Blogs & Stories

Trustwave Blog

The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices.

Free Trustwave Workshop: Microsoft Defend Against Threats with SIEM Plus XDR

Microsoft understands the importance of security, and to help its clients keep threat actors at bay, the company often bundles Microsoft Defender and Sentinel security products with its Office and Azure offerings.

The kicker is that in many cases, Microsoft's client is either unaware these security features are included with their purchase or simply don't know how to make the most out of these security tools.

This area is where Trustwave plays a role. As a trusted Microsoft partner, Trustwave has been given the opportunity to implement the Microsoft Managed Security Solutions Provider Partner program. This includes offering free workshops to current Microsoft clients, which will break down, explain, and, if the client desires, even help manage their Sentinel and Defender security products.

The client must meet some technical prerequisites for consideration, and Microsoft must sign off for an organization to participate. The workshops are open to all Trustwave customers and any interested outside party.

Trustwave has designed the workshops to enhance a Microsoft client's understanding of and confidence in Sentinel and Defender.

Just as a quick reminder, Sentinel is a scalable, cloud-native solution that provides Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR). Defender is is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Workshops Conducted by Security Professionals

Trustwave's Solution Engineering/Security Architect team will deliver the workshops. The entire process can take up to a month to complete and will include using a tenant to Sentinel to gain access to the client's system, but which will not impact its production environment.

The overall goal of the workshop is for:

  • Customers develop confidence in the value of Microsoft 365 E5
  • Identify real security threats in the client's environment using a Microsoft 365 trial
  • Showcase the Microsoft Sentinel and Microsoft 365 Defender experience
  • Providing an overview of Microsoft Security's end-to-end story
  • Use demos to showcase product capabilities

The Trustwave team conducts the workshop virtually. This method helps expedite the process by eliminating the need to set up travel arrangements and it builds in flexibility, allowing the client to set the time.

Who can Attend?

The workshops are open to any current or potential Trustwave customer that is now using or evaluating the possible use of Microsoft security products. These would include Microsoft E3 customers looking at Microsoft security or E5 customers interested in seeing how Microsoft security could help them.

There are some technical requirements that must be met for consideration. An organization must have 800+ Microsoft Defender for Endpoint (MDI) and Microsoft Defender for Office (MD0) and Azure Active Directory Premium Plan 2 paid active users. Additionally, a participant needs 250+ Monthly Active Users (MAU) for Exchange Online, SharePoint Online or Teams.

There is no limit to the number of people who can attend the workshops. Still, a potential attendee should keep in mind that the event is designed for a technical audience and the security team, so those attending should fall into those categories.

There is an approval process, which Trustwave manages, but generally, a client will receive notification of acceptance within two weeks.

The Workshop Process

The workshop begins with a kick-off meeting during which the parties go through the process that will take place and cover what will be required regarding time and resources.

After the kick-off, the two sides will hold weekly meetings. The Trustwave team uses this time to lead the participants through working with the Microsoft security tools, resolving issues the company may have with these products and gathering general information on the client's system.

Trustwave will also conduct a simulated attack from an EDR perspective against the client's environment, which helps demonstrate the proper use of Sentinel and Defender.

Finally, the Trustwave team conducts an actual search for vulnerabilities using the Microsoft products.

The culmination of the workshop is a presentation during which Trustwave shows the output from all the work, which includes screen captures of the data, any vulnerabilities discovered, and a list of other issues that might require further investigation.

The participant's take-away from the workshop is a meeting in which the Trustwave engineers or representative from the company's Consulting and Professional Services team presents all the findings to the participant. 

From start to finish, the workshop experience will take about a month to complete 

Any firm interested in having a Microsoft Managed Security Solutions Provider Partner workshop conducted can contact Jim Lacey