Consulting a Major Agricultural Company on Microsoft Sentinel Capabilities to Secure IT Infrastructure
Leveraging cybersecurity automation to test the cloud-native security system
Purposeful digital tech for businesses
About the Client
Our client is one of the leaders in the European agricultural sector. They have a diverse network of fields, processing, and storage premises that enable the continuous supply of high-quality produce to 80 countries worldwide.
- Location: Ukraine
- Industry: Agriculture
- Employees: 14,000+ employees
Business Challenge
Our client aimed to enhance their cybersecurity landscape. The company was already using a legacy security solution to monitor own security perimeter. However, due to infrastructure changes and migration to the cloud, this legacy solution could not provide the relevant level of defense. Thus, the company was looking for a service provider to assist with the deployment of a modern SIEM (Security information and event management) & SOAR (Security Orchestration, Automation, and Response) system.
Upon considering the ups and downs of various security platforms, we offered to implement such a system on basis of Microsoft Sentinel (formerly Azure Sentinel) based on our client requirements and business needs. As an official long-term Microsoft partner with Azure Expert MSP status, and dedicated expertise in cybersecurity solutions, Infopulse (now part of Tietoevry Create) had the exact practical experience required by our client to implement such a project. Besides, we have previously implemented Microsoft Sentinel as an important part own defense perimeter after conducting extensive testing and considering all its benefits.
To demonstrate the Security monitoring and detection capabilities of Microsoft Sentinel to our client, it was necessary to:
- Assess the capabilities of Microsoft Sentinel as a holistic SIEM/SOAR system
- Reconfigure the current Microsoft Sentinel setup with maximum efficiency
- Automate routine processes, such as incident reporting and investigation, utilizing the model powered by machine learning
- Centralize signals from multiple enterprise systems under a single console
- Ensure Microsoft Sentinel integration with an ITSM (IT Service Management) system, business applications, etc.
Solution
After assessing the existing IT perimeter, our experts conducted a preliminary analysis and proposed the architecture of the new modern SIEM/SOAR solution. Upon confirming our proposition with the client, we developed the high-level architecture and implementation strategy of the solution.To validate the Microsoft Sentinel capabilities, we created and executed four SIEM/SOAR test cases:
- Identifying potentially compromised accounts:
- Set up an analytical rule to identify cases of successful logins from IP addresses that tried to exploit blocked or disabled user accounts.
- Verified incident alerts according to the configured rule with a test scenario.
- Identifying corporate data leakage via emails:
- Set up an automated rule for Microsoft Sentinel to detect users forwarding multiple emails to the same external SMTP address.
- Developed an algorithm for scenario testing.
- Detecting potential threats while using Microsoft Teams:
- Our experts configured a set of analytical rules to monitor suspicious activity within the app, such as adding external users from anomalous organizations to a team or deleting multiple teams by a single user.
- Set up extensive data parsing and log collection via Logic Apps and Office 365 Management Activity API.
- Utilized interactive charts to visualize Microsoft Teams users’ interaction with external users.
- Rejecting potentially harmful files when they are uploaded to the corporate cloud storage:
- Configured an analytical rule to detect the uploading of potentially harmful executable files to common folders in SharePoint and OneDrive.
- Developed an algorithm for scenario testing.
- Confirmed successful rule execution with a simulated cyber threat.
Technologies
- Microsoft Sentinel
- Office 365 Management Activity API
- Logic Apps
- Power BI
- Microsoft Defender 365
- Microsoft Teams
Business Value
Since Microsoft Sentinel was working in parallel with the existing system, we could show its drastic advantages over the legacy solution used by the client. Test scenarios demonstrated the advantages and capabilities of Sentinel as a cloud-native (SaaS) security system with process automation functionality. Upon successful execution of the test scenarios, our security professionals provided our client with extensive recommendations on the further development of the cybersecurity system based on Microsoft Sentinel according to the current and future business demands.
We validated Microsoft Sentinel capabilities for our client with the following tangible benefits:
- Automated cybersecurity rules for selected test cases, minimizing the human factor and resulting in a faster and higher quality of IT security operations.
- Seamless integration of Microsoft Sentinel with Exchange, SharePoint, Teams, and other solutions, such as Microsoft Threat Protection and firewalls, ensuring better integrity and reducing IT security risks.
- Automated report generation via Microsoft Sentinel and Power BI provides better visibility into IT security operations and faster decision-making for potential critical incidents.
- A roadmap for further implementation of Microsoft Sentinel with extended integration into the company's IT infrastructure to reduce IT security risks and strengthen customer trust.
- Reduced licensing costs for Microsoft Sentinel as a single SIEM & SOAR system, improving overall financial footprint.
- A series of Q&A and learning sessions for the company's security experts, building a foundation for dedicated IT security staff readiness.
Satisfied with the results of the test cases and the numerous benefits brought by Microsoft Sentinel in comparison to their legacy system, our client now plans on the further implementation of Microsoft Sentinel.