Reliance Cyber are supporting a Tier 1 multinational Defence contractor with a Managed Detection and Response SOC service based around their specific requirements. We are enhancing the customer’s cyber security defences with collaborative, response-driven and pervasive monitoring which is aligned to their current environment and strategic roadmap.
Reliance Cyber’s Managed Service delivers:
- Onboarding their environment to Azure Sentinel using the customer’s existing tenancy
- 24x7x365 Monitoring, Detection and Response
- Tuning and Optimisation of both standard and customer Kusto queries and responses through the alignment of best practice, threat intelligence, client contextualisation and alignment to the MITRE ATT&CK framework.
- Service Management and Reporting with direct analyst contact and communication.
- Tuning and optimisation of best security value log source.
- Full incident profiling of events including triage, correlation, contextualisation, investigation, handling and response support.
- Multi-tiered monitoring including known bad threat hunting and anomaly detection.
- Dedicated analyst time for service improvements. This can be used for additional security questions, service interlocks, additional threat hunting, additional compliance reporting or additional dashboard creation.
The solution is integrated with critical components of the customer’s business to deliver an efficient and effective SOC and SIEM which can quickly respond to issues and changing requirements. As the customer’s estate is focused on Microsoft, our solution is based on this to make maximum use of existing architecture and knowledge.
Reliance Cyber’s MDR solution for this customer was built on a deployment of Microsoft Sentinel within the Azure environment, with information shared with Reliance Cyber via a lighthouse integration and access allowed via federation and Microsoft PIM. The customer’s data remains within their Azure tenancy, with custom queries, alarms and investigations carried out together with Reliance Cyber. This ensures segregation of data and allows configuration of our leading PAM solution to ensure stringent role-based access.
During the onboarding phase, the architecture was developed to allow for multiple sites with unique variances. We used a series of workshops to gain contextual information on the customer’s varied environments, how they operate and the threats currently faced. Threat modelling and process integration were key to the on boarding phase, giving our SOC analysts detailed information on the customer’s estate and requirements. This close alignment and knowledge allows Reliance Cyber’s analysts to raise threats with suitable priority and urgency. Additionally, this in-depth knowledge gives a customised detection capability, rather than a generic set of signatures. We provide reports and recommendations that are rich with contextual data and relevant to the customer’s business. This gives a better understanding of threats, leading to a more effective response.
The customer has direct access to our team of highly skilled and experienced analysts, whose backgrounds include working within financial, insurance, intelligence, defence and large corporate organisations. Access is direct, with no tiered support levels, so the customer can contact the analysts monitoring their environments directly.