Multinational Defence Contractor

Reliance acsn are supporting a Tier 1 multinational Defence contractor with a Managed Detection and Response SOC service based around their specific requirements. We are enhancing the customer’s cyber security defences with a collaborative, response-drive and pervasive monitoring which is aligned to their current environment and strategic roadmap.  

Reliance ascn Managed Service delivers: 

  • Onboarding their environment to Azure Sentinel using the customer’s existing tenancy 
  • 24x7x365 Monitoring, Detection and Response 
  • Tuning and Optimisation of both standard and customer Kusto queries and responses through the alignment of best practise, threat intelligence, client contextualisation and alignment to the MITRE ATT&CK framework. 
  • Service Management and Reporting with direct analyst contact and communication. 
  • Tuning and optimisation of best security value log source. 
  • Full incident profiling of events including triage, correlation, contextualisation, investigation, handling and response support. 
  • Multi-tiered monitoring including known bad, threat hunting and anomaly detection. 
  • Dedicated analyst time for service improvements. This can be used for additional security questions, service interlocks, additional threat hunting, additional compliance reporting or  additional dashboard creation. 

 
The solution is integrated with critical components of the customer’s business to deliver an efficient and effective SOC and SIEM which can quickly respond to issues and their changing requirements. As the customer’s estate is focused on Microsoft, our solution is based on this to make maximum use of existing architecture and knowledge.  

Reliance acsn’s MDR solution for this customer was built on a deployment of Microsoft Sentinel within the Azure environment, with information shared with Reliance acsn via a lighthouse integration and access allowed via federation and Microsoft PIM. The customer’s data remains within their Azure tenancy, with custom queries, alarms and investigations carried out together with Reliance acsn. This ensures segregation of data and allows configuration of our leading PAM solution to ensure stringent role-based access.  

During the onboarding phase, the architecture was developed to allow for multiple sites with unique variances. We used a series of workshops to gain contextual information on the customer’s varied environments, how they are operated and the threats currently faced. Threat modelling and process integration were key to the onboarding phase, giving our SOC analysts detailed information on the customer’s estate and requirements. This close alignment and knowledge allows Reliance acsn’s analysts to raise threats with suitable priority and urgency. Additionally, this in-depth knowledge gives a customised detection capability, rather than a generic set of signatures. We provide reports and recommendations that are rich with contextual data and relevant the customer’s business. This gives a better understanding of threats, leading to a more effective response. 

The customer has direct access to our team of highly skilled and experienced analysts, whose backgrounds include financial, insurance, intelligence, defence and large corporate organisations. Access is direct, with no tiered support levels, so the customer can contact the analysts monitoring their environments directly.