Security Operations Centre Cybersecurity. Microsoft Sentinel SOC Customer Case Study

securityoperationscentre

South Africa, Jul 24, 2024

The Fourth Industrial Revolution (4IR) and the upsurge in digital transformation, have made hybrid working a reality for many employees. Now, cybersecurity is undergoing a revolution of its own.

Anti-malware solutions, firewalls, up-to-date operating systems, and dedicated cyber expertise won’t be enough when it comes to cybersecurity.

The current operating environment is characterised by a dispersed workforce. Moreover, there are ever-evolving tactics used by threat actors and a relentless bombardment of alerts.  IT companies must sift through massive amounts of log data daily. Cybersecurity teams are stretched thin. It's difficult to identify and respond to actual threats, quickly and effectively.

This is where Security Operations Centres (SOCs) come in, providing organisations with a centralised location through which IT security teams can monitor, detect, analyse and respond to cybersecurity incidents .

A leading South African connectivity, innovation and intelligent technology company was quick to recognise the value of a robust cyber security solution. They partnered with Logicalis South Africa, to leverage its expertise and Microsoft Sentinel 24x7 SOC Managed Service, underpinned by the Microsoft Azure Sentinel platform.

 

Image

 

Azure Sentinel is both a Security Information and Event Management (SIEM) as well as a Security Orchestration and Automated Response (SOAR) system within Microsoft’s public cloud platform. By tapping into the cloud and artificial intelligence technologies, companies employing Azure Sentinel get a birds-eye view of cyber risks - across their entire business - and can respond to cyber threats faster and more efficiently.

Moreover, organisations can eliminate security infrastructure setup and maintenance and can scale to meet their security needs - as and when required.

 Morné Laubscher, Chief Technology Officer at Logicalis SA explains:

"This improves convenience for businesses.  It's a seamless cyber security risk management process and, when compared to traditional SIEMs, is much more cost-effective,” 

According to the Logicalis SOC customer:

 “Where most cybersecurity systems focus on prevention, we’ve made this investment to strengthen our detection and response capabilities. This presents us with a much more balanced cyber threat defence system, that will enable our company offices located across the multinational operating footprint of this SOC to more swiftly and effectively detect as well as analyse anomalous security incidents, events and potential intrusions –all in real-time.

It will also enable us to enhance the proactive containment of security breach events, which is invaluable in mitigating against developing risks. In addition, we look forward to the access to historical reporting and information on security trends to ensure we keep abreast of all developments and remain responsive to these trends.”

Elaborating on the cost and value benefits, Laubscher adds that

“The Logicalis Security Operations Centre Service” also lowers operating costs versus an in-house SOC. In addition, with Logicalis South Africa being ISO 27001 certified, this significantly reduces compliance complexities and provides us with the confidence of knowing a robust security system is automatically maintained. 

The added value is that this assurance and support, provides us with more time to focus on driving operational efficiencies and accelerating our business growth.”

The deployment of the Logicalis SOC Service, which commenced in December 2021, went live in mid-April 2022. The customer’s SOC service is managed from the Logicalis South Africa SOC situated in Johannesburg and currently collects around 267.3 million events per day (around 180GB per day), with approximately 25 to 35 medium- to high alerts triggered daily, and 1 to 5 medium- to high incidents created from alerts daily.

Related Insights