The client is a US-based company specializing in medical equipment manufacturing and sales of medical devices, instrument systems and reagents.
The Challenge
Increased vulnerability to cyber risks due to outdated and disparate tools
- The client relied significantly on a cloud-native business model for business and operational concerns, which were prime targets for cyberattacks and lacked advanced security measures
- There was a lack of robust monitoring tools to detect and respond to security threats as a defense against business disruptions
- The client struggled to connect disparate tools and leverage its data assets at scale for proactive defense and business solutions
- The client's endpoint detection and response (EDR) and lack of advanced threat protection (ATP) solutions were outdated
The Objective
Protect the technology infrastructure from rising cyber threats
The primary objective was to fortify the cloud-native business model against cyber threats and enhance the overall security posture. Faced with challenges such as the lack of advanced security measures, outdated endpoint detection and response (EDR) and disconnected tools, the client sought a trusted technology partner to revolutionize its enterprise security.
The Solution
Microsoft and Azure leveraged for SIEM and SOAR platform capabilities
The client chose HCLTech Cybersecurity as its trusted technology partner to help supercharge the progress of their enterprise security posture with a proven security framework and transformation delivery. HCLTech stepped in to evaluate the client's existing digital ecosystem and assessed that the company needed advanced next-gen security upgrades to secure its system and assets from outside threats. This also included deploying an effective security monitoring and data security framework across the enterprise environment and leveraging information insights to handle its current and future use case scenarios.
To address these goals, HCLTech deployed security information and event management (SIEM) and security orchestration, automation and response (SOAR) platforms for their IT landscape. Additionally, we also upgraded and replaced the client's legacy EDR and ATP systems with an advanced solution stack with four key components:
Microsoft Sentinel:
- We conducted a complete Microsoft Sentinel proof of concept (POC) exercise in the client's development environment for current and future use cases. We formulated a strategic vision for SIEM and SOAR implementation.
- Next, we planned, analyzed, designed, built, tested and ran activities for Sentinel tools and built use cases and workbooks for SOAR.
Azure Microsoft Defender:
- Following that, we completed the Microsoft Defender ATP POC and deployed the solution in the client's environment through the design, build, test and run stages.
- HCLTech implemented an active data loss prevention (DLP) solution using the Defender ATP/DLP to support the client’s ability to identify and label sensitive or classified information.
MDCA (Microsoft Defender for Cloud Apps):
- We conducted app discoveries with the Cloud AppDiscovery tool.
- Additionally, the solution stack secured SaaS applications end-to-end using the MDCA tool. Our team of experts also implemented the MIP (Microsoft Information Protection) setup and MDCA for data protection.
Azure Security Center:
- HCLTech designed and deployed the Azure Security Center and its supporting capabilities (Log Analytics, etc.) to monitor and manage the security of the cloud computing resources.
- In the end, we connected the client's existing centralized management system to the security center via application programming interfaces (APIs).
The Impact
Achieved significant cost savings and efficiency increases
- 20% reduction in cost on license and agent management cost
- 6,500 endpoints managed through automated detection and remediation through MS Defender
- Completed Microsoft Defender ATP POC within 3 months and deployed the solution in the client's environment within 12 months
- ~ 10% increase in efficiency of threat detection and still qualifying
