Fuse is a Microsoft Partner, based in Northampton. We help organisations of all sizes to maximise IT efficiencies through the use of Microsoft cloud computing solutions.
Five Quick Wins with Microsoft Sentinel
Once Sentinel is set up in your tenant, there are several additional ways to maximise its potential and effectiveness. It has countless features and numerous optional settings but if you’re not sure where to start, here are five quick wins that are easily implemented and drastically improve your business security and incident awareness.
1. Connect Third-Party Data Sources to Sentinel
Start by integrating your various data sources to centralise your security data. This could include Azure, AWS, MS 365, and more. Although it’s great on its own, the more data you feed into Sentinel, the more comprehensive your insights will be.
2. Create Custom Alerts in Sentinel
Setting up some custom alerts (using those connected data sources), tailored to your organisation’s specific needs, delivers the most relevant notifications. This could include monitoring for unusual sign-in activity (like impossible travel), or mass data encryption, possibly indicating a ransomware attack.
3. Sentinel Incident Management Dashboards and Workbooks
Create easy-to-follow dashboards (known as workbooks on Sentinel) for clean visualisation, leading to better incident management and analysis. Monitoring security metrics, detecting patterns, and making informed decisions becomes easier when they’re displayed how you want them. Further customisation can lead to deeper insights into your security posture.
4. Implement AI-Driven Analytics with Sentinel
Leveraging User Entity Behaviour Analytics (UEBA) is imperative. Sentinel can analyse user activity (sign-ins, device actions, etc.), identifying deviations from normal behaviour. It then cross-references with Microsoft’s threat intelligence data (dangerous IPs, domains, accounts and locations) to flag potential threats or signs of compromise. Sentinel will also passively monitor and analyse windows and security events to assist in any required troubleshooting.
5. Setup Sentinel Automatic Response Playbooks
You can use all this analysis and data to help mitigate threats and increase efficiency, but wouldn’t it be nicer if Sentinel could take that off your hands too?
Automatic response actions can be set up in the form of a playbook. These take a series of specified actions when a trigger is tripped. For example, one playbook could register a potential threat and create an incident in a third-party app, or another could be something as simple as sending email/teams notifications to specific people when suspicious activity is detected within the company.
You can see why Sentinel is so powerful when it’s managed by experts who really understand how to get the most from it. In only five steps, we’ve taken it from an impressive cloud-native SIEM and SOAR solution, to an absolute powerhouse of threat intelligence analysis and automation, with integrations to all your third-party apps and data.
We share our knowledge and expertise with all our clients, stick with us to learn more features that further enhance your Sentinel experience.
