Challenge
Tight cyber security is an absolute necessity ”, says ICT Manager Jan Buytaert,“ nevertheless a number of cyber incidents occurred at the beginning of the calendar year. These had an impact on GO!'s operations and convinced our management to expose our vulnerabilities and then secure them. We appointed SecWise to perform a security audit and implement modern threat protection solutions.
Approach
A year and a half ago, GO! became the victim of a cyber attack. The software for virtual desktops in particular was targeted. For IT manager Jan Buytaert, this was not only the final signal to accelerate the migration to Microsoft Azure and Microsoft Office 365, it was also the reason to take a closer look at cybersecurity. On the advice of its cybersecurity specialist SecWise, a security risk assessment was executed after which GO! proceeded with the recommendations to implement the Microsoft Defender 365 security suite and Azure Sentinel.
Result
SecWise translated the recommendations of the security audit into a roadmap. “In the past you had enough with a firewall and antivirus, but now you can no longer only rely on those products,” says Koen Jacobs of SecWise. "Because GO! wants to phase out its own datacenter in favor of the cloud - and thereby mainly switch to Microsoft technology, we recommended expanding their license to also include the Microsoft 365 Defender security suite."
With that, GO! not only protects laptops, but also keeps its e-mail application free from spam and keeps its new cloud environment free of malware. “People often think that the cloud is already secure, but you are still responsible for what happens on their - admittedly secure - platform. You have to take care of the security of the applications that run on it, ”says Buytaert.
GO! made a conscious choice for Microsoft. “As an IT service, we also develop our own software. We also work with Microsoft Office 365 and Microsoft Azure. You can plug in Microsoft Defender 365 into the existing applications such as Teams and Outlook. You can warn others about dangerous emails or spam at the touch of a button. So we went to Microsoft mainly from a user perspective ”, says Jan Buytaert.
Endpoint protection on 400 laptops prevents phishing
Step one in the new security strategy was the addition of Microsoft Defender Advanced Threat Protection to GO!'s Windows 10 devices! That project started just before the corona lockdown. The antivirus has already been installed on the devices of the 400 employees of the central services. “Before it was almost a day's job to determine whether or not certain emails were phishing attempts. Now Defender ATP automatically stops them, saving the team half a FTE equivalent. ” Buytaert says.
Get smarter with Azure Sentinel
To increase visibility in their network and have a better understanding of cybersecurity, SecWise also activated Azure Sentinel SIEM. That is security incident & event management software, with which the security team can view and tackle any cyber incident. Koen Jacobs: “We also want to monitor the servers and security services better. We want to send all "security logs" from every application to Azure Sentinel, automatically filter it and take action if necessary. Sentinel automatically quarantines malicious files. There is also a machine learning component that helps to detect false positives. ”
“We are a small team but have to provide the same services as a large IT service,” Buytaert adds. “With smart software such as Sentinel you can now automate many tasks. In this way, we do not have to provide specialized technical training for our people. ”
In the future, GO! manages devices remotely
With identity and device management, the following security projects are already in the pipeline. In the first instance, the ICT manager wants to manage the GO! Devices more efficiently. “Our current device management software does not work well from a distance. Corona shows that this is a problem. We would do better with Microsoft Endpoint Manager, the new project in our pipeline with SecWise.