How VR Group is using automation to secure Finland’s railways

Johanna Winqvist

Johanna Winqvist

Microsoft, Modern Workplace

Read Time, 6 min.

“Being at the helm of a critical piece of infrastructure, we have a huge responsibility towards our partners and clients. That’s why safety and security are crucial elements of what we do and how we operate.”

Mikke Maronen, CISO at Finnish railway company VR Group, is talking about the importance of protecting his business from cyber threats to both maintain public trust and run operations seamlessly.

A government-owned company that operates autonomously, VR Group has seen the number of these threats increase over the past few years – particularly since shifting to a multi-cloud environment for its IT infrastructure has changed its attack surface. “A few years ago, we decided to adopt a cloud-mainly approach but since then, cyber threats have been on the rise, leaving companies more exposed than ever,” he says.

“This increased exposure made us realize that if we wanted to secure the network to the highest of standards, we had to have some kind of tool that could help us deal with these threats promptly.”

This has led them to two Microsoft security solutions – Microsoft 365 Defender XDR and Azure Sentinel. Their combined implementation, which was facilitated by Microsoft partner Accenture Security, is providing VR Group with a centralized view of its multi-cloud platform – leading to reduced manual work, streamlined processes and greater control of its infrastructure.

“Hacker activities have been on the rise particularly since COVID-19, so network visibility is crucial for us,” he says. “That’s why Microsoft’s two solutions are now the most important part of our cybersecurity strategy.”


A century-old company with a modern vision

Headquartered in Helsinki, VR Group runs more than 59.5 million train journeys per year. The company employs some 6,000 people and runs both passenger and freight services.

A key sustainability player in Finland, VR Group prides itself on its progressive values. “We’ve been active for almost 160 years,” says Markus Niskanen, Head of IT Architecture. “We used to be a very traditional company, but we’ve changed a lot in recent times, and we are now much more innovative.”

Having been at VR Group for nearly 15 years, Maronen experienced this evolution first-hand. “Over the past decade, there has been a big cultural change within the company, especially from an IT perspective,” he says. “This came from the realization that our traditional way of operating wasn’t working anymore.”

Faced with a need to modernize, the company decided to migrate most of its IT infrastructure to a multi-cloud environment, and adopt a cloud-mainly strategy. “This gave us a lot more flexibility, a reduction in operational costs and an environment that was much easier to maintain,” he adds. “But it also brought a new type of security requirements.”

“That forced us to rethink our cybersecurity strategy and find a solution that would help better monitor the network.”


From M365 Defender to Sentinel’s centralized alerts system

As they turned to Microsoft for support, VR Group needed a cloud identity service that would give them enhanced visibility and generate automated alerts on suspicious activity throughout the network.

Microsoft 365 Defender – an extended detection and response solution – was a perfect fit. By combining Microsoft 365’s productivity apps with advanced security, compliance, and analytical capabilities, Microsoft 365 Defender monitors and detects key parts of the infrastructure. These include identity and endpoint security, emails and applications.

“This was the solution that best suited us, and it currently represents the very core of our cloud identity services,” comments Markus Niskanen. “We now have much greater trust in our detection and prevention capabilities as a result of it.”

But this was just the starting point of VR Group’s security upgrades. And the company soon decided that in order to better protect its network, it needed to centralize all Microsoft alerts into one place. “Back then, Azure Sentinel was available in its Beta version,” he continues. “We looked into it and realized that it ticked all of our boxes.”

A cloud-native security information and event manager (SIEM), as well as security orchestration, automation and response (SOAR) solution, Sentinel uses AI to analyze large volumes of data. This allows to monitor firewall and network traffic and Microsoft 365.

According to Niskanen, this is exactly what VR Group needed: “We carried out some tests on our network to see if it could fit and it quickly turned out to work great for us,” he adds.


The key role of training

Microsoft partner Accenture supervised the adoption and rollout of Sentinel across VR Group’s infrastructure.

“We were responsible for the deployment and integration of Sentinel, plus the planning of processes,” says Petrus Koskinen, Security Senior Manager at Accenture Security. “But our cooperation went beyond just getting the technology to work: this was a completely new solution for VR Group, so we were there to help them adjust to it.”

A key factor in achieving this – especially after the rollout – was the launch of training programs that educated the workforce on how to handle and respond to alerts. As Maronen explains, this initiative has proved largely successful over the past year.

“We have a cybersecurity training program through which we help our teams get familiar with these technologies” he says. “So, every week we hold cybersecurity meetings whereby we talk to our colleagues, go through the alerts they have spotted and help them resolve them.

“When we started this a year ago, we had almost hundred open alerts that needed to be addressed at every meeting. The last time I checked, there was none – a clear sign that people are learning.”


Opening the doors to automation

VR Group is now enjoying the benefits of having Sentinel’s additional monitoring and detecting layer on top of  Microsoft 365 Defender. Their combination is giving them a broader, more comprehensive view of the network, as well as the ability to protect it more efficiently than ever.

“When it comes to security, having a tool that logs all information from different sources and then knows how to react to it is essential,” says Niskanen. “And that is what Sentinel does for us, working as the foundation of our security operations that we can expand and improve based on our needs.”

And there is a lot more that VR Group is interested in doing. “We have a set of firewall logs already in place, but our next project will probably be to identify the processes around them and figure out what other logs we can implement,” he continues.

Most of all, adds Maronen, significant focus will be put into using Sentinel to automate alerts, processes and more. “We have just scratched the surface of what automation can do,” he says. “On our Sentinel side we currently have some limits and I think there is a lot of need for us to open our doors to automation and get more alerts.

“But overall, Sentinel has opened up new possibilities for us, giving our IT security infrastructure the visibility that we wanted.”

Free webinar: Top cybersecurity trends in Europe

Learn about cybersecurity trends in Europe, and solutions to safeguard against them

Discover more related articles per industry:


  • a person sitting on a chair in a room

    Bridging the education gap in challenging times

    Across the globe, teachers, students and parents are dealing with a new reality: how to adapt to an educational environment that has moved from the classroom to the internet. As in many countries, the remote Faroe Islands, more than 300 kilometres off the coast of Scotland in the North Sea, has found the lives of […]

  • A group of students in front of a school

    PCOU Willibrord uses smart automation to define the future of education

    “It’s all about teaching and giving time to the educators, so they can give time to the students. If we can make IT simple, that’s my purpose, my thing.” Peter Schep, ICT Manager at PCOU Willibrord Foundation, explains why he believes efficient IT is central to the learning and development of both educators and students. […]


  • a group of people performing on stage in front of a crowd

    City of Liège: Facilitating decision making in difficult times

    For many organizations, social-distancing measures brought about by COVID-19 have drastically slowed day-to-day operations – and for some, even stopped them altogether. But for local governments across Europe, like the Belgian city of Liège, slowing down hasn’t been an option.  From supporting citizens and businesses to protecting frontline workers, Liège city had to quickly provide stability during this crisis and ensure important decisions could still be made in a democratic […]

  • A woman working with a laptop

    Finnish Tax Administration builds citizens’ trust with a more secure cloud platform

    Learn how Finland’s tax administration is using Azure and Microsoft E5 to safely handle and protect sensitive citizen data.


  • Nurse and patient

    MOB: increasing healthcare workers’ time with their patients using cloud technology

    “Time is the most valuable currency in healthcare. That’s what this technology gives us: more time with our patients.” Fettah Erdal, Senior Administrator at Dutch healthcare provider MOB is talking about the impact that cloud-based technology is having on his organization’s ability to deliver more patient-centred healthcare. “All of our care workers are in the […]

  • NorthWest Clinics building

    Northwest Clinics: A new era in virtual healthcare

    “I am generally quite modest – I don’t like to brag about my achievements too much. But in this case, I want to make an exception. I want to tell the world what we have done.” For Ed de Myttenaere, CIO at Northwest Clinics hospital (Noordwest Ziekenhuisgroep) in the Netherlands, breaking with tradition is becoming increasingly normal. In responding to the COVID-19 outbreak, his team have implemented a virtual consultation solution that has the potential to redefine […]


  • a woman smiling for the camera

    Etex Group: Future-proofing employees to work anywhere across the world

    When COVID-19 spread across Europe in early 2020, businesses entered a new digitally-dependent age. Social distancing measures had asked offices of all shapes and sizes to close their doors, sparking organizations to quickly find other virtual ways for colleagues to meet and collaborate remotely. But for Belgium building material specialist Etex, this was a step they were ready for – having already implemented a cloud-based infrastructure and collaboration tools […]

  • Mais on a sunny day

    COFCO International: How cloud technologies ensured business continuity during challenging times

    “I have worked at COFCO for 12 years, always in an office. But I have spent the last 63 days working from home.” Marcus Seelbach, Chief HR Officer at global agribusiness COFCO International, is talking from his home via video call about the transition he and all his colleagues have undergone since COVID-19 led to the closure of the company’s offices worldwide. “But thanks to the preparation and […]


Discover more related articles per dossier:

Customer Stories

  • A boat in Soderhammns

    Risky, unsecure file sharing inspired this government. Here’s why.

    “This file is too large to send.” We’ve all done it. When time is of the essence, and a large file won’t go where we want it to go, risky public file-transfer methods are suddenly a very appealing option. Security goes out the door in place of convenience. For local governments this creates a systemic […]

Digital Transformation

  • A smiling man wearing glasses looking at the camera

    HUS: sharing data securely to make life-saving decisions

    Illnesses and diseases don’t often play fair – an unfortunate truth that was proved by the COVID-19 outbreak in early 2020, heavily hitting healthcare organizations with challenges the world hadn’t seen in a century. Hospitals needed a rapid response to reduce spreading the virus without affecting patient care. A high-pressure situation for any institution, but […]

Security & Privacy

  • logo

    Why trust is the essential ingredient in healthcare digital transformation.

    My phone had scarcely stopped ringing for weeks. Now it was ringing again. “Veronica,” said the voice at the other end, “we have an idea!” Immediately, I recognized who it was. I’ve known Carlo Tacchetti for almost as long as I’ve been at Microsoft. He’s a professor at the Vita-Salute San Raffaele University and the […]


  • a man in a striped shirt and looking at the camera

    The top 9 ways Microsoft IT is helping its employees to work from home

    From Milan to Puget Sound, tens of thousands of Microsoft employees have begun working from home as a result of the COVID-19 outbreak. Many of our customers have asked us to share the details of how we enable collaboration and remote working for such a large workforce. Here are the nine most important factors from a compliance […]