the services/features in Black Cell’s own Microsoft Azure test environment via multiple demo sessions.
