Key Drivers & Business Outcomes
The goal of any modern cybersecurity program is to streamline the people, process, and technology that drive an organization forward. Complex operational requirements, poor visibility into security process, legacy infrastructure, and increasing demand meant internal teams were stretched too thin to prioritize security. The added challenge of hiring, training, and retaining security staff only compounded that problem. The need for a solution that leveraged the latest in cloud technology, automation, and machine learning was clear.
This large SaaS firm needed streamlined security technology and specific control to increase their visibility into the SIEM log and alert configuration. The solution would be to leverage a future-proofed platform to continuously tackle the ever-advancing technology, while consolidating their investments and partnerships.
Our solution: all core security technologies seamlessly integrated with the Microsoft Sentinel SIEM, including enhanced detections from native Microsoft security technologies.
Customized infrastructure and threat intelligence to meet customer needs
Hybrid security environment promoting further cloud adoption
Leveraging Microsoft security technologies for visibility
Migration to Microsoft from leading competitive solution
Overrun by operational challenges created by running their legacy, open source SIEM stack was taking its toll on the IT and security teams. Implementing new SIEM can be a difficult process which could be a distraction to other critical projects, so waiting for the right time was key.
They had completed a proof of concept (POC) and decided to outsource the heavy lifting to accelerate their implementation timeline to migrate to the modern solution and free up more operational resources to work on other priorities.
Difenda was contracted to provide a managed SIEM detection solution.
The scope of the project included a hybrid environment where on-premise and cloud resources were leveraged for maximum visibility. Difenda provided a best-practices design and deployment, log source integration and optimization, as well as a use case, dashboard, and automation development. As part of the detection strategy, Difenda was able to leverage Azure AD, Microsoft Information Protection, Microsoft Defender for Cloud, and Microsoft Defender for Cloud Apps. Simultaneously, the customer initiated a project to migrate from competing EDR vendor to Microsoft Defender for Endpoint that was also integrated with our solution.