Privately owned, the Houston-headquartered business has ambitions to grow in the U.S. healthcare, automotive, aerospace, chemical and upstream energy sectors and extend its footprint across North America, Europe, Asia, Australasia and Africa. Safeguarding its customers’ data is essential to achieving its international expansion plans.

Customers demand world-class security

“Our customers are increasingly asking us detailed questions about our security, including disaster recovery and how we’ll respond to severe incidents. We must confidently reassure them that we have enterprise-grade protection in place,” explains Daniel Iturbe, VP of infrastructure, security & compliance at MCi.

“To achieve this, we have implemented rigorous security protocols and business continuity and recovery plans that ensure the safety and confidentiality of our customer’s data. Our team of experts is continuously monitoring and updating these measures to stay ahead of potential threats, Iturbe says.

“We understand that our customers trust us with their sensitive information, and we take that responsibility very seriously. Rest assured, our commitment to providing top-notch security measures is unwavering, and we are always ready to respond swiftly and effectively in any security incident,” he says.

After completing a comprehensive program of preparation internally, MCi was ready to find a cyber security partner to provide a security operations center (SOC) that would match their business needs and meet the high standards of cybersecurity demanded by their customers worldwide.

MCi searched Quorum Cyber online, and a local Microsoft representative assured them they were worth talking to. Founded in 1989, MCi is predominantly in the cloud, and its cloud hosting is 100% provided by Azure. Hence, being a Microsoft-only house and a Microsoft Solutions Partner for Security, Quorum Cyber seemed like a good candidate. However, there were many other companies to assess as well.

Five essential criteria for a long-term partner

MCi took a diligent approach in selecting a long-term cybersecurity partner. They conducted an exhaustive Request for Proposal (RFP) discovery and execution phase over five months. During this time, they carefully evaluated over ten cybersecurity companies and thoroughly assessed their service offerings. Price was not the only determining factor, and the companies were assessed based on several essential criteria:

1. Vendor qualifications: Experience, expertise and financial stability.
2. Technology and tools: A vital matrix component consisted of selecting a SOC company focusing only on Microsoft Azure Security Stack and Azure toolsets.
3. Service Level Agreements (SLAs): Response times, escalation procedures, and reporting capabilities needed to comply with MCi contractual and compliance requirements.
4. Flexibility and customization: The ability to tailor and customize services to meet MCi annual reports and audits for MCi customers.
5. Security and compliance: SOC requirements to have Microsoft and industry-accepted certifications and accreditations.
6. Cost and value: SOC’s pricing structure, schedule, add-on services, and overall were collectively categorized and analyzed independently.
7. Reputation and references: The SOC’s reputation in the industry and references from current and past customers were scored using an internal MCi review process.

After evaluating all proposals, MCi trusted Quorum Cyber as their long-term cybersecurity partner. This decision was made after considering the added complexity of working with multiple vendors and that Quorum Cyber met all their requirements, including their need for an experienced and reputable Microsoft partner with a complete set of security competencies, certifications, advanced SIEM services, and strong customer support.

A true partner that lives and breathes cybersecurity

“I strongly believed that we needed a partner dedicated solely to the Microsoft ecosystem, who deeply understood cybersecurity and could fully support our Security Operation Center’s needs. We wanted a partner who would invest the time to comprehend our cloud infrastructure, unique business model, and even our customers and be part of our growth journey and continued success,” says Iturbe.

Moreover, MCi needed an expert in Microsoft Sentinel, Azure, and cloud computing that can proactively detect and defend against zero-day attacks and possess strong automation skills to improve efficiency and reduce the risk associated with cyber incidents. The ideal partner should also have experience working within a single, integrated security ecosystem.

After onboarding MCi onto their SOC in early 2022, MCi is confident that Quorum Cyber, whose SOC team runs the Microsoft Sentinel Managed Detection & Response (MDR) service, has already helped to improve its cybersecurity posture and security scores significantly.

“I am thoroughly impressed by the exceptional customer service provided by Quorum Cyber. Their attention to detail, quick response time, and efficient triaging of information by their SOC is outstanding,” says Iturbe.

Iturbe continues, “The single-pane-of-glass view offered by their customer portal, Clarity, has been an invaluable asset to my team. This enables us to access all the necessary information from one dashboard easily. Quorum Cyber’s technical expertise and account management skills are second to none, and their professionalism is truly commendable. They maintain continuous communication with their customers and offer top-notch customer support, a rare quality in today’s business world.”

Iturbe says, “Overall, Quorum Cyber is a fantastic extension of our organization and a true partner. Their unwavering commitment to excellence is reflected in every aspect of their services, making them a top-class provider in the cyber security industry.”

Peace of mind around the clock

“We couldn’t get the security and visibility of the SOC by recruiting more people to cover the same things in-house,” concludes Iturbe. “In a nutshell, MCi has been able to catapult our cybersecurity posture to an enterprise-grade level, thanks to the mutual partnership in working towards the same goals.”

The post MCi Protects Its Customers Worldwide With Quorum Cyber’s Enterprise-Grade Cybersecurity appeared first on My TechDecisions.

The Santa Clara, Calif.-based firm says the new solution enables customers to ingest user identity and behavior data and deploy AI technology to help detect identity-driven attacks within seconds, strengthening XSIAM’s ability to consolidate multiple security operations tools into a unified, AI-driven SOC platform.

The Identity Threat Detection and Response (ITDR) module comes in the wake of several high-profile identity-driven attacks that target user credentials to access systems. In a news release, Palo Alto highlights the actions of Lapsus$, a hacking group that targets privileged user credentials to gain access to victim systems.

The group’s victims have included Okta, Nvidia, Samsung, Microsoft, Uber and others.

According to Palo Alto Networks, the ITDR module ingests and integrates user behavior data such as when employees work, and which data and applications they access. The module processes data from a variety of sources, including authentication services, endpoint logs, cloud identity data, email and HR data, network, OS and custom sources.

The built-in AI Models can be trained to flag suspicious activity based on irregular user behavior to help IT and security teams get ahead of insider risks like configuration manipulation, file manipulation and modification of permissions, the company says.

In addition, the ITDR module reduces complexity by integrating identity analytics into a unified SOC platform, the company says.

Cortex XSIAM already natively integrates security information and event management (SIEM), endpoint detection and response (EDR), network detection and response (NDR), security, orchestration and response (SOAR), Threat Intelligence Management (TIM) and Attack Surface management (ASM) capabilities, replacing the need for multiple point solutions, according to Palto Alto Networks.

In a statement, Gonen Fink, senior vice president of Cortex products at Palo Alto Networks, says customers who want to detect identity-related attacks must deploy multiple tools, with each providing a partial view into user activities.

“Such disjointed approaches result in poor security outcomes, alert overload, and time wasted on triage,” Fink says. “With the addition of ITDR,  the XSIAM platform now integrates all identity data sources into a single security data foundation spanning endpoints, networks and cloud. This allows our customers to run comprehensive AI-driven threat detection to protect against stealthy identity-driven attacks.”

The post Palo Alto Networks Launches New AI-Driven Identity Threat Detection and Response Model for SOC Solution appeared first on My TechDecisions.

In a recent blog post, Allie Mellen, a senior analyst with Forrester, says many security vendors share a vision to deliver an autonomous security operations center (SOC), but that such an idea is highly unlikely due to the need for human intervention, limitations of automation, complexities of an SOC and attackers being able to outsmart machines.

According to Mellen, even in the “physical world,” we have yet to perfect security by machines.

“Estimates suggest that there are more than 20 million private security workers globally,” Mellen writes. “Why so many people? Because machines cannot observe, interpret, and react to the infinite variations of human decisions quickly, completely, and accurately in the physical world … or the digital.”

Further, the expectations that many have of automation does not meet reality, Mellen says, because manual process automation is limited due to the need for humans for basic processes, automation is not designed for complex systems that require resilience and the limited scope of applicability as each step is added to an automation chain.

In addition, human attackers will always outsmart machines, Mellen writes. Hackers do not follow rules and simply identify gaps in security technologies or within the tech itself. Security tools, however, must follow a set of rules.

“These constraints force a limitation on technology that cannot be overcome without the aid of humans,” Mellen says. “If an organization uses endpoint detection and response, an attacker will find a way to bypass it or not target an endpoint. If an organization collects all logs from every single asset into a security information and event management system, an attacker will find a vulnerable employee to leverage for covert access.”

Essentially, technology will always be limited by the purpose it was designed for and lacks the creativity that human attackers use to carry out their attacks.

An autonomous SOC will not be able to operate beyond the constraints humans define and will always be susceptible to attack and pose another risk to the organization.

“The autonomous SOC will never be a reality because technology is simply not capable of human ingenuity,” Mellen writes.

The post Is an Autonomous SOC Possible? appeared first on My TechDecisions.

The general availability comes after the company earlier this year made the Cortex XSIAM platform available to “a number of top organizations” through a design partner program, spanning healthcare, logistics, design, manufacturing, technology, public sector and entertainment verticals.

According to the Santa Clara, Calif.-based company, those organizations faced similar challenges, including overwhelming alert volumes combined with false positives, lack of visibility across the organization and excessive manual overhead from managing siloed tools.

The company says XSIAM operates across both cloud and enterprise security operations for end-to-end management of threats wherever they originate. Unlike other SIEM products, the platform provides the ability to collect and integrate cloud telemetry that is unique to cloud systems. This allows companies operating in the cloud to benefit from the scale, automation and integration with public cloud and SaaS telemetry while also giving organizations with legacy SIEM deployments the ability to transition to XSIAM.

Palo Alto Networks claims it operates its own SOC on Cortex XSIAM, with the platform able to help the company process over one trillion events each month by handling most of those events. Leveraging intelligent data integration, machine learning-based threat models, automation and proactive analysis of IT environments, the company says the platform can help SOCs detect threats in 10 seconds and respond to high priority threats in one minute with an 80% reduction in alerts.

According to Lee Klarich, chief product officer at Palo Alto Networks, the company feels that SOC analysts deserve tools that enhance results, efficiency and productivity.

“Cortex XSIAM establishes an autonomous SOC where organizations can respond to threats in a fraction of the time it takes today, and analysts can focus on the highest priority incidents,” Klarich says. “The SOC of the future will be built on AI and automation — any other approach is destined for failure.”

The post Palo Alto Networks Launches Cortex XSIAM for SOCs appeared first on My TechDecisions.