Industrial Solutions Manufacturer
About the Customer:
Our client is one of the world leaders in providing cutting-edge solutions for industrial products. With a presence in over 30 countries, our client supports its customers from a broad range of industries with tailored, customized, and extensive expertise.
The client approached Infopulse with a request to synchronize and centralize its security initiatives. Establishing a Security Operations Center (SOC) was a primary objective and the best way to unify professional service, industry experts, and solid security management in one solution.
Since our client operates numerous branches that have different standards and processes, they stumbled upon the challenge of synchronizing cybersecurity standards/policies and gaining more visibility into security processes. After considering carefully the client’s needs, we advised Microsoft Sentinel (formerly Azure Sentinel) by Microsoft as the most relevant security platform in terms of its commercial and technical efficacy. It was a perfect fit because our client already had a Microsoft ecosystem that allowed for easier built-in integrations and reduced overhead costs.
In the course of 6 months, the Infopulse team implemented Microsoft Sentinel as a SIEM/SOAR platform to facilitate the client’s security operations.
During the onboarding stage, we conducted an in-depth security pre-assessment of the client’s infrastructure, business process, and users’ workflow to build a tailored SOC implementation roadmap.
3 Essential Elements of SOC
Before proceeding with the establishment of SOC, we defined and approved its key aspects with the client:
- A powerful technical platform: we chose Microsoft Sentinel as a SIEM/SOAR solution to ensure a high level of resilience of business-critical systems.
- Scope of service: we defined relevant use cases that had to be covered by the SOC service by identifying the core aspects of the client’s infrastructure.
- Assembling a team: under a shared responsibility model, we offered a team of industry experts with the fitting skillset for incident analysis, management, and recommendations.
The scope of establishing SOC included the following activities:
- Deployed a cloud-based Microsoft Sentinel solution to the company’s Azure environment
- Built a team of security experts to cover L1/L2 support
- Enabled a step-by-step onboarding to connect different regions to the platform, aligned with the internal reorganization project
- Configured log collection from cloud-based and on-premises systems, such as domain controllers, firewalls, and antiviruses; developed custom connectors
- Set up processes to enable continuous monitoring, rapid incident response, and escalation to the in-house team
- Developed a number of custom use cases in addition to built-in ones to cover specific threats relevant to the customer environment
- Initiated the development of a unified dashboard for real-time security monitoring
- Helped the client adopt the EDR system for better endpoint visibility and faster threat mitigation
- Automated the incident response process to reduce the alarm management pressure on the security team
Through the comprehensive security audit and SOC establishment, the client has gained visibility into its security posture and is now able to streamline its security strategy. The project brought the value of:
- A newly introduced proactive approach to cybersecurity
- Significantly reduced risk of data breaches and cyberattacks
- 500+ security incidents are detected and resolved on a monthly basis
- Mature security level regarding security operations
- Enabled 24/7 monitoring + vulnerability scanning across the client’s branches in Central Europe, Asia, and North and South America
- Provided extensive recommendations that allowed fine-tuning internal security policies and strengthening the protection of the company’s workloads
Since February 2021, Infopulse has continued to provide the SOC service and currently has the role of a trusted security advisor to the client.
Create an indestructible security posture by balding a SOC with a cloud SIEM/SOAR system.
We have received your request and will contact you back soon.