{"id":100980,"date":"2021-11-15T11:00:43","date_gmt":"2021-11-15T19:00:43","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=100980"},"modified":"2024-09-12T13:51:03","modified_gmt":"2024-09-12T20:51:03","slug":"how-open-systems-uses-microsoft-tools-to-improve-security-maturity","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/15\/how-open-systems-uses-microsoft-tools-to-improve-security-maturity\/","title":{"rendered":"How Open Systems uses Microsoft tools to improve security maturity"},"content":{"rendered":"

This blog post is part of the Microsoft Intelligent\u00a0Security Association\u00a0guest blog series<\/a>.\u00a0Learn more about MISA<\/a>.<\/em><\/p>\n

We\u2019ve all seen it happen\u2014an organization has all the top-notch security tools in place and still, they get breached. In today\u2019s rapidly evolving threat landscape, complexity leads to vulnerability. With so many tools to monitor, it\u2019s easy for even the best security operations center (SOC) to get overwhelmed by non-actionable alerts1<\/sup> and hampered by insufficient personnel to secure a growing digital estate. Research on \u201csecurity tool sprawl\u201d shows that, on average, organizations run 25 to 49 security tools from up to 10 different vendors.2<\/sup> In a time of rising cyber attacks,3<\/sup> the gaps left between mismatched or poorly implemented IT and security tools can make it impossible to establish a high-maturity security program.<\/p>\n

Managed services to simplify security<\/h2>\n

Open Systems\u2019 award-winning Managed Detection and Response<\/a> (MDR) executes repeatable security missions that protect enterprises in real-time and levels up their security posture for tomorrow. The company\u2019s customers are typically mid-market organizations\u2014enterprise or small-to-medium corporations (SMC)\u2014that are looking for all-day threat detection and response but also aspire to improve their security posture and resilience against attack. Open Systems noticed that many of these customers lean heavily on Microsoft for IT and cloud infrastructure, and can unlock the value of these investments to consolidate and operationalize their security tools. Open Systems accomplishes this by providing a Microsoft Azure cloud-native Managed Detection and Response (MDR) service built for Microsoft Sentinel<\/a> (formerly known as Microsoft Azure Sentinel), Microsoft Security<\/a> best practices, and Microsoft 365 E5<\/a> (M365 E5).<\/p>\n

As a six-time Gold Partner, Open Systems enables Microsoft customers to get more insights from their Microsoft Security tools, and to better grasp their attack surface. The company\u2019s use of Microsoft\u2019s cloud native security information event management (SIEM) and security orchestration automated response (SOAR) capabilities help deliver stronger signal fidelity through machine learning threat modeling\u2014delivering the actionable results Open Systems\u2019 customers need to remain confident in their security every day. Even better, customers can often achieve this level of security using the Microsoft investments they\u2019ve already made. And by integrating with Open Systems\u2019 MDR, they get peace of mind by delegating detection and response to Microsoft-certified SOC analysts and threat hunters, helping contain threats early in the kill chain.<\/p>\n

\"Open<\/p>\n

Figure 1: Open Systems’ MDR integration with Microsoft.<\/em><\/p>\n

Open Systems\u2019 approach<\/h2>\n

As a Microsoft Advanced Threat Protection Specialization certified partner, Open Systems focuses on three critical pillars for their MDR solution: mission-driven processes, a mission-ready platform, and Microsoft-certified experts.<\/p>\n

Because the stakes are so high, the service is run like NASA Mission Control, using mission-driven processes to deliver repeatable and predictable outcomes that ensure fast detection and remediation of threats. These mission-driven processes have been honed for over 20 years with scientific rigor to bridge IT and security silos for optimal performance and resilience against attack. This allows Open Systems to deliver outcomes not alerts, greater business value, and out-of-this-world customer satisfaction.<\/p>\n

Complementing these mature processes is the mission-ready platform at the heart of Open Systems\u2019 services. This cloud-native platform weaves security into the fabric of an organization\u2019s infrastructure, eliminating the need to stitch together multiple-point security products and the associated complexity. Managed from a \u201csingle pane of glass,\u201d the platform also helps organizations realize the full value of their Microsoft infrastructure and that of their existing Microsoft security products.<\/p>\n

The company\u2019s four globally distributed SOCs follow the sun, with experts working from Europe, the United States, and Asia. Each of Open Systems\u2019 DevSecOps<\/a> engineers and security analysts has completed 400 hours of hands-on training and passed rigorous certification testing before servicing customers. They are armed with machine learning-powered high fidelity detection leveraging Microsoft Sentinel runbooks to ensure they can detect threats and make critical decisions fast and accurately.<\/p>\n

Leveraging Microsoft<\/h2>\n

Scalability and enabling customers to retain their data are key aspects of the MDR service, both of which are achieved with Microsoft Sentinel and Microsoft Azure Lighthouse<\/a>. Open Systems engaged with Microsoft in the early days of Microsoft Sentinel, working with their product teams and early customers to create a solution that runs in the customer tenant. Microsoft Defender for Endpoint<\/a> absorbs signals, then contains threats as part of the automated response. Open Systems also leverages Microsoft Sentinel’s SOAR capabilities by writing managed runbooks that automatically contain and shut down threats early.<\/p>\n

The service uses Azure Lighthouse to operate things\u2014run queries, integrate different log sources, and more. Credible threats are inspected by Open Systems\u2019 engineers and co-managed as needed with the customer. In this way, Open Systems\u2019 MDR service and Microsoft Security don\u2019t just integrate, they feed off each other to deliver better results. As one of our customers<\/a> put it:<\/p>\n

“We’re experiencing exceptional support from Open Systems. They not only help us contain costs and manage Azure, but their engineers, adaptable SASE+ platform, and managed runbooks contain threats before they spread throughout the network,”<\/em> said James Tsang, Systems Manager, College of Southern Nevada.<\/p><\/blockquote>\n

Managed security leads to $2.5 million in savings<\/h2>\n

A publicly traded clinical research organization came to Open Systems for help streamlining their security architecture. They wanted to move away from siloed third-party systems that created too much complexity, too many vulnerabilities, and drove up costs. They needed a cloud platform to provide the accessibility and service necessary to protect their offices worldwide and their hybrid and remote workers. Open Systems partnered with Microsoft and demonstrated how Microsoft 365 E5 and Microsoft Sentinel could work together to help improve the company\u2019s compliance, data protection, and security posture.<\/p>\n

The Open Systems team also identified opportunities to replace legacy monitoring tools with Microsoft Azure Monitor<\/a> and consolidate compliance and security data onto Microsoft Azure Log Analytics<\/a>, helping reduce the number of suppliers and reduce costs. Together with Microsoft, Open Systems performed a cloud readiness and economic assessment using the company\u2019s real-world costs\u2014learning that the Azure implementation would result in $2.5 million annual savings<\/strong> by eliminating existing applications and unnecessary data centers.<\/strong> Moreover, optimizing Microsoft 365 E5 eliminated the need for several of the company\u2019s existing tools, resulting in additional annual savings of $400,000<\/strong>.<\/p>\n

\"The<\/p>\n

Figure 2: Azure Monitor.<\/em><\/p>\n

MISA membership<\/h2>\n

Cybersecurity is a high-trust business: trust in technology, trust in services, and trust in the partnership you have with your security vendor. Most of Open Systems customers come to the company through word-of-mouth references; many customers have worked with the company for years. Open Systems joined the Microsoft Intelligent Security Association<\/a> (MISA) in July 2020 as part of the managed security service providers (MSSP) pilot. Being a MISA member gives Open Systems customers trust that the company can integrate its technologies with their existing Microsoft products, both on-premises and in the cloud. Customers want leadership, and alignment with Microsoft solutions they are investing in. Some of the company\u2019s other \u2018wow\u2019 moments since joining MISA include:<\/p>\n