How a port operating company ensured 24/7 protection of its critical operations with a Managed SOC Service from DigitalXRAID
Port Operating Company
Case Study
The Requirement
As a provider of critical national infrastructure to the nation, a port operating company had deployed Microsoft’s security suite and Darktrace for comprehensive cyber protection, however it identified that it needed to expand its security monitoring for 24/7/365 real-time coverage. To do this, it wanted to implement a Managed Security Operations Centre (SOC) service, delivered by a provider with deep cyber security expertise.
Through a private tender process, the port operating company shortlisted 4 potential SOC service providers. Following a proof-of-concept and the existing working relationship with DigitalXRAID, that had built trust in the expertise the team could provide, DigitalXRAID was chosen as the port company’s preferred SOC service partner, to provide 24/7 security monitoring and remediation utilising Microsoft’s advanced security suite.
The Solution
DigitalXRAID provided consultation on the port operating company existing Microsoft set up, ensuring the most efficient deployment and complete set up and integration. The first stage of the full SOC deployment was to conduct a Threat Model Workshop. DigitalXRAID’s analysts spent time with the port operating company to identify critical resources and customise the deployment plan to its specific needs.
Following the agreement of a Design Document, and integration of all data sources, the service could be fully deployed to start the required 24/7/365 monitoring as soon as possible. The port operating company’s Microsoft instance was connected to DigitalXRAID via Lighthouse for full management and visibility.
DigitalXRAID operates on a rapid deployment objective. Any systems that hold sensitive customer data or are operationally critical were prioritised to be protected immediately. The managed SOC service provided by DigitalXRAID provides a 24/7 solution for alert detection, threat visibility, proactive hunting, and incident response.
The port operating company’s Security Operations Centre (SOC) service utilises its existing Microsoft SIEM & Log Management tooling at its core and is aligned to the MITRE framework. The SOC service integrates industry leading tools, including Microsoft Sentinel, to provide features such as Asset Management, IDS & IPS, Threat Protection, Endpoint Detection & Response (EDR), Threat Intelligence (CTI), Continuous Vulnerability Monitoring, and others. This makes it a true Extended Detection & Response (XDR) solution to provide complete protection for the port operating company across its entire attack surface.
The SOC service now provides the port operating company with threat reports, and collated user activity logs. As part of the service delivery, DigitalXRAID provides security incident reports, correlates threat detection and response logs to provide accurate alert information utilising data from Microsoft’s leading security suite such as Defender for Endpoint and Defender for Identity. DigitalXRAID also monitors email threat protection logs to prevent malware and phishing attacks which could compromise the organisation via the use of Defender for Office.
DigitalXRAID’s 24/7/365 ‘eyes on glass’ SOC service creates an active monitoring picture, which enables a full holistic approach to the port operating company’s information security. Specialist SOC analysts monitor the port company’s infrastructure and systems and take action against any alerts within minutes, to protect business operations and customer data. DigitalXRAID’s MTTD is 6 minutes on average, even for P1 alerts.
The SOC team are a group of highly qualified security professionals, trained to the highest industry standards with recognised certifications across an array of technologies and industry accreditations including Microsoft, CREST and NCSC.
Read Case StudyThe Results
DigitalXRAID monitors all of the port operating company’s infrastructure and systems to detect and respond to any threats or suspicious activity on a 24/7/365 basis.
The port operating company’s SOC service, with full management of Microsoft Sentinel and other Microsoft Security Suite solutions, now protects operations, and most importantly its customer and employee data.
Since deployment, DigitalXRAID has been able to neutralise any incidents within minutes, notifying the port operating company of the severity of any incidents that occur. Incidents and activity are visible in real-time, which gives the team the confidence that their service is effectively protecting the business from cyber threats.
DigitalXRAID’s Security Operations Centre (SOC) service enhances the port operating company’s overall security posture effectively, reduces its risk, and fulfils any data protection and security requirements. It protects the business with an enterprise grade solution, without the need for the port operating company to add any additional strain on internal IT resources.
With machine learning (ML) and Generative AI capabilities built into the port operating company’s Microsoft powered SOC solution, any new alerts received through the platform can be tuned using well defined automation rules, or by DigitalXRAID’s experienced SOC engineering team, within minutes.
The insight that DigitalXRAID’s SOC team gain across various customer environments, as well as the years of experience and industry accreditations held, provide an aggregate value for threat intelligence and monitoring that a single organisation couldn’t achieve alone. The port operating company further benefits from the ‘one affected, all protected’ extended threat detection (XDR) powered SOC service that DigitalXRAID provides.
Looking to the future, DigitalXRAID is supporting the port operating company with use case development and engineering for optimisation and reduction of false positive alerts and working with its OT specialists for extended visibility of its OT network.
Protect Your Business & Your Reputation.
With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.
