Leveraging Microsoft Sentinel with Custom Test Cases

Consulting a Major Agricultural Company on Microsoft Sentinel Capabilities to Secure IT Infrastructure

European Leader in Agriculture

Location:

Ukraine

Industry:

Agriculture

Employees:

14,000+ employees

About the Customer:

Our client is one of the leaders in the European agricultural sector. They have a diverse network of fields, processing, and storage premises that enable the continuous supply of high-quality produce to 80 countries worldwide.

Business Challenge

Our client aimed to enhance their cybersecurity landscape. The company was already using a legacy security solution to monitor own security perimeter. However, due to infrastructure changes and migration to the cloud, this legacy solution could not provide the relevant level of defense. Thus, the company was looking for a service provider to assist with the deployment of a modern SIEM (Security information and event management) & SOAR (Security Orchestration, Automation, and Response) system.      

Upon considering the ups and downs of various security platforms, Infopulse offered to implement such a system on basis of Microsoft Sentinel (formerly Azure Sentinel) based on our client requirements and business needs. As an official long-term Microsoft partner with Azure Expert MSP status, and dedicated expertise in cybersecurity solutions, Infopulse had the exact practical experience required by our client to implement such a project. Besides, Infopulse has previously implemented Microsoft Sentinel as an important part of Infopulse's own defense perimeter after conducting extensive testing and considering all its benefits.  

To demonstrate the Security monitoring and detection capabilities of Microsoft Sentinel to our client, it was necessary to:

  • Assess the capabilities of Microsoft Sentinel as a holistic SIEM/SOAR system
  • Reconfigure the current Microsoft Sentinel setup with maximum efficiency
  • Automate routine processes, such as incident reporting and investigation, utilizing the model powered by machine learning
  • Centralize signals from multiple enterprise systems under a single console
  • Ensure Microsoft Sentinel integration with an ITSM (IT Service Management) system, business applications, etc.
Assessing Microsoft Sentinel Capabilities for a Major Agricultural Company - case study image

Solution

After assessing the existing IT perimeter, Infopulse experts conducted a preliminary analysis and proposed the architecture of the new modern SIEM/SOAR solution. Upon confirming our proposition with the client, we developed the high-level architecture and implementation strategy of the solution.To validate the Microsoft Sentinel capabilities, Infopulse created and executed four SIEM/SOAR test cases:

  • Identifying potentially compromised accounts.
  • Identifying corporate data leakage via emails.
  • Detecting potential threats while using Microsoft Teams.
  • Rejecting potentially harmful files when they are uploaded to the corporate cloud storage.

Business Value

Since Microsoft Sentinel was working in parallel with the existing system, we could show its drastic advantages over the legacy solution used by the client. Test scenarios performed by Infopulse demonstrated the advantages and capabilities of Sentinel as a cloud-native (SaaS) security system with process automation functionality. Upon successful execution of the test scenarios, Infopulse security professionals provided our client with extensive recommendations on the further development of the cybersecurity system based on Microsoft Sentinel according to the current and future business demands.

Infopulse validated Microsoft Sentinel capabilities for our client with the following tangible benefits:

  • Automated cybersecurity rules for selected test cases, minimizing the human factor and resulting in a faster and higher quality of IT security operations.
  • Seamless integration of Microsoft Sentinel with Exchange, SharePoint, Teams, and other solutions, such as Microsoft Threat Protection and firewalls, ensuring better integrity and reducing IT security risks.
  • Automated report generation via Microsoft Sentinel and Power BI provides better visibility into IT security operations and faster decision-making for potential critical incidents.
  • A roadmap for further implementation of Microsoft Sentinel with extended integration into the company's IT infrastructure to reduce IT security risks and strengthen customer trust.
  • Reduced licensing costs for Microsoft Sentinel as a single SIEM & SOAR system, improving overall financial footprint.
  • A series of Q&A and learning sessions for the company's security experts, building a foundation for dedicated IT security staff readiness.

Satisfied with the results of the test cases performed by Infopulse and the numerous benefits brought by Microsoft Sentinel in comparison to their legacy system, the client of Infopulse now plans on the further implementation of Microsoft Sentinel.

Technologies

Microsoft Defender 365 logo
Microsoft Defender 365
Microsoft Teams logo
Microsoft Teams
Microsoft Power BI logo
Microsoft Power BI
Azure Sentinel logo
Microsoft Sentinel
Office 365 logo
Office 365
Azure Logic Apps
Azure Logic Apps
and many others

Related Services

We have a solution to your needs. Just send us a message, and our experts will follow up with you asap.

Please specify your request

Thank you!

We have received your request and will contact you back soon.