Try before you buy: Road-testing Microsoft Sentinel for a local housing association

As a housing association and care provider, Linc Cymru handles a lot of sensitive personal data. They needed to ensure they had the visibility and response power to protect this information and prevent potential breaches.

Already making use of the Azure cloud, Linc Cymru approached Microsoft to source a named partner to build out a proof-of-concept (POC) environment to evaluate how Microsoft’s leading SIEM solution, Microsoft Sentinel, could help detect and respond to threats.

Ensuring greater threat protection with Microsoft Sentinel

Our Sentinel POC helped Linc Cymru:

The search for a SIEM and improved security

Linc Cymru was already using Azure Log Analytics and Logic Apps to automate server management (updating security patches using LogicApps and triggering upgrades when Microsoft release high importance patches).

They quickly identified the need to use the Azure platform to provide security insights and oversight of their on-premises and public cloud networks.

Linc Cymru began looking at using a security incident and event management (SIEM) platform to achieve this.

As their security logs were being stored in Azure, it made sense to explore Microsoft Sentinel as a potential solution. It also meant that the initial costs to do so were incredibly low.

Having initially set up Sentinel in-house, Linc Cymru decided to go through Microsoft to build out a fully developed proof-of-concept environment to put the platform through its paces.

With specialist expertise in Microsoft’s security suite and Sentinel in particular, Microsoft recommended Kocho as the partner best placed to deliver the POC.

Proving Sentinel’s worth with a proof-of-concept

Within a day or two of the project starting, we had Sentinel configured and up and running.

Over the next two weeks, Sentinel ingested and learnt from Linc Cymru’s security logs. A weekly call with Kocho security expert, Paul Rouse, helped reduce any false positives and fine-tune Sentinel’s understanding of the Linc Cymru environment using its out-of-the-box workbooks.

In around a month, Sentinel was fully operational and producing accurate security event data for Linc Cymru to investigate further and visualise in various dashboards and reports.

Once the POC was completed, Linc Cymru used the established environment as a foundation to build upon. In the following months, more logs were incorporated into Sentinel from other, non-Microsoft, systems.

This has enabled Linc Cymru to monitor their security from a single location with greater insight into events using near real-time data.

Having this global view over their entire IT estate means that Linc Cymru can spot threats and false positives with greater ease versus piecing together event activity from isolated systems and dashboards.

A strong foundation for enhanced automation and response

Linc Cymru continues to build on the foundation laid by the Sentinel POC, incorporating more and more systems, practices, and processes to be monitored. Particularly around the integration of Dynamics 365 which is a major element of their housing management services.

Sentinel is now key to ensuring that security and compliance are at the forefront of everything Linc Cymru does.

To ensure compliance improves alongside their security capabilities, we are supporting Linc Cymru with further POCs for Data Loss Prevention and Information Compliance.

A Microsoft FastTrack project is also underway to help Linc Cymru’s internal IT Compliance Officer fully understand the compliance features included within Microsoft 365 for more efficient management.

Once these initiatives are completed, Linc Cymru will look to consolidate various automated rules and responses into Sentinel for greater efficiency and accuracy.

Using more of Sentinel’s automation capabilities will mean an increase in costs, but for Linc Cymru, the benefits of being able to ensure an accurate response to threats far outweigh the additional cost.

Next steps