The client is a major distributor of industrial supplies and is situated in multiple locations across the United States.
The client was interested in scaling security operations in the company’s subsidiaries, and approached CyberProof for help both in developing a next-generation Security Operations Center (SOC) and for assistance with rolling out an enterprise-wide Incident Response (IR) framework designed to shorten time to response and reduce total cost of ownership. In preparing for the roll-out of the enterprise-wide IR framework, the client’s team expressed concern about staffing, running, and tuning an in-house SIEM. They felt that outsourcing these aspects of the implementation process would alleviate pressure on the security team.
In addition, the team faced the following challenges:
- Establishing an effective onboarding process for security data feeds from the client’s operating companies, subsidiaries, and distributed events
- Sustaining 24×7 coverage of security operations
- Developing “digital playbooks” and comprehensive SLA, compliance dashboards and reporting
The team sought a platform that would function as a “single pane of glass” for all the various technologies they use.
- Fewer false positives with a SIEM system that is fully functional and reduces noise.
- Increased automation of many SOC processes, including the prioritization of alerts by severity and SLA level and proactively querying external sources.
- Greater operational efficiency by integrating multiple tools in a single pane of glass.
- Event data enrichment and insights with SeeMo, our virtual analyst, providing additional context and facilitating faster, more effective prioritization of alerts.
The client decided to aggressively move its infrastructure from on-premises to the cloud, and as an existing Microsoft Azure client, viewed Microsoft Azure as the provider of choice for IaaS and PaaS services. For these reasons, it was important to provide a solution for the client’s new, next-gen SOC that would be fully integrated with Microsoft’s native cloud SIEM solution, Azure Sentinel.
Azure Sentinel is pre-integrated with the CyberProof Defense Center (CDC), so clients can use the cloud-scalable orchestration security operations platform for intruder hunting including automated detection, incident response, and recovery – improving cyber resilience while lowering costs.
CyberProof set up the Azure Sentinel environment aligned to Microsoft’s recommended best practices and methodologies – providing expert advice and support in setting up a robust security monitoring solution, including:
- Enabling and setting up the Azure Sentinel workspace
- Connecting cloud and on-premises data sources
- Configuring use cases and customized playbooks
- Tailoring dashboards and personalized reports
Furthermore, CyberProof’s security team is able to take advantage of the Microsoft Intelligence Security Graph, which helps to dramatically reduce incident dwell time.
CyberProof’s deployment for this client is one of the first commercial deployments of the Microsoft Azure Sentinel SIEM to be sold as part of a managed service.
CyberProof’s deployment of a new, next-generation SOC facilitates effective detection and response, drives operational efficiency, and dramatically reduces the cost and time required to respond to security threats – thereby minimizing the potential business impact of a cyber attack.
By automating some of the SOC’s tier 1 & 2 activities, SeeMo helps reduce false positives and shrink dwell time, i.e., the period beginning when a threat actor has undetected access to a network and ending when a threat is completely removed.