Creative Networks

Microsoft Sentinel

Microsoft Sentinel is a cloud-based SIEM service aiding in threat detection, investigation, and response across enterprise infrastructures. It aggregates and analyses security data from diverse sources, utilises advanced analytics and machine learning, and offers customisable dashboards and automation to enhance security operations and incident response efficiency.

Features

• Detect threats across diverse environments.
• Scalable cloud-native architecture.
• Integrates with Microsoft & third-party solutions.
• Advanced analytics for threat identification.
• Personalised dashboards for security monitoring.
• Tools for detailed incident investigation.
• Automated response for swift mitigation.
• Ensures compliance with industry regulations.
• Proactive threat identification with hunting queries.
• Continuous updates to combat evolving threats.

Benefits

• Enhances accuracy, lowering security risks.
• Speeds up incident response, minimising damage.
• Streamlines operations, boosting productivity.
• Simplifies compliance, ensures regulatory adherence.
• Proactively hunts threats, prevents breaches.
• Offers insights for informed decisions.
• Strengthens security, defends against cyber threats.
• Fosters team collaboration, improves communication.
• Automates tasks, reduces workload.
• Boosts confidence, ensures peace of mind.

£2.85 to £75.00 a device a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aj@creative-n.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

276901418860766

Contact

Azeem Javed
03303337337
aj@creative-n.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Microsoft Sentinel integrates with Microsoft Azure services, Microsoft 365, third-party security solutions like Cisco and Palo Alto Networks, other SIEM platforms, and various cloud service providers. This enables comprehensive threat detection and response across diverse environments and applications.
• Cloud deployment model: Public cloud
• Service constraints: Buyers considering Microsoft Sentinel should be aware of data ingestion limits, integration dependencies, subscription tiers, network connectivity requirements, and planned maintenance. Exceeding data limits may incur charges, while effective integration and stable internet access are crucial. Subscription tiers vary in features and pricing. Scheduled maintenance may temporarily affect service availability. Understanding these constraints helps in proper planning and budgeting for effective implementation and operation of Sentinel within their organisation's security infrastructure.
• System requirements:
  • Azure subscription: Access Azure portal for deploying Sentinel.
  • Configure data sources for sending security logs.
  • Stable internet connection for accessing Azure.
  • Users need appropriate permissions within Azure portal.
  • Cybersecurity, cloud, and data analysis expertise beneficial.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support response times - 08:30 - 18:00 Weekdays, excluding Bank Holidays. Out of hours support available where necessary. 30 minutes to 8 hour response dependent on priority call, P1 - 30 mins, P2 - 1 hour, P3 - 4 hours, and P4 - 8 hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: We have not conducted any testing of web chat accessibility with users employing assistive technology.
• Onsite support: Onsite support
• Support levels: End-user training can be provided at an ad hoc cost. We provide a UK based Service Desk for support. Out of hours support is available. Our helpdesk is made up of 1st, 2nd and 3rd Line technical expertise. A Technical Account Manager will be assigned as standard as a part of our standard and premium IT Support, see our pricing schedule and SFIA Rate Card for details.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We assist users in adopting our service through a variety of resources tailored to their needs. Our user documentation offers step-by-step guides, FAQs, and troubleshooting tips for independent learning. Additionally, we provide interactive online training sessions and webinars led by experienced instructors to guide users through setup and configuration processes effectively. For those preferring personalised assistance, optional onsite training sessions can be arranged to address specific organisational requirements. Our dedicated technical support team is readily available to assist users with any inquiries or challenges they may encounter, offering prompt resolution via email, phone, or online chat. With these resources and support channels in place, we aim to ensure a smooth onboarding experience and empower users to harness the full capabilities of the service for their communication needs.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Exported upon request. Contact the Support Helpdesk or Technical Account Manager.
• End-of-contract process: At the end of the contract services will continue on a rolling 30 day agreement until either party serves notice. If it is decided the client will exit, Creative Networks will assist in transitioning and migration of services ensuring continuity and a smooth handover. We will, where applicable deliver an Exit Plan which sets out the proposed methodology for achieving an orderly transition of Services on the expiry or termination of the contract. The Exit Plan will contain at minimum: Separate mechanisms for dealing with Ordinary Exit and Emergency Exit. The management structure to be employed during both transfer and cessation of the services and a detailed description of both the transfer and cessation processes, including a timetable. Document how the Services will transfer including details of the processes, documentation, data transfer, systems migration, security and the segregation of technology components. Specify the scope of the Termination Services that may be required and any charges that would be payable for the provision of such Termination Services and detail how such services would be provided. Provide a timetable and identify critical issues and set out the management structure to be put in place and employed during the Termination Assistance Period.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Microsoft Sentinel offers core functionalities on both mobile and desktop versions. However, the desktop version provides a more expansive layout, advanced features, and smoother performance, while the mobile version offers a simplified layout, potentially requiring more touch-based interaction and with some advanced features less accessible.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Microsoft Sentinel has a service interface that users interact with through the Microsoft Azure portal. This interface provides access to all the features and functionalities of Sentinel, allowing users to manage security incidents, configure alert rules, create custom dashboards, perform investigations, and access documentation and support resources. The interface is designed to be user-friendly and intuitive, making it easy for security professionals to navigate and utilise the capabilities of Sentinel effectively.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Creative Networks have not conducted any interface testing with users of assistive technology.
• API: Yes
• What users can and can't do using the API: Using the Microsoft Sentinel API, users can set up and configure workspaces, connectors, and rules, automate tasks, and integrate with other security tools. However, access permissions, technical expertise, and API documentation comprehension are necessary, and certain configurations may not be available or supported via the API.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users customise Microsoft Sentinel through the Azure portal, creating custom alert rules, dashboards, workbooks, playbooks, and data connectors. Security administrators, analysts, and IT personnel with appropriate permissions typically perform these customisations to tailor Sentinel to their organisation's needs.

Scaling

• Independence of resources: Microsoft ensures user experience in Microsoft Sentinel through scalable Azure infrastructure, resource isolation, load balancing, efficient resource management, and proactive monitoring. These measures prevent one user's activities from impacting others and maintain high performance for all users, even under fluctuating demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Microsoft Sentinel provides service usage metrics that allow users to monitor and analyse various aspects of their Sentinel deployment. These metrics include information about data ingestion rates, query performance, alert volumes, incident response times, and resource utilisation. By tracking these metrics, users can gain insights into their security operations, identify trends, and optimise their Sentinel configurations for better performance and efficiency.
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users export data from Microsoft Sentinel through Log Analytics queries, Azure Storage, Azure Event Hubs, or custom solutions using the API. This enables data extraction for compliance, forensic analysis, and external analytics, enhancing overall security capabilities.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Microsoft Azure, the platform hosting Microsoft Sentinel, offers a Service Level Agreement (SLA) for its services, including Sentinel. Azure's SLA guarantees at least 99.9% monthly uptime for most services.
• Approach to resilience: Microsoft Sentinel achieves resilience through Azure's high availability architecture, automatic failover, data redundancy, scalability, geo-replication, and continuous monitoring. Leveraging these features, Sentinel ensures uninterrupted service, data protection, and performance, even during unexpected disruptions or failures, providing users with a reliable security monitoring platform.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Supplier defined controls.
• Access restriction testing frequency: Less than once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Less than 1 month
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Less than 1 month
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: UKAS
• ISO/IEC 27001 accreditation date: 24/10/2022
• What the ISO/IEC 27001 doesn’t cover: Areas not covered by ISO/IEC 27001 certification include specific business processes unrelated to information security, certain third-party services or suppliers, or compliance with other industry-specific regulations.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Organisations adhering to ISO 27001 establish robust information security practices. They develop policies aligned with ISO 27001 requirements, covering areas like access control, data protection, and incident response. Through risk assessments, they identify and prioritise security risks, implementing controls to mitigate them. Employees receive training on security policies and procedures to enhance awareness and compliance. Monitoring and review processes ensure the effectiveness of security controls, with regular audits and assessments conducted. A designated individual or team oversees the implementation and maintenance of the Information Security Management System (ISMS), reporting to senior management or the board. To ensure policy adherence, organisations employ various mechanisms such as audits, reviews, and ongoing monitoring. Non-compliance issues prompt corrective actions and improvements to the ISMS. By following these practices, organisations demonstrate their commitment to information security and continuously strive to enhance their security posture in line with ISO 27001 standards.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Creative Network's have in place a Change Management Process that follows the ISO 20000 Standard. A change is proposed with the Change Manager and then added to the Changes-overview. The change is scheduled to be executed and a roll back plan is created (if necessary). Rollback is actioned immediately upon confirmation as per following the rollback matrix, resources are freed and announcements are published. Periodically, the overview of archived changes is checked.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Creative Network's have a Vulnerability Management process that implements the following: Receives information about zero day threats from the National Cyber Security Center; subscribe to newsletters from vendors and used products, in contact with special interest groups; Technical vulnerabilities are handled either using the Incident management process or the Change management process; Patches are tested following the Installation of software on operational systems.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All devices have a monitoring agent on them which can identify potential issues and report back to our service desk. If an issue is identified we have an internal 4 hour SLA to ensure remedial actions are carried asap, the seriousness of an incident will be assessed on discovery so that any priority issues can be responded to quickly.
• Incident management type: Supplier-defined controls
• Incident management approach: Fully developed Business Continuity and Disaster Recovery management process developed in line with ISO 22301. Creative Network's have a pre-defined Incident Management Process in place where by an incident is reported with the Incident Manager and then added to the Incidents-overview. After which, relevant log files (from all systems affected) and evidence is gathered. The incident is corrected by implementing a patch, temporary fix or workaround. It is determine whether future occurrences of the incident can be prevented, e.g. by modifying/strengthening one or more controls. Periodically, the overview of archived incidents is checked for apparent trends and effectivity of corrections.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  By providing a robust security solution that helps organisations prevent and mitigate cyber attacks, Microsoft Sentinel indirectly supports efforts to fight climate change. Cyber attacks can disrupt critical infrastructure and services, leading to increased energy consumption and carbon emissions. By safeguarding against such attacks, Sentinel helps maintain the stability and efficiency of systems and processes, indirectly contributing to environmental sustainability efforts.

  Covid-19 recovery

  In the context of Covid-19 recovery, Microsoft Sentinel plays a crucial role in ensuring the security and resilience of remote work environments. As many organisations transitioned to remote work during the pandemic, there was a significant increase in cyber threats targeting remote access and collaboration tools. By providing threat detection, incident response, and compliance management capabilities, Sentinel helps organisations secure their remote work infrastructure, enabling them to continue operations safely and effectively during the recovery period.

  Equal opportunity

  Microsoft Sentinel contributes to equal opportunity by helping organisations of all sizes and industries enhance their cybersecurity posture. By providing a cloud-native, scalable security solution with built-in automation and analytics capabilities, Sentinel levels the playing field for organisations that may not have the resources or expertise to implement and manage complex security systems. This democratisation of cybersecurity tools ensures that even smaller or less-resourced organisations have access to advanced threat detection and response capabilities, helping to mitigate the risk of cyber attacks and promote equal opportunity in the digital landscape.

  Wellbeing

  While not directly related to physical or mental health, Microsoft Sentinel indirectly supports wellbeing by protecting the digital infrastructure upon which many aspects of modern life depend. By detecting and mitigating cyber threats, Sentinel helps safeguard critical services and data, promoting a sense of security and stability for individuals and organisations. In a digital world where cyber attacks can have far-reaching consequences, the wellbeing of individuals and communities is closely tied to the security of their digital environments.

Pricing

• Price: £2.85 to £75.00 a device a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aj@creative-n.com. Tell them what format you need. It will help if you say what assistive technology you use.