Managed Security based on Microsoft Security Stack

  • [Industry] High-Tech
  • [Employees] 9,300
  • [Duration] 4 months

Highlights

  • Managed Security according to the concept of a Security Operations Center (SOC)
  • Consolidation of security & compliance solutions
  • Prevention of shadow IT
  • IT security strategy also for collaboration with external parties (partners and customers)
  • Corporate-wide security concept for access to company data / protection of sensitive data
  • Securing access to company data also from unmanaged / privat devices
  • TCO & ROI analysis
  • License cost optimization and consolidation in an enterprise agreement with Microsoft

Challenges

Founded in the 1960s, "quality" has been a company principle from day one. As before, 75% of the products are developed and manufactured in Germany. However, in the high-tech electronics industry it is also important to have short distances to the customer. This is especially true for the department Service & Support. That is why the company, with its approximately 9,300 employees, is now represented in over 93 countries around the world.

 

“It is not only important to identify and limit risks for us in economic terms. This also applies to our IT systems”, explains the customer's management to us.

 

“Today and in the future, it is no longer just a matter of detecting and removing a virus or malware on a laptop. Increasingly complex and sophisticated malware and attacks must be detected and prevented in a holistic approach.” - This is how the CISO frames the key challenges for the new IT security solution.

 

This design principle was then also the benchmark for the new IT security strategy based on the Microsoft Security Stack. Among other things, a group-wide hub for all IT security aspects was introduced based on Microsoft Cloud App Security and the Microsoft 365 Security Center.

The backend for this is the Microsoft Securit Graph. The data and signals from the graph can be used to implement proactive triggers that prevent incidents before they even occur.

Example: If a user installs a "potentially unwanted application" (PUA)* on his laptop, he automatically receives a notice to use only programs from the company's software portal or to request new software via the help desk. This solution is implemented based on the combination of Defender for Endpoint "Unwanted Software Alerts" and Azure Logic apps.

* The potentially unwanted application (PUA) protection feature in Microsoft Defender for Endpoint can identify and block PUAs. This prevents unwanted applications from being downloaded and installed. These applications are not considered viruses, malware, or other types of threats, but may perform actions on endpoints that affect their performance or use.

 

Goals

Together with the customer, we worked out the strategy for a new and innovative IT security setup based on Microsoft solutions. In addition to the technical aspects such as the consolidation and restructuring of the grown IT system landscape, one of the main goals was to disrupt the daily work processes to a minimum. Shadow IT and increasingly complex attack scenarios were also a topic on our list.

 

Customer: “How can a migration take place without disrupting ongoing daily business?”

 

"We also can't control which devices and apps partners and customers use", was one of the concerns we worked out in the design sprint related to IT security.

 

Spotlights:

  • Integration of the customer's already established Zscaler solution with Microsoft cloud app security.
  • Semi-automated actions based on alerts in Microsoft Defender for Endpoint
  • Processes and workflows for the new IT security operation
  • Sanctioning of unwanted apps in Microsoft Cloud App Security and synchronization of these settings with Microsoft Defender for Endpoint
  • Replacing the current antivirus solution with Microsoft-Defender-for-Endpoint
  • Device Management including migration of AD-GPO's to Microsoft-Endpoint-Manager (Intune)
  • Migration from Microsoft-Advanced-Threat-Analytics (on-prem focus) to Microsoft-Defender-for-Identity
  • Prepare KQL queries for recurring scenarios

Linking the IT security solutions to the ticket system is one of the next steps in the project. This way, tickets will be created automatically when a threat is detected.

 

Benefits

Benefits

The IT security setup is no longer dependent on whether access is via the company firewall or a company laptop is used. The company now has control of the requirements for the modern working world and especially the challenges with HOME Office and mobile working. Solutions from various vendors have been consolidated into a holistic approach.

  • Alerts from Microsoft 365 Defender, Defender-for-Endpoint, Defender-for-Identity and Cloud App Security lead directly to action
  • End users are notified when there has been an incident on their device and are offered solutions and assistance directly and automatically
  • The SOC can work in detail and proactively and, if necessary, use the "Hunting" function to analyze in detail what has happened, how malware has spread in the company and what actions are needed to eliminate them

Nicki Borell - founder and the head behind the label Xperts at Work, co-founder of Experts Inside and partner of atwork GmbH Austria. As a team, we successfully implement IT and strategy projects in small and medium sized enterprises up to the large customer segment. Benefit from our expertise, our knowledge and our interdisciplinary skills that we bring together with strong partners in each of our projects.

Experts Inside AG

Founded in 2011 by four MVPs, Experts Inside is an international group of exclusive experts in Information Management, Collaboration, Enterprise Social and Productivity working on some of the largest brands and most cutting edge SharePoint , Office 365 and Azure projects across Europe.

Expertsinside | Reference Customers

atwork GmbH

atwork develops business solutions to meet the growing application of Internet technologies in business processes, including Microsoft Office 365 and Microsoft Azure. We specialize in consulting and developing lines of business apps, cloud computing workloads and web solutions. As a Microsoft Gold Certified partner since 1999, we offer our customers services and products at the highest level of quality.

atwork information technology gmbh | Reference Customers

AviloX GmbH

AviloX provides professional assistance to medium and large-sized companies who are looking to change towards a more modern way of working. Its recognized competencies not only cover change management but also organizational development, cultural change and human resources development to enable a modern approach to leadership and networked collaboration.

Avilox | Reference Customers

Stefan Bauer - N8D

Hello! My name is Stefan Bauer (@StfBauer) I work as a design-minded developer & information architect based in Vienna / Austria.

N8D

365 Akademie

Learning-as-a-Service: Jeden Monat liefern wir Ihnen kurze und prägnante Videos zu den neuesten Funktionen, sortiert nach Anwendungsgebieten und Use Cases! Wir helfen Ihnen dabei, produktiver mit Microsoft 365 zu arbeiten!

365 Akademie

workCEL - Dr. Claudia Eichler-Liebenow - Digital Workplace Coach

Beratung und Coaching für Social Intranet, Digital Workplace, O365, Office 365, Valo Intranet, Projektmanagement, workCEL, Dr. Claudia Eichler-Liebenow, xperts at work

workCEL - Dr. Claudia Eichler-Liebenow - Digital Workplace Coach

Luise Freese - digital Workplace Consultant | Sketchnote Artist

Luise Freese arbeitet als selbständige Office 365 Consultant im Bereich Strategie, Change Management sowie User Adoption und ist Microsoft MVP für Office Apps and Services.

www.raeuberleiterin.de