As a global technology consultancy we need quality security solutions to support our business. Implementing Security Operations Centre as a Service (SOCaaS) enabled us to rapidly fulfil our cyber security needs.
The challenge
Our obligations to our partners and customers make enhanced security monitoring, alerting, vulnerability management, and threat intelligence reporting a key part of our business. Our existing logging strategy provided performance and availability observability, with security requiring its own solution.
Our Head of Information Security (InfoSec) highlighted the need to implement and maintain a Security Operations Centre (SOC), however as many internal IT teams have experienced; resources and expert skills were needed to deliver quality at pace.
The approach
BJSS leveraged the expertise of our cyber experts to implement a Security Operations Centre as a Service (SOCaaS), fulfilling security requirements and centering our solution on Microsoft Sentinel and Defender.
The SOCaaS solution significantly enhanced our security posture:
- The management of 1,000 incidents a month, meeting the target threshold of 50 escalations
- Enhanced incident investigation capabilities, with the ability to provide detailed insights into attack scenarios, including user details, device IDs, IP addresses, and malicious email sources
- Effective and prompt identification and response to security incidents, ensuring that digital assets remain protected.
The solution
Multi-layer threat protection
We addressed the need to safeguard digital assets and effectively respond to incidents and threats:
- Endpoint security: Microsoft Defender for Endpoint uses machine learning and threat intelligence for real-time threat detection and response
- Email security: Microsoft Defender for Office 365 protects against phishing and malware
- Identity security: Microsoft Defender for Identity detects and prevents identity theft and suspicious behaviour
- Cloud security: Microsoft Defender for Cloud secures hybrid and multi-cloud environments
- AI-driven insights: AI-driven security recommendations and predictive analytics enhance our security posture
AI Ops integration
AI Ops leverages machine learning to automate data-driven tasks, providing insights for troubleshooting, capacity usage prediction, autoscaling, and application performance analysis. This proactive approach detects and addresses anomalous behaviours in virtual machines.
Threat hunting and data gathering
Advanced threat hunting enables us to inspect events and locate threat indicators. By analysing raw data from the last 30 days, we identify malicious entities and implement preventive measures.
A full security and incident management solution
Microsoft Sentinel's data collection from various sources allows the SOC to create complex rules and automation workflows. Using Kusto Query Language (KQL), we tailor analytic rules and conduct targeted threat hunts, automating incident investigations to determine non-malicious activity.
The project enabled us to successfully establish a robust SOC – enhancing our overall security capabilities and ensuring ongoing protection against evolving threats.