A Midlands based council hosted their own on-premises datacentre, as well as subscribing to a number of SaaS business applications, such as Microsoft 365. Managing security across the number of on-premises servers, networks and cloud-based apps was proving difficult with multiple management platforms and the wide threat landscape. The client wanted to test out some of Microsoft’s Threat Protection services to see if they could help to address this issue.
risual worked with the council to perform a security Proof of Concept (POC) to improve Cloud security posture and hybrid workload protection, security, information and event management and security orchestration automated response.
risual performed a combined quickstart to implement these services and demonstrate their value.
The quickstart involved:
Week 1: Overview and demo of Microsoft Threat Protection
Week 2: Design and configuration of Azure Sentinel and Azure Defender, onboarding a selection of Azure services, on-prem workloads and SaaS
Week 3-4: Allow the services to build up information gathered from the connected systems
Week 5: Threat analysis of incidents
Week 6: Playback of analysis and recommendations
Microsoft’s Threat Protection services include:
- Azure Security Center: Cloud Security Posture Management (CPSM)
- Azure Defender: Cloud Workload Protection Platform (CWPP)
- Azure Sentinel: Security, Information and Event Management (SIEM) and Security Orchestration Automated Response (SOAR)
The county council have seen several benefits to the improvement of its security including:
- The capability to manage security events from hybrid workloads in a single management platform enables deeper insight to security incidents.
- A centralised view of its security posture against security baselines including the UK Official and NHS compliance controls.
- Azure Defender provided extended detection and response (XDR) capabilities to its on-prem servers and cloud services like web apps, storage, and Azure SQL databases.
- The threat analysis and recommendations provided them with a clear path to make further improvements and increase the overall security available.
Following a successful engagement, the council are keen to expand the Azure Sentinel capability to all of its on-prem servers.
Now they are familiar with the tools and have been provided extra guidance from risual, they will be able to refine the analytics rules to reduce “alert fatigue” and even automate the response to common threats.
The client added “This engagement really helped to identify the value in these services”.
If you wish to kick start your next project with risual please contact us on 0300 303 2044 or email at firstname.lastname@example.org.