An integrated Cloud-Native SIEM with Cross-Domain Response and Threat Eradication powered by Microsoft
ITFR Sentinel
The State of Cyber Security
The digital economy is in full swing. Organizations are evolving faster than ever, adopting new technologies such as cloud services that are transforming how they operate and creating new gaps in security.
Cyber criminal activity is in full swing too!
Today, more than ever, adversaries are creating new techniques
to launch attacks across an organization’s on-premises and cloud infrastructure to evade detection and ensure they continue to stay one step ahead of their victims.
Security teams and service providers not only have to collect, triage, and investigate alerts, they have to be able to respond in real-time to stop sophisticated fast-moving malicious activities across an expanded ecosystem of distributed networks and cloud-based services.
True Native Extended Managed Detection and Response (XDR) services by ITFR unify Microsoft’s cloud-native Security Information and Event Manager with (SIEM), Azure Sentinel, M365 Defender, CyberCNS, Actifile and Vendor agnostic security log curating to allow a 360-degree view of your attack surface across endpoints, on-premises infrastructure, identities, email, and cloud apps and enable cross-domain threat prevention and proactive threat hunting.
ITFR is revolutionizing Managed Detection and Response by increasing threat visibility and expanding response actions beyond endpoints.
ITFR Sentinel
What is Microsoft Defender for Office 365?
Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools. Defender for Office 365 includes:
Threat protection policies
Define threat-protection policies to set the appropriate level of protection for your organization.
Reports
View real-time reports to monitor Defender for Office 365 performance in your organization.
Threat investigation and response capabilities
Use leading-edge tools to investigate, understand, simulate, and prevent threats.
Automated investigation and response capabilities
Save time and effort investigating and mitigating threats.
✓ Safe Attachments
✓ Safe Links
✓ Safe Attachments for SharePoint, OneDrive, and Microsoft Teams
✓ Anti-phishing protection in Defender for Office 365
✓ Real-time detections
✓ Threat Trackers
✓ Threat Explorer
✓ Automated investigation and response ✓Attack simulation training
✓ Proactively hunt for threats with advanced hunting in Microsoft 365 Defender
✓ Investigate incidents in Microsoft 365 Defender
✓ Investigate alerts in Microsoft 365 Defender
ITFR Sentinel
What is Microsoft Defender for Endpoints?
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Defender for Endpoint uses the following combination of technology built into Windows 10 and Microsoft’s robust cloud service:
Endpoint behavioral sensors
Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated, cloud instance of Microsoft Defender for Endpoint.
Cloud security analytics
Leveraging big-data, device learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products (such as Office 365), and online assets, behavioral signals are translated into insights, detections, and recommended responses to advanced threats.
Threat intelligence
Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Defender for Endpoint to identify attacker tools, techniques, and procedures, and generate alerts when they are observed in collected sensor data.
✓ Threat Management
✓ Vulnerability Management
✓ Attack Surface Reduction
✓ NextGen Protection
✓ Endpoint Detection & Response
✓ Automated Investigation
✓ Automated Remediation
✓ Microsoft Threat Experts
ITFR Sentinel
What is Microsoft Defender for Servers?
Microsoft Defender for servers is one of the enhanced security features of Microsoft Defender for Cloud. Use it to add threat detection and advanced defenses to your Windows and Linux machines whether they’re running in Azure, on-premises, or in a multi-cloud environment. To protect machines in hybrid and multi-cloud environments, Defender for Cloud uses Azure Arc
The threat detection and protection capabilities provided with Microsoft Defender for servers include:
Integrated license for Microsoft Defender for Endpoint Vulnerability assessment tools for machines
Microsoft threat and vulnerability management Vulnerability scanner powered by Qualys
Just-in-time (JIT) virtual machine (VM) access
File integrity monitoring (FIM)
Adaptive application controls (AAC)
Adaptive network hardening (ANH)
Docker host hardening
Fileless attack detection
Linux audit alerts and Log Analytics agent integration (Linux only)
✓ Vulnerability assessment tools for machines
✓ Microsoft threat and vulnerability management
✓ Vulnerability scanner powered by Qualys
✓ Just-in-time (JIT) virtual machine (VM) access
✓ File integrity monitoring (FIM)
✓ Adaptive application controls (AAC)
✓ Adaptive network hardening (ANH)
✓ Docker host hardening
✓ Fileless attack detection
✓ Linux audit alerts and Log Analytics agent integration (Linux only)
ITFR Sentinel
What is Microsoft Defender for Cloud Apps?
Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) that supports various deployment modes including log collection, API connectors, and reverse proxy. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your Microsoft and third- party cloud services.
It provides simple deployment, centralized management, and innovative automation capabilities.
Discover and control the use of Shadow IT: Identify the cloud apps, IaaS, and PaaS services used by your organization. Investigate usage patterns, assess the risk levels and business readiness of more than 25,000 SaaS apps against more than 80 risks. Start managing them to ensure security and compliance.
Protect your sensitive information anywhere in the cloud: Understand, classify, and protect the exposure of sensitive information at rest. Leverage out-of-the box policies and automated processes to apply controls in real time across all your cloud apps.
Protect against cyberthreats and anomalies: Detect unusual behavior across cloud apps to identify ransomware, compromised users or rogue applications, analyze high-risk usage and remediate automatically to limit the risk to your organization.
Assess the compliance of your cloud apps: Assess if your cloud apps meet relevant compliance requirements including regulatory compliance and industry standards. Prevent data leaks to non- compliant apps, and limit access to regulated data.
✓ Cloud Discovery
✓ Sanctioning and unsanctioning apps
✓ App connectors to Defender
✓ Conditional Access App Control protection
✓ Policy control
ITFR Sentinel
What is Azure Sentinel?
Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for attack detection, threat visibility, proactive hunting, and threat response.
Microsoft Sentinel is your birds-eye view across the enterprise alleviating the stress of increasingly sophisticated attacks, increasing volumes of alerts, and long resolution time frames.
Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
Detect previously undetected threats and minimise false positives using Microsoft’s analytics and unparalleled threat intelligence.
Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft.
Respond to incidents rapidly with built-in orchestration and automation of common tasks.
✓ Collect data at cloud scale
✓ Detect Previously undetected threats and minimise false positives
✓ Investigate threats with AI and hunt for suspicious activities at scale
✓ Respond to incidents rapidly
ITFR Sentinel
What is ITFR Sentinel?
Through multi-platform integration of Cloud-Native XDR with Azure Sentinel and Microsoft Defender(s), married with ITFR’s Custom Orchestration, Automation and Dashboards, we produce solutions specific to our clients needs all within our client’s tenancy.
ITFR Sentinel
The ITFR Sentinel solution supports the entire Microsoft security suite:
Microsoft Azure Sentinel
A cloud-based security information and event management (SIEM) tool.
Microsoft 365 Defender
An extended detection and response (XDR) platform designed to natively integrate with A zure Sentinel. (This includes all Microsoft 365 Defender services – for Endpoint, Office 365, Identity,and Cloud App Security).
Microsoft Azure Defender
A platform that provides XDR capabilities for infrastructure and cloud platforms includingvirtual machines, databases and containers.
ITFR Sentinel
Why ITFR’s Sentinel?
24 x 7 Managed Detection and Response
Real-time monitoring of Azure Sentinel alerts with full-scale investigations and response to security events supported by expert Cyber threat analysts who operate 24/7, across multiple locations within Security Operations Centers (SOC).
Custom Correlations
Analyst developed unique searches, custom correlations, and tracking integrated with ITFR threat intelligence providing contextual insights unique to your enterprise.
Increased Visibility to Resolve Every Alert
Collects and analyzes data from multiple data sources, including endpoint, email, user activity, and other thirdparty security solutions, providing visibility into risks and threats acro s s multi-cloud and hybrid environments.
Built-in Automation and Orchestration
Integrated, proprietary playbooks designed to automate responses, enabling the ability to fully automate routine operations to recurring types of alerts and/or automated responses to specific alerts.
Cloud-Native MDR Protection with Speed and Scale
Near-limitless connectivity speed to security logs and scale delivered in the cloud without the time and cost of appliance-based SIEM.
Collaboration
Customers leverage Sentinel and/or My ITFR, ITFR’s client portal, toaccessreal-timeinformationaboutincidents,iinvestigations, resolutions, tickets and change requests.
Integrated Automation Enhanced with Expertise
Integrated cross-product automation layer that ingests all alerts generated to automate and coordinate prevention, defensive responses, and remediation across all platforms.
Threat Intelligence Integration
ITFR threat intelligence amplifies and enriches correlations to create custom insights.
Ongoing Building and Tuning of Azure Sentinel Alerts
Simplified implementation tailored to your unique environment, providing custom configurations and ensuring limited operational interruption.
Human Hunting
In conjunction with machine-hunting, ITFR’s dedicated hunting personnel proactively investigates activity to ensure nothing is missed through standard detections.
ITFR Sentinel
How we work
Managed Security Operations
ITFR’s Managed Detection and Response provides real-time, customized threat response and remediation – terminating malicious processes,isolatingdevices,andmanuallypreventing persistence and lateral movement associated with sophisticated attacks.
ITFR incorporates client-driven rules of engagement (ROE) to enable immediate, decisive action, utilizing analyst driven expertise to stop threats that could cripple a network versus noncritical events where a lower-tiered response may be appropriate.
MDR services integrate proven frontline expertise, comprehensive threat data analytics, and advanced technology solutions to deliver remote monitoring and incident remediation utilizing Azure Sentinel, Microsoft Defender Advanced Threat Protection by Defender for Endpoint, Office 365 Advanced Threat Protection by Defender for Office 365, Azure Advanced Threat Protection by Defender for Identity, and Microsoft Cloud App Security.
Deployment and Implementation
Maximize your investment in Microsoft security solutions with ITFR to:
✓ Design and configure Azure Sentinel cloud instance
✓ Configure and onboard log data using Azure Sentinel built-in connectors across cloud and on-premises sources
✓ Create client-specific dashboard design and customization
✓ Create proactive threat hunting playbook
✓ Construct alerting scenarios to trigger case generation and investigations
✓ Integrate playbooks to enable automation
ITFR Sentinel
What is ITFR Sentinel?
The ITFR Sentinel is a powerful SOC solution that can incorporate security logs from the entire Microsoft security toolset and combine them with Platform agnostic network (CyberCNS) and data vulnerability (Actifile) logs as well as hundreds of other other third-party technologies.
Rather than you sending us your logs and us sending you alerts back, our security experts will operate inside your environment, enriching incidents, raising alerts, and closing incidents, implementing simulated threats followed by remedy training etc., directly within your Azure Sentinel environment, where you can watch in real- time as we work to protect your company from threats.
what our clients say