Modern Workplace and Azure Security Solutions
The Black Cell Managed Microsoft 365 Security Services rely on the Microsoft 365 Defender solutions developed by Microsoft. Microsoft 365 Defender is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.
With the integrated Microsoft 365 Defender solution, Black Cell can stitch together the threat signals that each of these products receive and determine the full scope and impact of the threat; how it entered the environment, what it affected, and how it’s currently impacting the organization. Microsoft 365 Defender takes automatic action to prevent or stop the attack and self-heal affected mailboxes, endpoints, and user identities.
Microsoft 365 Defender suite protects
- Endpoints with Microsoft Defender for Endpoint
- Email and collaboration with Microsoft Defender for Office 365
- Identities with Microsoft Defender for Identity and
- Azure AD Identity Protection
- Applications with Microsoft Cloud App Security
Microsoft 365 Defender has native integration with Azure Sentinel therefore there is no need to develop any unique/custom data connectors. By using these additional Security Operations Center capabilities, Azure Sentinel provides valuable insights to identify the end-to-end attack chain.
Before the implementation, Black Cell assesses your Microsoft licenses to accommodate the Microsoft 365 Defender solutions in a cost-effective way. The properly designed license package can strengthen your daily security operations and remediate vulnerabilities against sophisticated cyber-attacks.
The implementation starts with a pilot project to test the chosen solution in your environment. After the successful pilot project, Black Cell extends the solution to the full scope of the project and performs the required configuration to optimize the operations. Depending on the size of the project and the complexity of the implementation, Black Cell assigns a Project Manager for the seamless delivery.
Integration with SIEM tools
Once you have enabled Azure Sentinel or implemented other SIEM solutions, the required data sources need to be integrated. Azure Sentinel comes with a number of connectors for Microsoft and non-Microsoft solutions as well. Our certified and experienced professionals have in-depth knowledge of SIEM technologies and implementation processes. Black Cell’s delivery approach is tailored to your operations and business needs and covers the full project cycle.
Advanced hunting is a query-based threat-hunting tool that lets you explore up to 30 days of raw data. You can proactively inspect events in your network to locate threat indicators and entities. The flexible access to data enables unconstrained hunting for both known and potential threats.
Black Cell security analysts and automated systems engage in threat hunting and validation to verify the threat, its impact, and any additional information associated with the potential breach. Our professionals provide you with detailed summary and actionable response plan in order to significantly reduce the time required to take measures.
The feature is available in Microsoft 365 security centre, this capability supports queries that check a broader data set from:
- Microsoft Defender for Endpoint
- Microsoft Defender for Office 365
- Microsoft Cloud App Security
- Microsoft Defender for Identity
Black Cell Hardening services are based on Microsoft Secure Score, that is a measurement of an organization’s security posture, with a higher number indicating more improvement actions taken. Following the Secure Score recommendations, you can protect your organization from threats. Black Cell professionals determine the cybersecurity maturity based on the current score and provide you with detailed action plan to improve the overall security and remediate the vulnerabilities. You can also get an all-up view of the total score, historical trend of your secure score with benchmark comparisons, and prioritized improvement actions that can be taken to improve your score
Cloud-based Cybersecurity Operations Center as a Service
The Black Cell Cloud-based Security Operations Center [SOC] as a Service package relies on the Azure Sentinel SIEM/SOAR solution and its additional capabilities developed by Microsoft. With the cutting-edge solution powered by Azure Sentinel, your company will be capable of detecting and responding to the threats before they cause serious harm. Implementing and applying Azure Sentinel does not require CAPEX costs regarding hardware procurement, configuration and management. The solution can be easily scaled up and down based on the usage or capacity requirement generated by the ingested data. Black Cell’s SOC service is fully tailored and easy to implement [within a few hours], thereby it offers our Customers a significantly cost-effective solution.
With Azure Lighthouse, Black Cell can deliver managed security services using comprehensive and robust management tooling built into the Azure platform. Customers maintain control over who can access their tenant, what resources they can access, and what actions can be taken.
Implementation via Azure Lighthouse includes the following benefits:
- Management at scale
- Greater visibility and control for Customers
- Comprehensive and unified platform tooling
- There are no additional costs associated with using
- Azure Lighthouse to implement and manage Black Cell’s Security Operations Center services
- Predefined rules, views and settings reduce the implementation time
Cybersecurity Operations Center as a Service
Black Cell SOCaaS provides Customers with a fully tailored and modular service package to maximize the value of security investments and help them to achieve the desired security posture. SOCaaS increases the visibility into your cloud and on-prem environment, streamlining and improving the incident escalation process while running proactive hunting activities and supporting the mitigation.
Detailed incident reports of Cyber-attacks backed by advanced visualization provide near real-time visibility of your environment for all forms of security monitoring. Notable security events are analysed by certified Microsoft experts and analysts with well-defined escalation processes. Black Cell SOCaaS delivers incident reports in timely manner in order to trigger the necessary actions.
Our solution is customized to every business, regulatory and industry specific requirements. SOCaaS combines Azure Sentinel SIEM/SOAR and Microsoft 365 Defender native capabilities with advanced analytics and threat intelligence to provide a fully managed and tailored service package for its Customers with microsoft and non-Microsoft environment.
- 24/7 Service coverage for security monitoring Cybersecurity Operations Center staffed with Microsoft certified security experts
- SIEM configuration and fine-tuning of standard rules provided by Microsoft
- Standard dashboards and reports validated by SOC Analyst
- End-to-End incident management
- Response & Remediation support
- Proactive threat hunting
- Based on automated queries provided by Microsoft
- Standard compliance monitoring, reporting and notification
- Unique detection rules developed by Black Cell based on the Customer requirements
- Fully tailored advanced dashboards and reports validated by dedicated SOC Expert
- Proactive Threat Hunting
- Based on unique queries designed by Black Cell
- Threat Hunting services supported by Cyber Threat Intelligence capabilities
- Advanced compliance monitoring, reporting and notification with remediation guide
Vulnerability assessment and management
- Planning and consultancy
- Implementation / Integration
Black Cell initially performs an assessment in order to identify the key elements such as topology, licenses implemented, log sources, processes/operation model and cyber security maturity [via People, Process & Technology]
- Black Cell also applies a business-focused approach to find the “crown Jewels” of the organization [MITRE – Crown Jewel Analysis]
- Implementation / Integration
- Continuous Service Improvement
- Process improvement
- SOAR based automatization
- Services underpinned by strict Service Level Agreements [e.g. Incident Response Time within 30 min]
- Service Management
Modular training programs
Microsoft 365 Defender is a modular cloud-based solution package. Microsoft modules can be purchased and implemented as „add-on” products on top of various Microsoft licenses. We often identify demands, that our customers would need a fully tailored training package focusing on specific Microsoft products (e.g., Defender for Endpoint). Demands are usually driven by planned and scheduled IT Security developments, which involve cloud-based migration. In this case, transitions are gradual and roadmap like processes, so the project moves from function to function, that determines the modular nature of the internal training plan. The modular training package designed by Black Cell’s Microsoft architects offers an adequate solution to the needs described above.
The portfolio consists of four main domains:
- Identity and Access Management
- Threat protection
- Information protection
- Governance and compliance
In addition to the management of the given products, the training package covers the related implementation processes as well. The modules contain several product-specific submodules that provide our customers with an additional opportunity to put together a fully tailored training plan. After a brief theoretical introduction related to the selected Microsoft solution, Black Cell experts present the practical application of the services/features in Black Cell’s own Microsoft Azure test environment via multiple demo sessions.