A leading US-based tech SaaS Unicorn wanted to manage and improve their security posture. The customer was facing several problems and had specific business needs and pain points.
Key challenges:
They had invested heavily in Microsoft suite tools such as Sentinel, Defender, Azure, and ATP but were unable to optimize their usage. Additionally, they lacked security talent to configure the tools and security policies, and monitor and respond to events. As a fast-paced business, they struggled to scale up their security infrastructure and operations. Moreover, dealing with a large amount of sensitive data made them highly prone to cyber-attacks.
Solutions applied:
To address these challenges, several solutions were implemented. The data sources were optimized, and the various security solutions in place were fine-tuned. The customer received 24/7 security monitoring and incident response services for their extensive log volume exceeding 1TB. Alert rules were refined, KQL search queries were applied, and support was provided to reduce the number of false positives. An end-to-end incident response workflow was documented, leading to improved incident response time. Tabletop exercises were conducted to simulate different incident scenarios and develop preventive and corrective measures across functions. Security governance was established, and an executive-level dashboard for security was published.
Benefits:
- Optimized security posture and increased coverage based on MITRE ATT@CK
- Significantly reduced the load of data on resources (S/W, H/W and Humans), ultimately saving license cost.
- Improved time to triage from few hours to less than 30 minutes.
- Developing the Internal team's skills by working with them in the incident response process.
- Refined 30+ rules for enhanced detection and prevention capabilities
- Automated playbooks for faster automated response.
