The security unit of Fast 50 company Lab3 has developed a SIEM packaged service, Sentinel as Code, for deploying Azure Sentinel, associated log collectors and policies as code.
It allows for the rapid deployment of Sentinel to large organisations and provides automated life-cycle management.
The solution includes a dashboard for security posture visibility, automated response to level 1 and 2 threats, granular controls with access at the levels of the customer’s choosing, and customer retention of all authority over any data.
It is available as both a SaaS offering and as part of a managed service agreement with Lab3.
The solution has been in development for over a year, according to network and security director Anthony Wales.
"We felt the solution was customer-ready about six months ago and since then we've really matured the automation pipeline with a few of our earlier customers. Now we've successfully delivered to about 15 fairly large customers inside of Australia making us almost a partner of choice from Microsoft for these opportunities.”
One benefit of the solution, and a reason the team chose Sentinel, is that the platform itself is managed by Microsoft so there is no need for a security team to manage any infrastructure, Wales explained.
This, plus the automation of low-level alerts “allows the security team to do the main tasks that they want to be doing – the level three or four alerts, and more specialised actions,” he said.
Lab3 has received Advanced Specialisation Threat Protection from Microsoft, which requires significant evidence of its capabilities from large customers.
The company uses its Sentinel as Code solution across its own infrastructure which has “allowed us to understand how much we want to tune our own controls, and to what extent,” chief information security officer Don Jokhan said.
“Because we as an organisation are aiming for a very, very high level of certification from the Australian Government in terms of our protection profile, we're able to provide that equivalent or higher as well for our customers.”
Lab3 offers appliances that can integrate data ingestion from on-premise or cloud into the system to ensure that an organisation’s entire wealth of information is accessible and visible through the Sentinal as Code solution.
As well as automating threat detection and response, the systems are also self-monitoring up to an extent. This means that, for example, if a connector is not passing through any logs, this will be flagged for remediation by an organisation’s in-house security team or Lab3 as an MSP.