Proactive Security with a SOC and Cloud SIEM for Goodvalley

Goal: Deploy a SOC with an efficient SIEM system to monitor data security threats within the entire IT infrastructure. Develop and maintain an efficient cyber security strategy and deliver multi-level support for security monitoring and incident management.

Solution: Infopulse security engineers built a managed SOC based on Microsoft Sentinel and ensured dedicated security maintenance, covering the client's entire IT infrastructure across multiple locations including the cloud.

Benefits: Enhanced cyber security, proactive security risk management, comprehensive protection of the entire IT infrastructure, including cloud resources, automation of processing recurring issues, reduced costs for security operations, and continuous improvement of security systems to stay ahead of evolving threats.

Services delivered: Cybersecurity, Security Operations Center (SOC), SIEM & SOAR, Security Assessment, Microsoft Sentinel

Infopulse implemented a powerful managed SOC solution based on Microsoft Sentinel, connecting IT the infrastructure components of Goodvalley to SIEM for continuous security monitoring.  

Along with multi-layered security maintenance and support, our client could benefit from: 

• Significantly enhanced risk management and cybersecurity stability
• Continuous strategic enhancements for the company’s cybersecurity posture
• Proactive approach to cyber security incident processing
• Reduced costs for IT infrastructure and security operations

The joint effort of Infopulse security engineers and Goodvalley’s IT department helped the agrifood enterprise achieve a stable high level of cybersecurity efficiency and avoid critical security incidents. 

Technical Details 

Upon conducting an in-depth research of the client's needs, Infopulse suggested deploying Microsoft Sentinel – a strategic choice, as Goodvalley’s IT infrastructure mainly relies on the Microsoft ecosystem. 

We initiated a pilot project to demonstrate the capabilities of Microsoft Sentinel so that the client could see all the advantages of the proposed solution in action. For the pilot project, our partner Microsoft provided all the necessary licenses for free, so that Goodvalley could verify the viability of the solution without any expenses. 

After the successful pilot, we implemented the full-scale project, with its scope comprising the following: 

• Conducted SIEM system integration by connecting all on-premises and cloud resources. Based on the results of the pilot project, we calculated the required budget and proposed specific network optimizations to offer competitive pricing.
• We deployed Microsoft Sentinel solution and enabled cloud services, such as Azure, Microsoft 365, various SaaS tools, etc. Next, we connected the Cortex XDR and Fortinet firewalls, as well as the rest of the infrastructure to SOC.
• Set up analytical rules to detect security incidents and enable suitable processing mechanisms. It allowed to filter real incidents from all the received system alerts and mitigate them correctly, ensuring efficient SOC performance.
• SIEM monitoring revealed improper network settings; thus, we provided recommendations for network optimization that allowed Goodvalley to decrease infrastructure workloads and, therefore, save resources and costs.
• Reduced excessive data logs. To reduce data volumes with no practical value for security, we filtered unnecessary data and aggregated data from all analyzed sources. This allowed us to significantly decrease the amount of data stored in the cloud without affecting its informative value.

The initial setup and deployment of the SOC took appr. 3 months. During this phase, we started implementing security and IT infrastructure improvements as soon as we received the first monitoring logs. We proactively identified and addressed potential weaknesses and ensured a seamless transition from the previous solution with zero interruptions. 

After the initial implementation phase, our dedicated SOC team started providing comprehensive “Security-as-a-Service” multi-layer maintenance and support: 

• Layer 0 includes automatic incident processing to mitigate recurrent low-impact security use cases.
• Layer 1: Initial alert analysis performed by previously created playbooks. The service is delivered by a team of security specialists located in Ukraine and the EU.
• Layer 2 / 3: Processing non-typical and complex incidents. It is performed by two dedicated specialists. After processing each such incident, they create instructions for L1 specialists to process similar alerts in the future if such alerts appear.
• Forensic scan: A detailed investigation and documentation of complicated incidents with the highest level of potential impact. Fortunately, the client had no such security incidents during our collaboration.

We also integrated the SOC alert system with the client's internal ticketing system, giving their IT specialists full visibility and ease in managing security tasks. 

The project is ongoing, with weekly meetings to update Goodvalley on SOC performance, suggest improvements, and discuss all other data security aspects.