Case study

Azure Sentinel – Poštanska Štedionica

1. Challenges

 

The client was dealing with huge amounts of data on a daily basis. With limited SecOps experience and technical resources, complex operational requirements, and complex detection and reporting needs — they needed a capable team that could provide a customized solution that ensured compliance with strict industry regulations. They also needed to develop, implement, and transition to this new solution under strict deadlines. The organisation had limited capabilities for monitoring and responding to cyber security incidents, leaving them in a purely reactive position. Coupled with under-optimised tools and security systems, they were increasingly overwhelmed by a vast mix true- and false-positive alerts, with only those of utmost severity were recognised or responded to. Given the increasingly urgent need to improve security, and the limitations of internal capabilities, outsourcing of detection and response to security incidents was identified as essential.

 

The company was looking for a service provider to assist with the deployment of a SIEM/SOAR system based on Microsoft Sentinel and to leverage the business value of the solution.

To demonstrate the performance potential of Microsoft Sentinel to our client, it was necessary to:

• Assess the capabilities of Microsoft Sentinel as a holistic

SIEM/SOAR system

• Reconfigure the current Microsoft Sentinel setup with

maximum efficiency

• Automate routine processes, such as incident reporting

and investigation, utilizing the model powered by

machine learning

• Centralize signals from multiple enterprise systems

under a single console

The goal: to significantly reduce cyber risk through long-term improvement of their security environment.

2. Our solution

 

Comtrade SIA team worked closely with BPŠ IT team on this project, which enabled us to deploy the latest SIEM and SOAR technology. We performed a full investigation of the client’s IT landscape, Process and Data flows, including customizations and alerts. By understanding the client’s requirements and the elements they wanted to stay consistent with improved capabilities.

Comtrade SIA chose to deploy Microsoft Sentinel, one of the world’s first cloud-native SIEM and SOAR systems. The solution delivered included not just Microsoft recommended best practices but evolved versions of various security policies, aligned to stringent government security guidelines.

Our team activated, customized, also created new, Analytics Rules:

– Set up an analytical rule to identify cases of successful logins from IP addresses that tried to exploit blocked or disabled user accounts.

– Set up an automated rule for Microsoft Sentinel to detect users forwarding multiple emails to the same external SMTP address.

– Configured Analytic Rule to monitor Domain Controllers and alert if some anomaly occurs.

– Created Playbook to notify, by email, appropriate persons when some incident triggered.

– Additional custom development was required to create Analytics Rules, Playbooks, and Workbooks that integrated with client’s network devices.

 

Even while the full deployment was in progress, the client team was impressed with how fast we got the system got it up and running.

Advantages of using Microsoft Sentinel

– Offers Seamless Data Integration

– Makes Threat Protection Smarter and Faster

– Meets the Needs of both IT and Management Teams

– Offers Better Value for Time and Money

– Data aggregation – all security data from entire your environment in a single-pane-of-glace

– Big number of predefined data connector to easy connect your sources

– Centralized control – means you do not need to buy any additional infrastructure

– Easier use and utilization of automation

– Big number of built-in queries for proactive hunting of threats

3. About the client

Striving to achieve top results in all segments of the business, the Bank continuously and successfully achieves its goals of strengthening financial potential, successfully performing payments and improving business cooperation with shareholders. It is also actively working to innovator and design the offer of banking services according to the needs of clients. Modern information technologies and high-quality communication lines provide us with the basis for efficient operation and distribution of products and services using new distribution and communication channels rationally. Modern electronic payment operations and all banking services: dinar and foreign currency savings, current and foreign currency accounts, payment cards of domestic and major global brands, foreign currency transfers, credit lines for economy and population, issuance of guarantees, working with securities, are only part of the bank offer of Banka Poštanska Štedionica, a.d., Belgrade.

Client:
  • Poštanska Štedionica
Industry
  • Finance
Challenges:
  • Limitation with infrastructure capacity
  • Alert fatigue: SOCs see too many alerts from disconnected products Uncontrolled services
  • Repetitive manual processes
  • Complex and time-consuming investigation
  • Limitation with proactive threat hunting
Business benefits:
  • No infrastructure, no maintenance, no licenses, no upfront cost, auto-scale. Do not have to maintain anything on site - it is in the Cloud!
  • SOC teams can focus on the most important tasks - defending against threats to the organization.
  • Save time with automation. Use playbooks to rapidly response on incidents.
Technology:
  • Microsoft