Hosting a Sentinel Proof of Concept Workshop for the University of Derby

Posted on 26 August 2020

Identity Experts presented a proof of concept workshop for the University of Derby, showcasing the capabilities of Azure Sentinel – Microsoft’s latest intelligent security solution.

The University of Derby is a well-established education provider located in the heart of England. The University can trace its history back to 1851, where it began as the Derby Diocesan Institution for the Training of Schoolmistresses. Fast forward to 1992, when it gained university status, Derby has since gone on to provide over 300 study programmes at foundation, undergraduate, postgraduate, and research level.

The University builds on Derby’s heritage of innovation to deliver the best results for students, combining expert teaching and practical experience to provide students with all the tools they need for a successful career. Derby was listed as a top 30 UK university in the Guardian newspaper’s 2020 University Guide and rated gold in the Teaching Excellence and Student Outcomes Framework, further highlighting its reputation for academic excellence. 

The Challenge

The University of Derby’s security team was looking for a way to collate security alerts flagged up by the various Microsoft 365 (M365) security solutions currently in use. Although the in-house security team was able to pick up a lot of these alerts from different portals, they realistically needed the capability to aggregate data from across the solutions, providing a holistic view of an attack and streamlining the administrator experience for a more efficient response.

The University reached out to Identity Experts to find out more about how we could assist them in overcoming such a challenge.

The Solution

The Identity Experts team conducted an Azure Sentinel Proof of Concept (PoC) engagement to showcase Sentinel’s exciting capabilities, as well as demonstrate the value that a cloud based SIEM tool could provide to the organisation. The Proof of Concept started with a questionnaire and workshop to understand the data sources to be monitored.

As part of the engagement, we switched on Microsoft 365 E5 security capabilities in a trial capacity and introduced existing alerts. We also encouraged the University to switch on non-M365 connectors (e.g. firewall, on-premises server, etc.) to highlight how Sentinel can correlate data from multiple sources, providing a much-needed holistic view of security events across a hybrid environment.

Once the set-up was complete, the engagement moved into the remote monitoring phase. Identity Experts provided two options for Sentinel Proof of Concept engagements: Joint Threat Exploration and Remote Monitoring. Our remote monitoring engagement meant that the Identity Experts team was much more hands-on with the solution, providing proactive monitoring of the client’s Sentinel environment (either via Azure Lighthouse or through the use of Azure AD B2B), and reporting back with identified threats and recommended risk mitigation activities. In the meantime, our team ensured that the University was comfortable understanding the data presented.

How We Helped

The University of Derby was very pleased with Sentinel’s capabilities; the automation aspect of the solution in particular brought real value. With automated incident response mechanisms present in the solution via the ready-to-use playbooks, Derby were able to save time and improve their security posture, thanks to automated response capabilities. The University’s security team left the workshop with knowledge about the positive impact Azure Sentinel could have on their organisation, and an understanding of what the solution could do within their available budget.

As part of the engagement, we provided regular sessions with the team at Derby to ensure they were aware of any risks we highlighted and discussed how the solution had picked up that particular alert. The team have since been able to use the knowledge they gained to implement the solution in a production environment, with the reassurance that Identity Experts will be on hand to provide additional guidance and services to connect new sources, advise on risk mitigation activities or help with custom threat-hunting queries as the need arises.

What’s Changed?

The Proof of Concept achieved its primary goal, proving the strengths of the concept to Derby’s security team, while allowing them to trial Azure Sentinel, ask questions, and develop their understanding of the solution – all in our team’s safe hands. It also demonstrated that Sentinel’s capabilities can assist in making improvements to the efficacy of monitoring and remediation. Finally, the workshop provided validation of issues that the team were aware of, formalising said issues in a way that became easier to present to management.

What the Customer Thinks

The University of Derby’s security team was very impressed with our services and would happily work with Identity Experts again. They found the level of technical support provided by our Security Consultant, Alan Armstrong, to be of particular value. Alan’s collaborative efforts with the University’s Servers and Storage team members, assistance with setting up the relevant connectors, and expertise throughout the engagement earned him substantial praise.

Oliver Betts-Richards, a cybersecurity analyst at the University of Derby, had this to say:

“The time [Identity Experts] spent to go through the Microsoft 365 Security architecture was very useful. That was very good for us because it’s very easy to misunderstand how it all fits together when you’re not immersed in it 100% of the time, so it was very useful to have that run-through of what’s going on.”

How Identity Experts Can Help

With organisations increasingly adopting cloud-first strategies, it makes sense to move your security operations to the cloud as well. Mitigating security risks can be a never-ending task – with a high volume of alerts, increasingly sophisticated attacks to look out for, and countless devices and identities to oversee, it may feel like there’s no light at the end of the tunnel.

Enter Microsoft’s latest SIEM solution, Azure Sentinel. Sentinel is Microsoft’s next-gen security operations tool with cloud and AI capabilities which offer a bird’s eye view across your enterprise’s entire hybrid environment. It is designed to help organisations better mitigate risks, using advanced insights and machine learning to catch potential threats earlier than ever before.

As a Microsoft Gold Partner, we have long-standing experience and in-depth knowledge in deploying and supporting Microsoft’s robust security solutions, alongside a whole host of Microsoft and partner solutions. Our success, customer loyalty, and positive recommendations are achieved through the use of leading practices, attention to detail, and a consultative approach throughout. 

Interested in what Azure Sentinel can do for your organisation? Get in touch with a member of our dedicated team to book a Proof of Concept workshop.

A few people we've already done it for
X