PFR Operations monitored its IT infrastructure using on-premise tools. However, with the expansion of the PFR Group and its IT environment, the existing solutions were no longer sufficient. In addition, they did not provide flexibility in terms of costs – even if a project and related IT resources were shut down, the cost of monitoring remained unchanged.
Eventually, a decision was made to replace the existing environment monitoring solution for a cloud-based one that allows to flexibly adapt resources and costs to the current needs of the PFR Group.
A significant challenge resulting from such an undertaking was designing the migration process in such a way so as to ensure monitoring continuity and maintain a sufficiently high level of security. In the case of the PFR Group, this was quite complex due to the scale of its operations and the variety of environments used, including on-premise, public cloud solutions and the MS 365 office suite.
The Microsoft Sentinel service, implemented by OChK, allows for comprehensive monitoring of PFR resources in terms of security.
Sentinel collects data on all users, devices, applications and infrastructure both locally and across multiple clouds.
The application not only identifies new, previously undiscovered threats, but also minimizes the number of false alarms. This is enabled by built-in artificial intelligence and advanced analytics mechanisms that compare detected incidents with the incident database maintained by Microsoft, facilitating threat detection and classification as well as measures for mitigation.
During the workshops with the participation of PFR Operations and OChK, the requirements for a new IT environment monitoring tool were defined. The selected option was the native Microsoft Sentinel service, which is a SIEM-class solution that identifies threats in the IT environment and allows to take action according to a given scenario.
Subsequently, the service was extended with the Microsoft Defender for Endpoint solution, which allows activity on user terminals to be monitored. The service enables automatic blocking of detected threats and collects information for analysis. The integration of Microsoft Sentinel and Microsoft Defender for Endpoint ensures comprehensive security of the IT environment on multiple levels.
OChK uses the above-mentioned solutions as part of the Security Operations Center. A team of security experts monitors the resources of PFR 24/7. In the event of a security incident, SOC personnel take action according to a scenario agreed in advance with the PFRO.
The implementation was carried out based on an agile model. The individual steps were analyzed and adjusted as needed.
Microsoft Defender for Endpoint
Security Operations Center
Thanks to the migration, PFR is able to scale monitoring services in a more flexible way, including connecting new data sources or removing old ones, without the need for major modifications.
Thanks to the SIEM solution, which allowed a transition from a conventional on-premise tool to Software-as-a-Service, PFRO can focus on the organization's cybersecurity, rather than spending time on the configuration and maintenance of the monitoring application infrastructure.
Disk usage and the number of unlimited queries performed are no longer a challenge for the IT department. The Microsoft Sentinel service can be automatically scaled to the needs of the organization, thereby allowing almost real-time incident handling.
Thanks to an external Security Operations Center team from OChK, the PFR Group's infrastructure is protected 24/7 by qualified personnel equipped with advanced monitoring tools. The internal IT department thereby saves time, enabling it to focus on other tasks.
While conducting the implementation process, the OChK SOC team monitored the environment on the basis of the developed response procedures and documentation. The PFR Group's security team has thus gained more time to work on key business issues, without incurring the cost of an internal SOC team.