An S&P 500 company and global leader in enabling pharma, biotech, and consumer health, this company partners to optimize product development, launch, and full life-cycle supply for patients around the world. With broad and deep scale and expertise in development sciences, delivery technologies, and multi-modality manufacturing, they are the industry’s preferred partner for personalized medicines, consumer health brand extension, and blockbuster drugs. They help accelerate over 1,000 partner programs and launch over 150 new products every year. Their flexible manufacturing platforms at over 50 global sites supply over 70 billion doses of nearly 7,000 products to over 1,000 customers annually. Their expert workforce exceeds 19,000, including more than 2,500 scientists and technicians.
When this client’s head of Cybersecurity Operations joined the team, he uncovered tremendous gaps in the security operations. The SIEM solution, was analyzing too little data and yet their team was overwhelmed with alerts and noise.
“Specifically, there were gaps in the data and alerts we received from the SIEM solution. We were bringing in about 10-12G per day, which was too little. Additionally, the data that was coming in was the wrong data, which resulted in a lot of noise and alert fatigue. We were being alerted on things that were trivial and should’ve already been corrected with automated rules,” stated their Head of Cybersecurity Operations.
The disruptions caused by poorly qualified alerts inhibited their ability to effectively detect threats and optimize security posture. Despite the lack of efficacy, the MSSP made no efforts to improve and alleviate the noise. “Our current MSSP was okay with it all. There was no sense of urgency,” he added.
“I was hired to clean up security operations, so it was a reset. We weren’t just addressing individual gaps, but rather undertaking a full review and implementing core changes with many other tools that were in place. I viewed it as starting over with a complete rebirth of security.”
They began looking for vendors and sought reliable businesses that could meet their SLAs and understand their tools, including Microsoft Sentinel SIEM. Their Head of Cybersecurity Operations also described how he sought more than a vendor, but a partner who could provide guidance and assistance with queries.
“It’s one thing to do everything we ask, but we were looking for a consultative approach to suggest better options and inform us of what’s coming around the corner.”
Netrix Global’s broad cybersecurity expertise and breadth of services enabled it to serve as the consultative partner they sought.
Netrix Global supported their security changes in just over two weeks
Fast response, in-depth knowledge, and strong collaboration from the Netrix Global team
As part of the security changes, they purchased Microsoft Office 365 E5 and the Microsoft Sentinel SIEM solution. They relied on Netrix Global to help configure the tools and provide ongoing support with Managed Detection & Response (MDR) services. Their contract with its former MSSP was ending, necessitating a quick turnaround. The project launched in January and was fully operational in February, taking just over two weeks.
Their Sr. Manager of Cybersecurity & Infrastructure Portfolio said, “In my experience dealing with contracts, all the Netrix Global project managers have all been very professional and helpful and made things a lot smoother. We didn’t have issues getting our contracts through the review process or signed. Things went very quickly. I’ve been very pleased with Netrix Global.”
Their Head of Cybersecurity Operations gave the Netrix Global team kudos for being present. “They pick up the phone, and we can talk to them and have good conversations. Rather than merely answering our specific questions, we work together. I love the dialogue back and forth, which I wasn’t seeing from our previous vendor.”
Their Sr. Cybersecurity Engineer added, “The integrity, responsiveness, and knowledge are big things. We chat in Teams and I get responses immediately.”
The scope of the implementation included roughly 4,000 servers, 12,000 end user computer endpoints globally, and 24,000 identities combining employees, contractors, and vendors.
Although the implementation involved numerous, substantial technical changes, the process was efficient and agile, resulting in a smooth transition. When asked if employees outside of IT understood the transition, their Head of Cybersecurity Operations responded, “No one knew. That says a lot. We were able to have Netrix Global come get it going, and they had no clue.”
Netrix Global’s MDR combines Azure Sentinel capabilities with critical Security Orchestration, Automation, and Response (SOAR), delivered as a service via the Netrix Security Operations Center (SOC). Every alert generated by Sentinel is scrutinized by a human analyst in Netrix’s Threat Operations group to validate and put it into context. Netrix Global handles investigations and, in most cases, response. The Netrix Global team of security analysts provide 24x7x365 monitoring, providing the client with complete coverage at a predictable monthly fee. The MDR service alleviates the pressure on their team to respond to alerts, while also eliminating the burden to continuously replenish their own SOC team with training and new hires.
The client brings roughly 500GB of data per day into Microsoft Sentinel. With actionable, quality alerts, their infrastructure team now knows what truly needs attention and is empowered to take the appropriate countermeasures. They’re able to find and correlate incidents to make data-driven decisions, such as what must be blocked at the firewall.
As a long-term partnership, Netrix Global is currently supporting the client through an E5 deployment, Azure Workday integration, and single sign-on projects.
Their Head of Cybersecurity Operations stated, “In the last six months, it’s been a night and day difference. To me, it’s about the trust and the partnership. We’re getting great service for what we’re paying, as well as the knowledge base that we didn’t have before.”
Their team is confident they can rely on Netrix Global, alleviating many burdens. Specifically, their Head of Cybersecurity Operations said, “Right now, I’m not worried. If something happens at 2:00 AM, Netrix Global will find and fix it based on our SOW or escalate to one of our on-call team members as needed.”
“When addressing an incident, I don’t believe there’s anything that we couldn’t handle together between the two teams. And that’s our ROI, preventing a larger issue for the company is an excellent return on our investment.”
He continued, “Netrix’s depth of knowledge has also helped me progress, as I’ve been able to learn from them. Netrix Global feels like they’re part of our team, an arm of our department.”
Their Sr. Manager of Cybersecurity and Infrastructure Porftolio shared a similar sentiment. “We don’t feel like we’re chasing them down or having a hard time scheduling meetings. I’ve been very pleased.”
2024 Netrix, LLC | All Rights Reserved.
