Case Study – Migration to Microsoft Azure and Office 365 - fully secured by a 24/7 managed detect and response service and continuous security posture improvements
Compre Group is a European insurance & reinsurance legacy specialist with over 30 years’ experience in the acquisition and management of non-life legacy portfolios. The organisation operates from multiple locations including London, Malta, Helsinki, Hamburg, Zurich and the US. Currently most of the staff are based in London with smaller locations in Helsinki and Malta, with home workers in Zurich and the US.
Compre were about to initiate a Business Development Strategy in order to sustain the anticipated growth of the Business, increasing its headcount with Malta becoming the Group location and service centre. Therefore, the current mode of IT operations required streamlining to meet the evolving needs of the business. Project Advance, the programme of works to ensure the IT infrastructure met the current and future demands, was initiated to address the gaps identified.
Project Advance – Blueprint for an Intelligent Enterprise
iSYSTEMS was initially engaged to conduct an in-depth discovery and assessment of Compre’s existing Infrastructure and technological estate. The current mode of operation (CMO) was documented, and risks and potential impediments impacting both current service and the successful realisation of the Business Development were identified. In addition, iSYSTEMS highlighted opportunities to increase efficiency and reduce cost within the IT Operations function.
iSYSTEMS proposed a new target mode of operation (TMO) to move all services into the Microsoft Azure Cloud, building a resilient, dynamic service underpinning the current business capabilities as well as future growth and business development.
Managed Service and Continuous Improvement
iSYSTEMS agreed a 3-year contract to support and manage Compre’s physical and virtual environment, including responding to staff service requests globally. As part of the managed service all servers are continuously patched on a monthly basis, including Intune updates and software releases completed each month.
All users were migrated to Office365, with all devices from all sites joined to the Azure domain. This enables iSYSTEMS to centrally manage all AV/Patch management and software distribution across the estate using Intune and Autopilot.
This involves designing and implementing Intune and Autopilot, as well as enrolling devices into Intune, including Intune compliance, configuration profiles, endpoint security and application policies created for Windows and MAC devices, enrolling into Intune for MDM.
- Fully automated via Autopilot, using Windows Hello and certificates enabling SSO to corporate Wi-Fi
- Configured Windows update rings and hybrid setup enabling on premise endpoints to be part of the Windows 10 Update rings, Group Policies and Security Policies
- Application deployments configured for third party applications
- Defender ATP deployment and configuration
- Conditional Access Policies and Security Baselines
Under the continuous improvement programme, a requirement for a Security Operations and Event Management (SOC & SIEM) service was identified and implemented, and the managed service was extended.
Security Operations and Event Management
To improve the security footprint and minimise the threat of a cyber security incident, iSYSTEMS introduced a Managed Detect and Response (MDR) service with a full SOC wrap around to respond to the security alerts 24/7. The monitoring is carried out across all physical devices, networks, cloud infrastructure and services. The MDR service collates events from the entire estate and a ticket is raised or a phone call made in the event of a security event depending upon the seriousness of the situation. The SOC service also includes an extended threat intelligence tool that provides an early warning system by monitoring Compre’s External surface management, scanning the dark web and providing digital risk protection services.
- Installation of a physical sensor in all sites with built in IDS (London, Malta, Helsinki, Connecticut, and Bermuda) to monitor all North to South Traffic.
- Connectors into all security systems
- Log retention for 1 year to adhere to compliance
- Deployment of an agent to all servers and desktops for additional MDR logging information
- Monitoring of all DNS/AD logs
- Additional Monitoring of VIP users and groups
- Integration of the MDR to the Service desk to triage and respond to security alerts 24/7
- Extended threat intelligence tool deployed with monitoring and alerting in real time for External Attack Surface Management, Cyber Threat Intelligence Platform and Digital Risk protection Service
Impact and Results
Following the completion of project advance by iSYSTEMS, Compre Group began to see significant improvements in performance, availability, and customer satisfaction.
The new TMO proposed by iSYSTEMS included moving away from the current managed service provider in its entirety, migrating all services to the Azure Cloud with iSYSTEMS providing a fully managed service. This involved the following:
- Building out new or migrating all existing servers from on-prem into the Azure cloud
- For data protection the servers are now backed up using Azure backup with Site Recovery used for DR purposes
- Improved performance by expanding the RDS Farm with separate RD Web & Gateway, RD Broker Service o Having separate RD Web & Gateway servers enabled the secure environment to publish RemoteApps instead of full desktop access
- All Compre Group devices from all sites were joined to the Azure domain enabling iSYSTEMS to centrally manage all AV/Patch management and software distribution across the estate using Intune
- The elimination of security blind spots with full visibility across the entire estate
- 24/7 monitoring and responding to alerts
- Reduced security alerts from 40 a week to approx. 4-6 by improving security and surpassing false alerts
- No need to access multiple administration portals to address security alerts, with all relevant security alerts being within the singular MDR portal
- Improved Conditional Access policies based on security alerts, enhancing the Zero trust posture
- Regular service reviews with the MDR concierge service to improve the security posture, having a ‘second set of eyes’ to highlighting any gaps. Having AD, DNS and security assessments amongst many others built into the service
- Auditing improvements – With log retention for 1 year and excellent data exploration capabilities
- Easy to understand weekly reports – Covering Azure/O365 and Security incidents
- The extended threat intelligence tool detected that a phishing domain had been created, via the threat intelligence tool we were able to initiate a domain takedown, which resulted in the domain being brought down within just a few hours
By utilising the iSYSTEMS Managed Service, Compre Group receives a customised solution to fit its long-term needs: Remote monitoring, maintenance, and management of IT infrastructure, supporting all critical business applications such as Email, Networking and Telecom Remote and on-site user support from certified technicians.
With a team of consultants providing the depth and breadth of skills needed to support Compre Group, the iSYSTEMS Managed Services is a cost-effective rapid response solution. With iSYSTEMS handling the day-to-day management and maintenance of its IT and cyber security operations, Compre Group can focus on its core business functions.