Road-testing Microsoft Sentinel with a Proof-of-Concept | Kocho
Skip to content

Case Study

Try before you buy: Road-testing Microsoft Sentinel for a local housing association

arrow icon arrow icon

Our client needed a modern threat protection solution, so they came to us to try Microsoft’s flagship security information and event management (SIEM) platform, Microsoft Sentinel.

We built a proof-of-concept for Linc Cymru to test drive Microsoft Sentinel. As a result, Sentinel now forms a key part of their security and compliance strategy.

As a housing association and care provider, Linc Cymru handles a lot of sensitive personal data. They needed to ensure they had the visibility and response power to protect this information and prevent potential breaches.

Already making use of the Azure cloud, Linc Cymru approached Microsoft to source a named partner to build out a proof-of-concept (POC) environment to evaluate how Microsoft’s leading SIEM solution, Microsoft Sentinel, could help detect and respond to threats.

Ensuring greater threat protection with Microsoft Sentinel

Our Sentinel POC helped Linc Cymru:

Ebony and green ticklist icon on transparent background

Fully assess how Sentinel would perform in their environment using real data

Ebony and green piggy bank and pound icon on transparent background

Take a cost-effective and efficient approach to improve security monitoring and response

Ebony and green woman with headset support desk icon on transparent background

Iron out any false positives or teething issues with regular supervision and guidance from Kocho security experts

Ebony and green interlinked hexagon icon on transparent background

Gain oversight of security events across the entire Linc Cymru network (both on-premises and cloud-based)

Ebony and green central connected nodes icon on transparent background

Create a foundation to build on as they incorporate more services and data into Sentinel for improved automation and management

tag icon

Free Video

Microsoft Sentinel and Defender XDR Demos

Detect, investigate, and remediate threats across your entire network, with the power of AI.

See how you can:

  • Make security and protection more efficient
  • Utilise AI to power detection and remediation
  • Protect endpoints, identities, and apps

The search for a SIEM and improved security

Linc Cymru was already using Azure Log Analytics and Logic Apps to automate server management (updating security patches using LogicApps and triggering upgrades when Microsoft release high importance patches).

They quickly identified the need to use the Azure platform to provide security insights and oversight of their on-premises and public cloud networks.

Linc Cymru began looking at using a security incident and event management (SIEM) platform to achieve this.

As their security logs were being stored in Azure, it made sense to explore Microsoft Sentinel as a potential solution. It also meant that the initial costs to do so were incredibly low.

Speech mark icon

Sentinel could work natively within the Azure platform using existing log storage to provide instant visibility of historical data.

Peter Murphy

Technology Manager, Linc Cymru

Having initially set up Sentinel in-house, Linc Cymru decided to go through Microsoft to build out a fully developed proof-of-concept environment to put the platform through its paces.

With specialist expertise in Microsoft’s security suite and Sentinel in particular, Microsoft recommended Kocho as the partner best placed to deliver the POC.

Proving Sentinel’s worth with a proof-of-concept

Within a day or two of the project starting, we had Sentinel configured and up and running.

Over the next two weeks, Sentinel ingested and learnt from Linc Cymru’s security logs. A weekly call with Kocho security expert, Paul Rouse, helped reduce any false positives and fine-tune Sentinel’s understanding of the Linc Cymru environment using its out-of-the-box workbooks.

In around a month, Sentinel was fully operational and producing accurate security event data for Linc Cymru to investigate further and visualise in various dashboards and reports.

Once the POC was completed, Linc Cymru used the established environment as a foundation to build upon. In the following months, more logs were incorporated into Sentinel from other, non-Microsoft, systems.

This has enabled Linc Cymru to monitor their security from a single location with greater insight into events using near real-time data.

Having this global view over their entire IT estate means that Linc Cymru can spot threats and false positives with greater ease versus piecing together event activity from isolated systems and dashboards.

A version of the Kocho butterfly logo
Speech mark icon

We can quickly spot high alerts in all of our security systems and direct attention to the right place at the right time.

Peter Murphy

Technology Manager, Linc Cymru

A strong foundation for enhanced automation and response

Linc Cymru continues to build on the foundation laid by the Sentinel POC, incorporating more and more systems, practices, and processes to be monitored. Particularly around the integration of Dynamics 365 which is a major element of their housing management services.

Sentinel is now key to ensuring that security and compliance are at the forefront of everything Linc Cymru does.

To ensure compliance improves alongside their security capabilities, we are supporting Linc Cymru with further POCs for Data Loss Prevention and Information Compliance.

A Microsoft FastTrack project is also underway to help Linc Cymru’s internal IT Compliance Officer fully understand the compliance features included within Microsoft 365 for more efficient management.

Once these initiatives are completed, Linc Cymru will look to consolidate various automated rules and responses into Sentinel for greater efficiency and accuracy.

Using more of Sentinel’s automation capabilities will mean an increase in costs, but for Linc Cymru, the benefits of being able to ensure an accurate response to threats far outweigh the additional cost.

Next steps

tag icon

Free Video

Microsoft Sentinel and Defender XDR Demos

Detect, investigate, and remediate threats across your entire network, with the power of AI.

See how you can:

  • Make security and protection more efficient
  • Utilise AI to power detection and remediation
  • Protect endpoints, identities, and apps
tag icon

Great emails start here

Sign up for free resources and exclusive invites

Subscribe to the Kocho mailing list if you want:

  • Demos of the latest Microsoft tech
  • Invites to exclusive events and webinars
  • Resources that make your job easier
Butterfly overlay image

Got a question? Need more information?

Our expert team is here to help.