Patch me if you can: Cyberattack Series
The Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment.
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA.
We’ve all seen it happen—an organization has all the top-notch security tools in place and still, they get breached. In today’s rapidly evolving threat landscape, complexity leads to vulnerability. With so many tools to monitor, it’s easy for even the best security operations center (SOC) to get overwhelmed by non-actionable alerts1 and hampered by insufficient personnel to secure a growing digital estate. Research on “security tool sprawl” shows that, on average, organizations run 25 to 49 security tools from up to 10 different vendors.2 In a time of rising cyber attacks,3 the gaps left between mismatched or poorly implemented IT and security tools can make it impossible to establish a high-maturity security program.
Open Systems’ award-winning Managed Detection and Response (MDR) executes repeatable security missions that protect enterprises in real-time and levels up their security posture for tomorrow. The company’s customers are typically mid-market organizations—enterprise or small-to-medium corporations (SMC)—that are looking for all-day threat detection and response but also aspire to improve their security posture and resilience against attack. Open Systems noticed that many of these customers lean heavily on Microsoft for IT and cloud infrastructure, and can unlock the value of these investments to consolidate and operationalize their security tools. Open Systems accomplishes this by providing a Microsoft Azure cloud-native Managed Detection and Response (MDR) service built for Microsoft Sentinel (formerly known as Microsoft Azure Sentinel), Microsoft Security best practices, and Microsoft 365 E5 (M365 E5).
As a six-time Gold Partner, Open Systems enables Microsoft customers to get more insights from their Microsoft Security tools, and to better grasp their attack surface. The company’s use of Microsoft’s cloud native security information event management (SIEM) and security orchestration automated response (SOAR) capabilities help deliver stronger signal fidelity through machine learning threat modeling—delivering the actionable results Open Systems’ customers need to remain confident in their security every day. Even better, customers can often achieve this level of security using the Microsoft investments they’ve already made. And by integrating with Open Systems’ MDR, they get peace of mind by delegating detection and response to Microsoft-certified SOC analysts and threat hunters, helping contain threats early in the kill chain.
Figure 1: Open Systems’ MDR integration with Microsoft.
As a Microsoft Advanced Threat Protection Specialization certified partner, Open Systems focuses on three critical pillars for their MDR solution: mission-driven processes, a mission-ready platform, and Microsoft-certified experts.
Because the stakes are so high, the service is run like NASA Mission Control, using mission-driven processes to deliver repeatable and predictable outcomes that ensure fast detection and remediation of threats. These mission-driven processes have been honed for over 20 years with scientific rigor to bridge IT and security silos for optimal performance and resilience against attack. This allows Open Systems to deliver outcomes not alerts, greater business value, and out-of-this-world customer satisfaction.
Complementing these mature processes is the mission-ready platform at the heart of Open Systems’ services. This cloud-native platform weaves security into the fabric of an organization’s infrastructure, eliminating the need to stitch together multiple-point security products and the associated complexity. Managed from a “single pane of glass,” the platform also helps organizations realize the full value of their Microsoft infrastructure and that of their existing Microsoft security products.
The company’s four globally distributed SOCs follow the sun, with experts working from Europe, the United States, and Asia. Each of Open Systems’ DevSecOps engineers and security analysts has completed 400 hours of hands-on training and passed rigorous certification testing before servicing customers. They are armed with machine learning-powered high fidelity detection leveraging Microsoft Sentinel runbooks to ensure they can detect threats and make critical decisions fast and accurately.
Scalability and enabling customers to retain their data are key aspects of the MDR service, both of which are achieved with Microsoft Sentinel and Microsoft Azure Lighthouse. Open Systems engaged with Microsoft in the early days of Microsoft Sentinel, working with their product teams and early customers to create a solution that runs in the customer tenant. Microsoft Defender for Endpoint absorbs signals, then contains threats as part of the automated response. Open Systems also leverages Microsoft Sentinel’s SOAR capabilities by writing managed runbooks that automatically contain and shut down threats early.
The service uses Azure Lighthouse to operate things—run queries, integrate different log sources, and more. Credible threats are inspected by Open Systems’ engineers and co-managed as needed with the customer. In this way, Open Systems’ MDR service and Microsoft Security don’t just integrate, they feed off each other to deliver better results. As one of our customers put it:
“We’re experiencing exceptional support from Open Systems. They not only help us contain costs and manage Azure, but their engineers, adaptable SASE+ platform, and managed runbooks contain threats before they spread throughout the network,” said James Tsang, Systems Manager, College of Southern Nevada.
A publicly traded clinical research organization came to Open Systems for help streamlining their security architecture. They wanted to move away from siloed third-party systems that created too much complexity, too many vulnerabilities, and drove up costs. They needed a cloud platform to provide the accessibility and service necessary to protect their offices worldwide and their hybrid and remote workers. Open Systems partnered with Microsoft and demonstrated how Microsoft 365 E5 and Microsoft Sentinel could work together to help improve the company’s compliance, data protection, and security posture.
The Open Systems team also identified opportunities to replace legacy monitoring tools with Microsoft Azure Monitor and consolidate compliance and security data onto Microsoft Azure Log Analytics, helping reduce the number of suppliers and reduce costs. Together with Microsoft, Open Systems performed a cloud readiness and economic assessment using the company’s real-world costs—learning that the Azure implementation would result in $2.5 million annual savings by eliminating existing applications and unnecessary data centers. Moreover, optimizing Microsoft 365 E5 eliminated the need for several of the company’s existing tools, resulting in additional annual savings of $400,000.
Figure 2: Azure Monitor.
Cybersecurity is a high-trust business: trust in technology, trust in services, and trust in the partnership you have with your security vendor. Most of Open Systems customers come to the company through word-of-mouth references; many customers have worked with the company for years. Open Systems joined the Microsoft Intelligent Security Association (MISA) in July 2020 as part of the managed security service providers (MSSP) pilot. Being a MISA member gives Open Systems customers trust that the company can integrate its technologies with their existing Microsoft products, both on-premises and in the cloud. Customers want leadership, and alignment with Microsoft solutions they are investing in. Some of the company’s other ‘wow’ moments since joining MISA include:
As Mandana Javaheri, Global Director, Cybersecurity Solutions Group at Microsoft Corp put it in Open Systems’ press release, “MISA members are the cybersecurity industry leaders, unified by the common goal of helping secure our customers by offering their own valuable expertise and making the association more effective as it expands.”
Want to learn more? Check out Open Systems’ Managed Detection and Response solution in the Azure Marketplace or visit the Open Systems’ Microsoft Solutions page.
To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
16 strategies to reduce cybersecurity alert fatigue in your SOC, Innocent Wafula, Microsoft Security, Microsoft. 17 February 2021.
2Too many security tools can be as bad as too few, Taylor Armerding, Security Boulevard. 14 August 2020.
3Why ransomware attacks are on the rise — and what can be done to stop them, Lynsey Jeffery, Vignesh Ramachandran, PBS. 8 July 2021.