User Shield: 4-Wk Implementation

User Shield leverages Microsoft’s Azure Sentinel SIEM & XDR technology combined with Long View’s 24x7 Security Operations Center (SOC) to secure your Microsoft cloud ecosystem (Office365, OneDrive, Teams, Azure, Microsoft 365 Defender, Dynamics 365).

USER SHIELD DEPLOYMENT Our SOC experts will professionally setup Sentinel in your Azure workspace including deployment of our proven expert rulesets & automated playbooks that will automatically respond to threats & other suspicious activities including workstation or user quarantine in near real-time. Your company’s system administrators will be notified while our 24x7 SOC triages to provide you the best course of action for remediation. Automation can be leveraged to trigger playbooks developed by Long View to quarantine workstations (endpoints) or suspend user access during malicious behavior. Other threats may require triage by Long View’s skilled SOC team. This is all achieved with a second instance of Sentinel via Azure Lighthouse, located in Long View’s SOC which is linked & synchronized to the client’s workspace to investigate & respond as required.

ACTIVITIES & OUTCOMES

• Turn on Sentinel application in Client workspace.
• Apply initial Long View Custom Rule Sets & Long View Custom Playbooks. Add or modify Custom Rule Sets & Custom Playbooks as new threats are discovered.
• SOC monitors multi-tenant instance of Sentinel as oversight of all Client Sentinel instances and triage alarms, validate successful automation & ensure Client notification &/or Client intervention when required.
• Maintain Client specific Security Incident Response Plan (SIRP).
• Document & record all Security incidents in accordance to Long View Integrated Global Services best practices.
• Provide Client monthly report of security incidents & actions as evidence of Sentinel automation, SOC & Client interventions.
• Monitoring scope includes Azure Active Directory logs & sign-ins, Office 365 logging & Threat Intelligence Indicators.