"Microsoft Azure Sentinel is a ultra scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
Obrela’s Managed Detection & Response (MDR) service for Azure Sentinel combines collective intelligence practices and methods with leading edge security analytics and sophisticated risk management technology to identify, analyze, predict and prevent cyber-security threats in real time. Azure Lighthouse allows Obrela to expand the Sentinel ecosystem to a powerful multi-tenant SIEM while data is persisted and analyzed on the Client tenant.
Threat detection analytics, an integral part of the MDR service, collect and analyze structured and unstructured security related data from multiple systems, network devices and other critical assets, generating valuable intelligence for new, emerging and advanced security threats.
Obrela’s SOC, also an integral part of the MDR service, staffed by threat analysts with IT monitoring expertise provides 24×7 monitoring, incident escalation as soon as a threat is validated providing to the customers MITRE-like recommendations for fast and effective security incident response.
On top of the native features of Azure Sentinel, OBRELA differentiates through:
Operations and Incident Response
Integration with OBRELA 24x7x365 Services including
• SOC Team / SIRT Team
• Blue Team / Threat Hunting Team
Help Clients understand, in depth, emerging incidents, detection logic and security misconfigurations
Enterprise incident management with rules of engagement
360° Service across Sentinel, E5-ATP Products, Obrela platform
SIRT support until incident closure
SLA Service metrics and Security Infographics
Integration and Visibility
Guide clients through the full Sentinel adoption and onboarding of systems (on-prem / cloud-based)
Optimally integrate MS E5+ATP platforms and important Azure PaaS components (e.g. NSG, CosmosDB, Key Vault, App Services)
Enable collection (integration, parsing, categorization) and support for any system or inhouse application that can generate logs.Use-case-ready approach.
Enable current on-prem SIEM investments (Obrela or supported 3rd party) to integrate with Sentinel
Build visibility dashboards to gain unprecedented insight across data and custom applications
Detailed integration scoping document, design and documentation
Analytics and Rules
Enable and tune all the required out-of-the-box rules as well as rules developed by Obrela that need to run on the Client Sentinel
Register the client to Obrela cross-tenant rule environment to benefit from Obrela’ s growing list of analytics rules and threat hunting
Develop new rules and custom use cases to meet Client security goals
Drive Clients toward understanding and evaluating their defenses, realizing blind/hot spots and introduce new defense layers
Playbooks and Automation
Obrela MDR playbooks running on Obrela cloud triggered by incidents and alerts, cross-tenant
Growing list of playbooks library to respond to certain situation
Tuning and custom development of playbooks to address specific client environment
Support for playbook action on on-prem systems (Logic App proxy)
Documentation and orchestration of complete use cases (design / detection / hunting / execution)
Our clients are offered the advantage of fast integration to Obrela’s Managed Detection & Response (MDR) service and day one visibility of security threats in their enterprise environment. Clients can build on top customized processes and procedures for risk compliance and incident response plans.
Start Now: https://www.obrela.com/get-started/