Mon, Mar 18, 2024
Elevating a Housing Association’s Security Posture with Managed XDR for Microsoft
As one of the largest housing associations in the UK, Southern Housing was concerned about being targeted due to a sharp increase in cyberattacks on its industry. The organization also needed to broaden its defenses in response to the shift to remote and hybrid working. By delivering enhanced threat visibility and complete response, Kroll Responder managed detection and response has enabled Southern Housing to maximize its technology investment while also assuring the security of its IT infrastructure and assets.
Overview
Industry
- Social housing
Challenges
- Immature security posture
- Lack of specialist in-house security expertise
- Lack of time for key security operations center (SOC) activities
Kroll Services
- Kroll Responder Managed XDR for Microsoft
Impact
- Extensive threat visibility
- Swifter threat identification and shutdown
- Enhanced cyber resilience
The Challenge
Southern Housing identified its security posture was not mature enough to respond to the steep rise in threats impacting its industry, such as business email compromise (BEC) attacks. Its risk profile had also changed because of the trend toward remote or hybrid working following the 2020 pandemic lockdown. As well as lacking the time to undertake key SOC activities, such as monitoring, investigating and responding to alerts, Southern Housing recognized that its in-house security skills were not fully aligned with its changing priorities. The housing association also needed additional expert oversight of its security processes.
The Solution
Kroll completed the migration from Southern Housing’s legacy security stack to the Kroll Responder MXDR for Microsoft service, from planning and installation through to configuration and handover. Once this was complete, Kroll highlighted where the most important use cases were and identified the noise created by false-positives, helping to focus threat detection efforts on relevant threat activity, bring costs down and streamline incident reporting.
Kroll’s Responder managed Extended Detection and Response (XDR) service now provides 24x7 monitoring, investigation and response for Southern Housing, leveraging Microsoft Defender 365 and Microsoft Sentinel. The service ingests and analyzes data from Defender for Endpoint, Defender for Cloud Apps, Defender for Cloud, Defender for Identity, and Defender for Office 365, as well as third-party endpoint, email and cloud data sources.
A critical value-add of the migration process for Southern Housing was the ability to see Kroll’s MITRE ATT&CK mapping. Along with enhancing reporting, this enabled Southern Housing’s security team to more easily identify how to better use MITRE ATT&CK mapping to understand which threat tactics and techniques to focus their efforts on and which use cases to prioritize in Sentinel and Defender.
Kroll is always on hand to help with identifying whether an issue is a potential concern that needs to be investigated further. Southern Housing also benefits from regular quarterly meetings with Kroll for updates on the latest threat detection and response trends and emerging issues affecting its particular threat landscape.
“Kroll provides us with a critical second set of eyes. They ensure we’re taking the right steps to achieve improved security. Kroll’s threat hunters and experts give us invaluable insights by looking into the wider security landscape.” – Kerri Slaney, Senior IT Security Operations Manager, Southern Housing
The Impact
Comprehensive Threat Visibility
Kroll takes telemetry from Microsoft Defender 365 product suite to identify, close and neutralize threats, working with Southern Housing’s security team for remediation activity for full coverage and deep insight of its environments. Because Kroll Responder is highly user-friendly, Southern Housing’s security team can easily identify key details, and ensure that nothing is missed when they do need to carry out a further investigation.
Security Telemetry Unified Across the Microsoft Security Stack
Southern Housing benefits from faster and more effective identification and shutdown of threats through Kroll’s capacity to unify security telemetry across the Microsoft Defender stack, along with any third-party EDR, network, cloud and Software as a Service (SaaS)providers, across the Microsoft ecosystem.
Actionable Security Intelligence
Southern Housing now has peace of mind that the risk of security incidents is minimized and managed through Kroll Responder’s custom rules in combination with Kroll’s centralized network, directly derived from frontline IR investigations. This is further enhanced through regular updates with insights drawn from Kroll’s wide range of cyber functions and status as the world’s No. 1 provider.
Expert Security Guidance
The 24x7 support provided through Kroll Responder frees up Southern Housing’s security team to focus on educating internal teams. They also have direct access to Kroll’s global team of SOC analysts, giving them the advantage of personalized, expert support. With Kroll always at hand to provide assurance or to confirm whether an alert signifies a genuine threat or a false-positive, Southern Housing benefits from the peace of mind of having a second set of eyes on its entire Microsoft estate.
Explore the extensive capabilities of Kroll Responder MDR for Microsoft.
Kroll Responder MDR for Microsoft Security
Kroll Responder managed detection and response for Microsoft delivers enriched telemetry, frontline threat intelligence and Complete Response capabilities to maximize the value of your native endpoint and cloud technology.
Kroll Responder MDR
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
24/7 Managed SIEM Services
Detect and shut down threats faster with Managed Security Information and Event Management (SIEM) management from Kroll. Gain true insight into threats with real-time threat monitoring for visibility of security events throughout your organization’s network.
