Assessing Azure Sentinel Capabilities for a Major Agricultural Company

agricultural-company-logo

Location:

Ukraine

Industry:

Agriculture

Employees:

14,000+ employees

About the Customer:

Our client is one of the leaders in the European agricultural sector. They have a diverse network of fields, processing, and storage premises that enable the continuous supply of high-quality produce to 80 countries worldwide.

Business Challenge

As part of the global digitization strategy, our client aimed to enhance the already existing cybersecurity landscape. The company was looking for a service provider to assist with the deployment of a SIEM/SOAR system based on Azure Sentinel and to leverage the business value of the solution.

To demonstrate the performance potential of Azure Sentinel to our client, it was necessary to:

  • Assess the capabilities of Azure Sentinel as a holistic SIEM/SOAR system
  • Reconfigure the current Azure Sentinel setup with maximum efficiency
  • Automate routine processes, such as incident reporting and investigation, utilizing the model powered by machine learning
  • Centralize signals from multiple enterprise systems under a single console
  • Ensure Azure Sentinel integration with an ITSM system, business applications, etc.
Assessing Azure Sentinel Capabilities for a Major Agricultural Company - case study image

Solution

After assessing the existing IT perimeter, our experts developed the high-level architecture and implementation strategy of the solution. To validate the Azure Sentinel capabilities, Infopulse created and executed four SIEM/SOAR test cases:

  • Detecting potential threats while using Microsoft Teams:
    • Infopulse experts configured a set of analytical rules to monitor suspicious activity within the app, such as adding external users from anomalous organizations to a team or deleting multiple teams by a single user.
    • Set up extensive data parsing and log collection via Logic Apps and Office 365 Management Activity API.
    • Utilized interactive charts to visualize Microsoft Teams users’ interaction with external users.
  • Identifying corporate data leakage via emails:
    • Set up an automated rule for Azure Sentinel to detect users forwarding multiple emails to the same external SMTP address.
    • Developed an algorithm for scenario testing.
  • Rejecting potentially harmful files when they are uploaded to the corporate cloud storage:
    • Configured an analytical rule to detect the uploading of potentially harmful executable files to common folders in SharePoint and OneDrive.
    • Developed an algorithm for scenario testing.
    • Confirmed successful rule execution with a simulated cyber threat.
  • Identifying potentially compromised accounts:
    • Set up an analytical rule to identify cases of successful logins from IP addresses that tried to exploit blocked or disabled user accounts.
    • Verified incident alerts according to the configured rule with a test scenario.
Assessing Azure Sentinel Capabilities for a Major Agricultural Company - case study scheme

Business Value

Test scenarios demonstrated the advantages and capabilities of Azure Sentinel as a cloud-native (SaaS) security system with a process automation functionality. Upon their successful execution, Infopulse provided our client with extensive recommendations on the further development of the cybersecurity system based on Azure Sentinel according to the current and future business demands.

Validating Azure Sentinel capabilities provided our client with the following tangible benefits:

  • Automated cybersecurity rules for the selected test cases that allow minimizing the human factor.
  • Successful integration of Azure Sentinel with Exchange, SharePoint, Teams, and other solutions such as Microsoft Threat Protection and firewalls.
  • Automated report generation via Azure Sentinel and Power BI.
  • The roadmap for the further implementation of Azure Sentinel with extended integration into the company’s IT infrastructure.
  • Estimated the reduced license costs for Azure Sentinel as a single SIEM & SOAR system.
  • A series of Q&A and learning sessions for the company’s security experts.

Satisfied with the results of the test cases, the Infopulse client now plans on the further implementation of Azure Sentinel.

Technologies

Microsoft Defender 365 logo
Microsoft Defender 365
Microsoft Teams logo
Microsoft Teams
Microsoft Power BI logo
Microsoft Power BI
Azure Sentinel logo
Azure Sentinel
Office 365 logo
Office 365
and many others

Related Services

We have a solution to your needs. Just send us a message, and our experts will follow up with you asap.

Please specify your request

Thank you!

We have received your request and will contact you back soon.