Go Back Up

go back

Empowering security operations to identify critical threats

Challenge

An education organisation required a unified security ecosystem that detects, responds to, and recovers from cyber threats – fast, to prevent attacks from damaging the business.

They needed visibility into an increasingly complex IT estate to securely monitor every endpoint across 15,000 devices in 160 countries, delivering a unified endpoint management and security platform.

The majority of toolsets that the client was using were configured ‘out of the box’ without any customisation or line of sight that linked the products together. With these tools not being activity monitored or reviewed, this left alerts open for weeks.

A security breach is inevitable and often starts with a successful phishing attempt against an unsuspecting employee. Once the attackers gain access to that employee’s credentials, they can remain hidden in an organisation’s infrastructure for weeks, maybe months - watching, waiting, and learning.

 

Solution

The project kicked off with an analysis of the client's existing Microsoft technology estate against the perceived cyber security risk posture in order to provide the client with a view of the current landscape and establish a roadmap of activities to address their current security risks by utilising the Microsoft product set. 

When applied appropriately, Microsoft 365 and Azure enterprise threat protection products share security signals and correlate alerts across all products into an attack timeline, and automate many aspects of the investigation and remediation processes.

Impact

1. The programme used operational workflows to deliver security orchestration and remediation (SOAR) capabilities. This allowed a sequence of tasks to be executed without human intervention, using Machine Learning to streamline incident response processes by automating time-consuming, manual tasks whilst eliminating gaps inherent with standalone solutions, in the most demanding IT environments. As a result, the client's teams are free to focus on more complex and interesting security challenges. 

2. Working through the roadmap, we implemented a fully configured environment capable of monitoring and reacting to threats and breaches from outside, reducing the residual risk to the organisation. Through capitalising on opportunities to optimise the environment, our client was able to maximise and streamline the usage of their Microsoft licencing estate.

3. We provided the client with a holistic view of their current threat landscape to address their current security risks by continually expanding upon and harnessing the full extent of the Microsoft Enterprise Security and Mobility suite they have invested in. The enterprise threat protection products we have implemented share complex security signals and correlate alerts across all products into an attack timeline and automate many aspects of the investigation and remediation processes.