Case Study

Implementation of scalable Azure Sentinel SIEM platform to proactively manage security threats

Infosys offers full potential of cloud ecosystem with Infosys Cobalt to increase business value and speed to market.

The client is one of the top 4 consultancy and advisory firms in the world. They were challenged by the complexity and inherent shortcomings in their legacy security monitoring solution and processes. They wanted to ensure 24*7 security monitoring service, reduce the risk of legal and regulatory fines, reduce overall company risk exposure to cyber threats, and maintain company reputation.

Infosys implemented Azure Sentinel SIEM platform to enable client to proactively manage security threats and detect security incidents before it has an impact on the business.

Key Challenges

Risk of running SOC operations on a legacy, obsolete and non-scalable SIEM platform
Lack of a centralized SIEM solution that can unify security feeds from applications across all platforms (on prem and cloud) and SOC in the event of a breach
Complex legacy security monitoring solution in terms of scalability and lack of single source of truth

TALK TO EXPERTS

The Solution

Migration to an efficient cloud-based platform

Migrated 50 use cases, 7 type of on-prem logs sources, 200+ devices and 700 GB of log volume from a legacy SIEM platform to scalable Azure Sentinel SIEM platform
Analyzed and mapped 350+ use cases to MITRE ATT&CK MAGMA framework
Defined a detailed log onboarding workflow and content management (use case lifecycle) process
Finalized templates for configuration guides, SOPs, design documentation and documented management process
Engineered the use cases for L1 & L2 services to integrate with regional and global SOC environments to better respond in the event of a security breach or incident
Created DevOps pipelines for all the use cases for efficient development across different environments
Implemented a tagging mechanism for each use case to help SOC analysts identify from which systems/ domains the security incidents were triggered
Designed and implemented Azure Data Explorer (ADX) storage & retention solution and migrated from existing blob storage

Benefits

Quicker response time to security incidents

Ensured zero impact on business while migrating legacy log sources to Azure Sentinel

31 business critical applications onboarded to Azure Sentinel enabling 24*7 security monitoring

132 use cases (custom and out of the box) implemented and monitored in real time

Quick analysis of threats and gap identification by mapping use cases to MITRE ATT&CK framework

Enriched security event data, enabled quick response to incidents and reduced alert fatigue by tagging use cases

Experience

Insight

Innovate

Accelerate

Assure

Application Development and Maintenance

Business Process Management

Consulting Services

Incubating Emerging Offerings

Implementation of scalable Azure Sentinel SIEM platform to proactively manage security threats

The Solution

Benefits

Quicker response time to security incidents