Fortifying defenses with Managed Detection and Response
Brightsolid strengthened the cyber resilience of a national organisation that supports local authorities, communities and health and social care providers to look after the wellbeing of people in Scotland.
Moving its entire staff to homeworking due to the Covid-19 pandemic greatly expanded the use and uptake of remote working technology. This lead to an increased potential attack surface for cyber criminals to exploit. The recent investment in Microsoft E5 licences meant the IT department required additional support and expertise to leverage Sentinel alerts. This would enhance visibility of threats across their digital estate and accelerate detection and incident response.
The organisation therefore set out to acquire a Managed Detection and Response (MDR) service. This would enhance security posture, increase protection against cyber attacks, delivered with support and leveraging the investment made in Microsoft E5 licences. All with minimal overhead to the existing operational team.
“Working with Brightsolid has allowed us to continuously improve our security posture. The offering could be a good fit for other organisations, who don’t have huge budgets or cyber teams, but all have a common need to provide assurance to our staff, board and directors that our cyber controls are effective and fit for purpose.”
The Solution
Acting as an extension to the internal team, Brightsolid supported their cyber security action plan by delivering Managed Detection and Response. Providing an experienced Security Operations Centre (SOC) of analysts and engineers who monitor the organisation’s infrastructure 24x7x365.
It was important that threat intelligence was part of the service. Enabling external threat analysis and easy integration of existing data sources to meet future demand. Managed Detection and Response leverages the Microsoft Defender suite, providing security context and analytics to detect irregular behaviour across all sources. It also enhances the cyber maturity of the organisation’s environments.
In addition, Managed Detection and Response enables them to maximise their E5 license investment by safeguarding devices and endpoints through the Defender for Endpoint platform. This is monitored, managed, and triaged through Microsoft Sentinel SIEM, and ensures that urgent incidents and breaches are dealt with rapidly.
The Results
- Successfully delivered project, on time, and under budget.
- After initial investigation of infrastructure, Brightsolid were provided delegated access and able to deploy Sentinel as code in 15 mins.
- An enhanced cyber security posture due to real time detection and response capabilities.
- Service is validated, as security operations confirm attempted attacks have been blocked due to protocols in place. Testing of which is made possible thanks to Managed Detection and Response.
- Optimised Sentinel ingestion costs during onboarding, ensuring a phased approach to manage budget and keep costs low.