SWC Automates Security for Midsize Customers with Azure Sentinel

October 3, 2019   //   News

Based in Chicago, SWC Technology Partners offers midsized companies bespoke IT solutions that help customers increase revenue, automate processes, and manage information security, continuity, and compliance so they can reduce costs through automation and lower business risk.

The SWC managed-defense solution is built on Microsoft Defender Advanced Threat Protection and uses Microsoft Azure to help automate key processes. SWC wanted to extend its offerings to cloud-based security information and event management (SIEM) that could interoperate with other security tools, accelerate attack response, and remediate potential threats.

Now SWC uses Microsoft Azure Sentinel and Azure Security Center in tandem to help itself and its customers better safeguard their entire IT infrastructures and reduce attack response from hours to just seconds. SWC uses Azure Sentinel as a central, cloud-based hub for security-related data, internally and for customers. It pulls Security Center data into Azure Sentinel to develop a holistic security picture of the entire IT infrastructure, reduce vulnerability, and operationalize an overall security program.

“With Microsoft threat intelligence built into Azure Sentinel, we’ve improved our reaction time to threats and attacks. What used to take hours, we now get done in minutes.”

-Ric Opal, Principal at SWC Technology Partners, a BDO USA LLP company.

Quicker, easier, and cheaper SIEM

Previously, SWC tried to gather and incorporate security information and event data manually, but when teams tried to analyze activity logs for suspicious behavior, they could only run a handful of queries. “Since we started using Azure Sentinel, we can run up to 30 different activity log queries to detect signs of a breach,” says Joseph Beczak, Experienced Manager at SWC. “That saves time and money, and with native integration already built into Azure Sentinel, it’s quicker, easier, and cheaper for us to deliver the benefits of a cloud-based SIEM to our customers.”

In early testing, SWC reduced response times from hours to seconds. After testing, the company worked to orchestrate notification and alert procedures, then implemented automated threat detection and response. With the orchestration and automation capabilities in Azure Sentinel, SWC and its customers can take action faster, without the typical lag time between notification and the active remediation of an attack.

Cloud-based SIEM for SWC—and its customers

SWC expects this kind of response time will be game-changing for its midsized customers, and it anticipates that they will enjoy more effective responses as well.

And with comprehensive network visibility and threat analytics in Azure Sentinel, SWC and its customers can remediate attacks faster and more effectively, and then more easily identify and block future threats. “Normally, a business may not see an attack until something really visible happens, like a compromised account sending out spam,” says Beczak. “By then, customer data could have been compromised for weeks. With Azure Sentinel, we can help them protect against the invisible threats as well. That’s more value we can offer our customers.”

Enterprise-grade security—for less than expected

With Azure Sentinel, SWC has cut in half the time it takes to investigate, review, and remediate a threat for a customer. But malicious actors continue to build and maintain inexpensive but sophisticated systems. With the advanced automation, intelligence, analytics, and machine learning capabilities built into Azure Sentinel, SWC helps its customers maintain the advantage now and into the future. By automating security processes, SWC improves its margins because it can take on more customers without more security staff.

“With elastic cloud security tools like Azure Sentinel and Security Center, coupled with the threat telemetry and everything else that Microsoft delivers, we can help our customers keep ahead of increasingly agile hackers,” says Opal. “We use Azure to deliver on our brand promise to help midsize businesses compete with larger businesses—and build enterprise-grade security at a fraction of the cost they might expect.”

“With native integration already built into Azure Sentinel, it’s quicker, easier, and cheaper for us to deliver the benefits of a cloud-based SIEM to our customers.”

-Joseph Beczak, Experienced Manager at SWC Technology Partners, a BDO USA LLP company.

To view the full story from Microsoft, click here