The client is one of the top 4 consultancy and advisory firms in the world. They were challenged by the complexity and inherent shortcomings in their legacy security monitoring solution and processes. They wanted to ensure 24*7 security monitoring service, reduce the risk of legal and regulatory fines, reduce overall company risk exposure to cyber threats, and maintain company reputation.

Infosys implemented Azure Sentinel SIEM platform to enable client to proactively manage security threats and detect security incidents before it has an impact on the business.

Key Challenges

  • Risk of running SOC operations on a legacy, obsolete and non-scalable SIEM platform
  • Lack of a centralized SIEM solution that can unify security feeds from applications across all platforms (on prem and cloud) and SOC in the event of a breach
  • Complex legacy security monitoring solution in terms of scalability and lack of single source of truth
Line

The Solution

Migration to an efficient cloud-based platform

  • Migrated 50 use cases, 7 type of on-prem logs sources, 200+ devices and 700 GB of log volume from a legacy SIEM platform to scalable Azure Sentinel SIEM platform
  • Analyzed and mapped 350+ use cases to MITRE ATT&CK MAGMA framework
  • Defined a detailed log onboarding workflow and content management (use case lifecycle) process
  • Finalized templates for configuration guides, SOPs, design documentation and documented management process
  • Engineered the use cases for L1 & L2 services to integrate with regional and global SOC environments to better respond in the event of a security breach or incident
  • Created DevOps pipelines for all the use cases for efficient development across different environments
  • Implemented a tagging mechanism for each use case to help SOC analysts identify from which systems/ domains the security incidents were triggered
  • Designed and implemented Azure Data Explorer (ADX) storage & retention solution and migrated from existing blob storage
Line

Benefits

Quicker response time to security incidents

Ensured zero impact on business while migrating legacy log sources to Azure Sentinel

Ensured zero impact on business while migrating legacy log sources to Azure Sentinel

31 business critical applications onboarded to Azure Sentinel enabling 24*7 security monitoring

31 business critical applications onboarded to Azure Sentinel enabling 24*7 security monitoring

132 use cases (custom and out of the box) implemented and monitored in real time

132 use cases (custom and out of the box) implemented and monitored in real time

Quick analysis of threats and gap identification by mapping use cases to MITRE ATT&CK framework

Quick analysis of threats and gap identification by mapping use cases to MITRE ATT&CK framework

Enriched security event data, enabled quick response to incidents and reduced alert fatigue by tagging use cases

Enriched security event data, enabled quick response to incidents and reduced alert fatigue by tagging use cases