\u201cBeing at the helm of a critical piece of infrastructure, we have a huge responsibility towards our partners and clients. That\u2019s why safety and security are crucial elements of what we do and how we operate.\u201d<\/p>\n
Mikke Maronen, CISO at Finnish railway company VR Group, is talking about the importance of protecting his business from cyber threats to both maintain public trust and run operations seamlessly.<\/p>\n
A government-owned company that operates autonomously, VR Group has seen the number of these threats increase over the past few years \u2013 particularly since shifting to a multi-cloud environment for its IT infrastructure has changed its attack surface. \u201cA few years ago, we decided to adopt a cloud-mainly approach but since then, cyber threats have been on the rise, leaving companies more exposed than ever,\u201d he says.<\/p>\n
\u201cThis increased exposure made us realize that if we wanted to secure the network to the highest of standards, we had to have some kind of tool that could help us deal with these threats promptly.\u201d<\/p>\n
This has led them to two Microsoft security solutions – Microsoft 365 Defender XDR and Azure Sentinel. Their combined implementation, which was facilitated by Microsoft partner Accenture Security, is providing VR Group with a centralized view of its multi-cloud platform \u2013 leading to reduced manual work, streamlined processes and greater control of its infrastructure.<\/p>\n
\u201cHacker activities have been on the rise particularly since COVID-19, so network visibility is crucial for us,\u201d he says. \u201cThat\u2019s why Microsoft\u2019s two solutions are now the most important part of our cybersecurity strategy.\u201d<\/p>\n
<\/p>\n
Headquartered in Helsinki, VR Group runs more than 59.5 million train journeys per year. The company employs some 6,000 people and runs both passenger and freight services.<\/p>\n
A key sustainability player in Finland, VR Group prides itself on its progressive values. \u201cWe\u2019ve been active for almost 160 years,\u201d says Markus Niskanen, Head of IT Architecture. \u201cWe used to be a very traditional company, but we\u2019ve changed a lot in recent times, and we are now much more innovative.\u201d<\/p>\n
Having been at VR Group for nearly 15 years, Maronen experienced this evolution first-hand. \u201cOver the past decade, there has been a big cultural change within the company, especially from an IT perspective,\u201d he says. \u201cThis came from the realization that our traditional way of operating wasn\u2019t working anymore.\u201d<\/p>\n
Faced with a need to modernize, the company decided to migrate most of its IT infrastructure to a multi-cloud environment, and adopt a cloud-mainly strategy. \u201cThis gave us a lot more flexibility, a reduction in operational costs and an environment that was much easier to maintain,\u201d he adds. \u201cBut it also brought a new type of security requirements.\u201d<\/p>\n
\u201cThat forced us to rethink our cybersecurity strategy and find a solution that would help better monitor the network.\u201d<\/p>\n
<\/p>\n
As they turned to Microsoft for support, VR Group needed a cloud identity service that would give them enhanced visibility and generate automated alerts on suspicious activity throughout the network.<\/p>\n
Microsoft 365 Defender \u2013 an extended detection and response solution – was a perfect fit. By combining Microsoft 365\u2019s productivity apps with advanced security, compliance, and analytical capabilities, Microsoft 365 Defender monitors and detects key parts of the infrastructure. These include identity and endpoint security, emails and applications.<\/p>\n
\u201cThis was the solution that best suited us, and it currently represents the very core of our cloud identity services,\u201d comments Markus Niskanen. \u201cWe now have much greater trust in our detection and prevention capabilities as a result of it.\u201d<\/p>\n
But this was just the starting point of VR Group\u2019s security upgrades. And the company soon decided that in order to better protect its network, it needed to centralize all Microsoft alerts into one place. \u201cBack then, Azure Sentinel was available in its Beta version,\u201d he continues. \u201cWe looked into it and realized that it ticked all of our boxes.\u201d<\/p>\n
A cloud-native security information and event manager (SIEM), as well as security orchestration, automation and response (SOAR) solution, Sentinel uses AI to analyze large volumes of data. This allows to monitor firewall and network traffic and Microsoft 365.<\/p>\n
According to Niskanen, this is exactly what VR Group needed: \u201cWe carried out some tests on our network to see if it could fit and it quickly turned out to work great for us,\u201d he adds.<\/p>\n
<\/p>\n
Microsoft partner Accenture supervised the adoption and rollout of Sentinel across VR Group\u2019s infrastructure.<\/p>\n
\u201cWe were responsible for the deployment and integration of Sentinel, plus the planning of processes,\u201d says Petrus Koskinen, Security Senior Manager at Accenture Security. \u201cBut our cooperation went beyond just getting the technology to work: this was a completely new solution for VR Group, so we were there to help them adjust to it.\u201d<\/p>\n
A key factor in achieving this \u2013 especially after the rollout \u2013 was the launch of training programs that educated the workforce on how to handle and respond to alerts. As Maronen explains, this initiative has proved largely successful over the past year.<\/p>\n
\u201cWe have a cybersecurity training program through which we help our teams get familiar with these technologies\u201d he says. \u201cSo, every week we hold cybersecurity meetings whereby we talk to our colleagues, go through the alerts they have spotted and help them resolve them.<\/p>\n
\u201cWhen we started this a year ago, we had almost hundred open alerts that needed to be addressed at every meeting. The last time I checked, there was none \u2013 a clear sign that people are learning.\u201d<\/p>\n
<\/p>\n
VR Group is now enjoying the benefits of having Sentinel\u2019s additional monitoring and detecting layer on top of \u00a0Microsoft 365 Defender. Their combination is giving them a broader, more comprehensive view of the network, as well as the ability to protect it more efficiently than ever.<\/p>\n
\u201cWhen it comes to security, having a tool that logs all information from different sources and then knows how to react to it is essential,\u201d says Niskanen. \u201cAnd that is what Sentinel does for us, working as the foundation of our security operations that we can expand and improve based on our needs.\u201d<\/p>\n
And there is a lot more that VR Group is interested in doing. \u201cWe have a set of firewall logs already in place, but our next project will probably be to identify the processes around them and figure out what other logs we can implement,\u201d he continues.<\/p>\n
Most of all, adds Maronen, significant focus will be put into using Sentinel to automate alerts, processes and more. \u201cWe have just scratched the surface of what automation can do,\u201d he says. \u201cOn our Sentinel side we currently have some limits and I think there is a lot of need for us to open our doors to automation and get more alerts.<\/p>\n
\u201cBut overall, Sentinel has opened up new possibilities for us, giving our IT security infrastructure the visibility that we wanted.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"
\u201cBeing at the helm of a critical piece of infrastructure, we have a huge responsibility towards our partners and clients. That\u2019s why safety and security are crucial elements of what we do and how we operate.\u201d Mikke Maronen, CISO at Finnish railway company VR Group, is talking about the importance of protecting his business from […]<\/p>\n","protected":false},"author":792,"featured_media":535039,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"class_list":["post-535018","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","specials-work-productivity-en","verticalIndustries-government-en","stories-how-can-i-work-secure","stories-working-secure-en","businessPriorities-modern-workplace"],"_links":{"self":[{"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/posts\/535018"}],"collection":[{"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/users\/792"}],"replies":[{"embeddable":true,"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/comments?post=535018"}],"version-history":[{"count":6,"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/posts\/535018\/revisions"}],"predecessor-version":[{"id":540898,"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/posts\/535018\/revisions\/540898"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/media\/535039"}],"wp:attachment":[{"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/media?parent=535018"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/categories?post=535018"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}