IT security at the highest level

Brief summary_

The project involved implementing a SOC service that protects infrastructure and users from cyber threats. The system continuously monitors incidents, classifying them based on the level of threat (low, medium, high). The solution was based on Microsoft Sentinel. 

 

 

Client_

A small company delivering modern renewable energy technologies, such as photovoltaic panels and heat pumps, known for high quality, security, and reliability. 

 

 

Challenge_

The client was looking for comprehensive protection against cyber threats to ensure business continuity and the highest level of security. 

 

 

Business goals_

The implementation of the Security Operations Center (SOC) service aimed to achieve the following:

• Continuous security monitoring – constant oversight of the IT infrastructure to enable rapid detection and mitigation of threats.

• More effective incident detection – implementation of a SIEM system to efficiently identify potential threats.

• Faster incident response – automation and streamlining of response processes to minimize losses and ensure swift recovery of systems.

• Prevention of future attacks – threat analysis and deployment of appropriate protective measures to reduce the risk of recurring incidents.

 

Solution_

The Microsoft Sentinel applied here is a scalable, cloud-based platform for security information and event management (SIEM) and for threat automation and response (SOAR). Sentinel enables the detection, investigation, and response to cyber threats across the enterprise. 

The main features of Microsoft Sentinel include: 

1. Large-scale data collection: Integration with various data sources, both on-premises and cloud-based, including Microsoft products. 
2. Threat detection: Using advanced analytics and artificial intelligence to detect threats and minimize false alarms. 
3. Threat investigation: Leveraging AI to investigate threats and hunt for suspicious activities. 
4. Incident response: Rapid response to incidents with built-in automation and task orchestration. 

 

Additionally, Microsoft Sentinel offers a wide range of data connectors for integration with various data sources. 

 

 

Solution architecture and key components_

• Microsoft Defender XDR
• Microsoft Defender for Endpoints
• Microsoft Defender for Identity
• Microsoft Defender for Apps
• Microsoft Defender for Office 365

 

 

Used frameworks and tools_

• Microsoft Sentinel
• Microsoft Defender XDR 

 

 

Benefits of the solution_

Microsoft Sentinel is a comprehensive SIEM/SOAR solution, natively built in the cloud, providing continuous security monitoring for the organization. With advanced automation and the use of machine learning, it detects threats faster and more effectively than traditional systems. 

The implementation of the SOC based on Microsoft Sentinel allowed our client to increase the level of protection, strengthen resilience against cyberattacks, and streamline security incident management. 

 

 

Key numbers_

• On average, 150 tickets per month, with 50% related to SOC. 
• Approximately 45 users in the company. 
• An environment consisting of 16 servers and 7 network devices. 
• 100% coverage of devices and systems with monitoring services. 

 

 

Summary_

The implementation of the SOC service ensures continuous monitoring of the infrastructure and immediate response to security incidents. In the case of more complex events, decisions are consulted with key individuals using the ITSM communication system AtmoLight, which eliminates the risk of misunderstandings. 

Additionally, detailed reports are prepared each month regarding the number and nature of incidents, enabling ongoing threat analysis and further optimization of security measures.