By using this web site you accept our use of cookies. More information about cookies
Accept
Infopulse - Expert Software Engineering, Infrastructure Management Services
By using this web site you accept our use of cookies. More information about cookies
Accept
Infopulse - Expert Software Engineering, Infrastructure Management Services
Infopulse - Expert Software Engineering, Infrastructure Management Services
reCAPTCHA

    Send message Please fill in this quick form and we will send you a free quote shortly.
    * Required fields
    Your privacy is important to us. We will never share your data.

      Subscribe to our updates Be among the first to get exclusive content on IT insights, innovations, and best practices.
      * Required fields
      Your privacy is important to us. We will never share your data.

        Subscribe to our New career opportunities Please fill in this quick form to be among the first to receive our updates.
        * Required fields
        Your privacy is important to us. We will never share your data.
        reCAPTCHA
        * Required fields
        Your privacy is important to us. We will never share your data.
        

          Photo of Ivan Musiienko Send an email to Ivan Musiienko Please fill in this quick form to contact our expert directly.
          * Required fields
          Your privacy is important to us. We will never share your data.

            Download ebook Please fill in this quick form
            * Required fields
            Your privacy is important to us. We will never share your data.

              Read the Full Case Study Don't miss the most interesting part of the story!
              Submit this quick form to see the rest and to freely access all case studies on our website.
              * Required fields
              Your privacy is important to us. We will never share your data.
              Infopulse - Expert Software Engineering, Infrastructure Management Services

              Assessing Azure Sentinel Capabilities for a Major Agricultural Company

              Leveraging cybersecurity automation to test the cloud-native security system

              Client: European leader in agriculture
              Industry: Agriculture
              Location: Ukraine
              Size: 14,000+ employees

              Client Background

              Our client is one of the leaders in the European agricultural sector. They have a diverse network of fields, processing, and storage premises that enable the continuous supply of high-quality produce to 80 countries worldwide.

              Business Challenge

              As part of the global digitization strategy, our client aimed to enhance the already existing cybersecurity landscape. The company was looking for a service provider to assist with the deployment of a SIEM/SOAR system based on Azure Sentinel and to leverage the business value of the solution.

              To demonstrate the performance potential of Azure Sentinel to our client, it was necessary to:

              • Assess the capabilities of Azure Sentinel as a holistic SIEM/SOAR system
              • Reconfigure the current Azure Sentinel setup with maximum efficiency
              • Automate routine processes, such as incident reporting and investigation, utilizing the model powered by machine learning
              • Centralize signals from multiple enterprise systems under a single console
              • Ensure Azure Sentinel integration with an ITSM system, business applications, etc.

              Solution

              After assessing the existing IT perimeter, our experts developed the high-level architecture and implementation strategy of the solution. To validate the Azure Sentinel capabilities, Infopulse created and executed four SIEM/SOAR test cases:

              1. Detecting potential threats while using Microsoft Teams:
                • Infopulse experts configured a set of analytical rules to monitor suspicious activity within the app, such as adding external users from anomalous organizations to a team or deleting multiple teams by a single user.
                • Set up extensive data parsing and log collection via Logic Apps and Office 365 Management Activity API.
                • Utilized interactive charts to visualize Microsoft Teams users’ interaction with external users.
              2. Identifying corporate data leakage via emails:
                • Set up an automated rule for Azure Sentinel to detect users forwarding multiple emails to the same external SMTP address.
                • Developed an algorithm for scenario testing.
              3. Rejecting potentially harmful files when they are uploaded to the corporate cloud storage:
                • Configured an analytical rule to detect the uploading of potentially harmful executable files to common folders in SharePoint and OneDrive.
                • Developed an algorithm for scenario testing.
                • Confirmed successful rule execution with a simulated cyber threat.
              4. Identifying potentially compromised accounts:
                • Set up an analytical rule to identify cases of successful logins from IP addresses that tried to exploit blocked or disabled user accounts.
                • Verified incident alerts according to the configured rule with a test scenario.

              Assessing Azure Sentinel Capabilities for a Major Agricultural Company - Infopulse - 1

              Technologies

              • Azure Sentinel
              • Power BI
              • Office 365 Management Activity API
              • Microsoft Teams
              • Logic Apps
              • Microsoft Defender 365

              Business Value

              Test scenarios demonstrated the advantages and capabilities of Azure Sentinel as a cloud-native (SaaS) security system with a process automation functionality. Upon their successful execution, Infopulse provided our client with extensive recommendations on the further development of the cybersecurity system based on Azure Sentinel according to the current and future business demands.

              Validating Azure Sentinel capabilities provided our client with the following tangible benefits:

              • Automated cybersecurity rules for the selected test cases that allow minimizing the human factor.
              • Successful integration of Azure Sentinel with Exchange, SharePoint, Teams, and other solutions such as Microsoft Threat Protection and firewalls.
              • Automated report generation via Azure Sentinel and Power BI.
              • The roadmap for the further implementation of Azure Sentinel with extended integration into the company’s IT infrastructure.
              • Estimated the reduced license costs for Azure Sentinel as a single SIEM & SOAR system.
              • A series of Q&A and learning sessions for the company’s security experts.

              Satisfied with the results of the test cases, the Infopulse client now plans on the further implementation of Azure Sentinel.

              Download Case Study in PDF format