S&P 500 Pharma Solutions Company Successfully Overhauled Security
This is an S&P 500 company, with expertise in sciences and manufacturing at over 50 global sites. Headquartered in the United States, has a workforce of nearly 20,000, with revenue of several billion dollars.
Gaps and Noise
When the Director, Cyber Security Operations began working at the company, he uncovered tremendous gaps in the security operations. The SIEM solution was analyzing too little data and yet the team was overwhelmed with alerts and noise.
“Specifically, there were gaps in the data and alerts we received from the SIEM solution, Exabeam. We were bringing in about 10-12G per day to Exabeam, which was too little. Additionally, the data that was coming in was the wrong data, which resulted in a lot of noise and alert fatigue. We were being alerted on things that were trivial and should’ve already been corrected with automated rules,” explained the Director, Cyber Security Operations and IAM.
The disruptions caused by poorly qualified alerts inhibited the team’s ability to effectively detect threats and optimize security posture. Despite the lack of efficacy, the MSSP made no efforts to improve and alleviate the noise. “Our current MSSP was okay with it all. There was no sense of urgency.”
“I knew Netrix Global was a perfect fit, not just for the BAU that we’re doing now but also helping us get Microsoft tools configured and set up.”
– Director, Cyber Security Operations
Great Value & ROI
• 4K servers
• 12K endpoints globally, and 24K identities
• Preventing larger issues for the company is an excellent ROI
• Team is responsive and collaborative
• Actionable Alerts and Less Noise
• Roughly 500GB of data per day are brought into Microsoft Sentinel
• With quality alerts, the Pharma Solutions team knows what needs attention and can take the appropriate measures
Netrix supported this company’s security overhaul, which was fully operational in just over two weeks
• Seamless transition, unknown
to employees outside of IT
• Fast response, in-depth knowledge, and strong collaboration from the Netrix Global team
“To me, it’s about the trust and the partnership” – Director, Cyber Security Operations
Complete Security Overhaul
The Director, Cyber Security Operations comments, “I was hired to clean up security operations, so it was a reset. We weren’t just addressing individual gaps, but rather undertaking a complete overhaul, which included removing Exabeam and many other tools that were in place. I viewed it as starting over with a complete rebirth of security.”
Needed Reliability and a Consultative Approach
The company began looking for vendors and sought reliable businesses that could meet their SLAs and understand their current tools, including Microsoft Sentinel SIEM solution. The Director, Cyber Security Operations also described how he sought more than a vendor, but a partner who could provide guidance and assistance with queries.
“It’s one thing to do everything we ask, but we were looking for a consultative approach to suggest better options and inform us of what’s coming around the corner. I had previous experience working with Netrix for several years, and I knew Netrix was one partner I wanted to bring in. I knew Netrix was a perfect fit, not just for the BAU that we’re doing now, but also helping us get Microsoft tools configured and set up.”
Netrix’s broad cybersecurity expertise and breadth of services enabled Netrix to serve as the consultative partner to the company.
As part of the security overhaul, the team purchased Microsoft Office 365 E5 and the Microsoft Sentinel SIEM solution. The company relied on Netrix to help configure the tools and provide ongoing support with Managed Detection & Response (MDR) services. Their contract with their former MSSP was ending, necessitating a quick turnaround. The project launched in January and was fully operational in February, taking just over two weeks. The Sr. Cybersecurity Portfolio Manager, said, “In my experience dealing with contracts, all the Netrix project managers have all been very professional and helpful and made things a lot smoother. We didn’t have issues getting our contracts through the review process or signed. Things went very quickly. I’ve been very pleased with Netrix.”
Seamless Implementation with a Very Smooth Transition
The scope of the implementation included roughly 4,000 servers, 12,000 end user computer endpoints globally, and 24,000 identities combining employees, contractors, and vendors. Although the implementation involved numerous, substantial technical changes, the process was efficient and agile, resulting in a smooth transition. When asked if employees outside of IT understood the transition, the Director, Cyber Security Operations responded, “No one knew. That says a lot. We were able to have Netrix come get it going, and they had no clue.”
24x7x365 Monitoring and Actionable Alerts
MDR combines Azure Sentinel capabilities with critical Security Orchestration, Automation, and Response (SOAR), delivered as a service via the Netrix Security Operations Center (SOC). Every alert generated by Sentinel is scrutinized by a human analyst in Netrix’s Threat Operations group to validate and put it into context. Netrix handles investigations and, in most cases, response.
The Netrix team of security analysts provide 24x7x365 monitoring, providing the company with complete coverage at a predictable monthly fee. The MDR service alleviates the pressure on the IT team to respond to alerts, while also eliminating the burden of continuously replenishing their own SOC team with training and new hires.
The company currently brings roughly 500GB of data per day into Microsoft Sentinel. With actionable, quality alerts, the infrastructure team now knows what truly needs attention and is empowered to take the appropriate countermeasures. They’re able to find and correlate incidents to make data-driven decisions, such as what must be blocked at the firewall.
As a long-term partnership, Netrix is currently supporting this company through an E5 deployment, Azure Workday integration, and single sign-on projects. Additionally, the Director, Cyber Security Operations stated, “In the last six months, it’s been a night and day difference. To me, it’s about the trust and the partnership. We’re getting great service for what we’re paying, as well as the knowledge base that we didn’t have before.”
Responsive and Collaborative
The Director gave the Netrix team kudos for being present. “They pick up the phone, and we can talk to them and have good conversations. Rather than merely answering our specific questions, we work together. I love the dialogue back and forth, which I wasn’t seeing from our previous vendor.”
The Sr. Cybersecurity Engineer added, “The integrity, responsiveness, and knowledge are big things. We chat in Teams and I get responses immediately.”
Not Worried, Excellent ROI
The IT staff are confident they can rely on Netrix, alleviating many burdens. Specifically, The Director, Cyber Security Operations said, “Right now, I’m not worried. If something happens at 2:00 AM, Netrix will find and fix it based on our SOW or escalate to one of our on-call team members as needed.”
“When addressing an incident, I don’t believe there’s anything that we couldn’t handle together between the two teams. And that’s our ROI, preventing a larger issue for the company is an excellent return on our investment,” added Sr. Cyber Security Engineer.
Feels Like an Arm of Our IT Team
Sr. Cyber Security Engineer continued, “Netrix’s depth of knowledge has also helped me progress, as I’ve been able to learn from them. Netrix feels like they’re part of our team, an arm of our department.” Sr. Cybersecurity Portfolio Manager shared a similar sentiment. “We don’t feel like we’re chasing them down or having a hard time scheduling meetings. I’ve been very pleased.”
We specialize in network infrastructure, security, software development, systems services, unified communications, mobility, cloud and managed services, as well as the hardware, software, and services needed to implement them. We help our clients with integrated packages of custom solutions that simplify technology sourcing and accelerate deployment. In addition, we work to ensure the ROI of your technology with a robust set of user adoption services.