PFR Operations and Security as a 24/7 Service
Deployment date: 2023
Sector: administration
Microsoft
OChK advised on the selection of a new SIEM-class solution. In cooperation with PFR Operations, we developed an implementation plan that allowed a smooth migration from the existing solution to the new one, while maintaining business continuity and a high level of security.
PFR Operations is a shared services center for the Polish Development Fund Group. In turn, the Polish Development Fund (PFR) is a group of financial and advisory institutions for entrepreneurs, local governments and individuals investing in the sustainable social and economic development of the country.
The group's priorities include infrastructure investments, innovations, entrepreneurship development, exports, foreign expansion of Polish enterprises, and support for local governments, as well as implementation of the Employee Capital Plans program and handling foreign investments. PFR ensures effective coordination of development programs on the basis of a uniform strategy and integrated channels of contact with entrepreneurs, local governments and individual clients.
Challenges
PFR Operations monitored its IT infrastructure using on-premise tools. However, with the expansion of the PFR Group and its IT environment, the existing solutions were no longer sufficient. In addition, they did not provide flexibility in terms of costs – even if a project and related IT resources were shut down, the cost of monitoring remained unchanged.
Eventually, a decision was made to replace the existing environment monitoring solution for a cloud-based one that allows to flexibly adapt resources and costs to the current needs of the PFR Group.
A significant challenge resulting from such an undertaking was designing the migration process in such a way so as to ensure monitoring continuity and maintain a sufficiently high level of security. In the case of the PFR Group, this was quite complex due to the scale of its operations and the variety of environments used, including on-premise, public cloud solutions and the MS 365 office suite.
Solution
The Microsoft Sentinel service, implemented by OChK, allows for comprehensive monitoring of PFR resources in terms of security.
Sentinel collects data on all users, devices, applications and infrastructure both locally and across multiple clouds.
The application not only identifies new, previously undiscovered threats, but also minimizes the number of false alarms. This is enabled by built-in artificial intelligence and advanced analytics mechanisms that compare detected incidents with the incident database maintained by Microsoft, facilitating threat detection and classification as well as measures for mitigation.
Technologies used
During the workshops with the participation of PFR Operations and OChK, the requirements for a new IT environment monitoring tool were defined. The selected option was the native Microsoft Sentinel service, which is a SIEM-class solution that identifies threats in the IT environment and allows to take action according to a given scenario.
Subsequently, the service was extended with the Microsoft Defender for Endpoint solution, which allows activity on user terminals to be monitored. The service enables automatic blocking of detected threats and collects information for analysis. The integration of Microsoft Sentinel and Microsoft Defender for Endpoint ensures comprehensive security of the IT environment on multiple levels.
OChK uses the above-mentioned solutions as part of the Security Operations Center. A team of security experts monitors the resources of PFR 24/7. In the event of a security incident, SOC personnel take action according to a scenario agreed in advance with the PFRO.
The implementation was carried out based on an agile model. The individual steps were analyzed and adjusted as needed.
Microsoft Sentinel
Microsoft Defender for Endpoint
Security Operations Center
Results
Thanks to the migration, PFR is able to scale monitoring services in a more flexible way, including connecting new data sources or removing old ones, without the need for major modifications.
Thanks to the SIEM solution, which allowed a transition from a conventional on-premise tool to Software-as-a-Service, PFRO can focus on the organization's cybersecurity, rather than spending time on the configuration and maintenance of the monitoring application infrastructure.
Disk usage and the number of unlimited queries performed are no longer a challenge for the IT department. The Microsoft Sentinel service can be automatically scaled to the needs of the organization, thereby allowing almost real-time incident handling.
Thanks to an external Security Operations Center team from OChK, the PFR Group's infrastructure is protected 24/7 by qualified personnel equipped with advanced monitoring tools. The internal IT department thereby saves time, enabling it to focus on other tasks.
While conducting the implementation process, the OChK SOC team monitored the environment on the basis of the developed response procedures and documentation. The PFR Group's security team has thus gained more time to work on key business issues, without incurring the cost of an internal SOC team.
At PFR Group, we strive to promote entrepreneurship and innovation for the benefit of small startups, large corporations, as well as local governments and public entities across Poland. As our top priority is cybersecurity, we sought guidance from OChK to procure optimal cloud solutions. This will enable us to monitor our complex IT environment seamlessly, and identify potential security threats more effectively. After a workshop and evaluation, experts recommended utilizing Microsoft tools for SOC as a Service. Now, the PFR Operations team is safeguarded 24/7 and incident monitoring is enhanced. This enables us to dedicate our time to strategic tasks, such as developing and implementing new projects.
Antares Gryczan
CEO of PFR Operations