Mitigating Against Security Risks in the COVID-19 Era - A Managed Defense Banking Case Study

May 29, 2020
Businesses, their partners, vendors, and end users have been forced to rapidly change the way they work and utilize technology in response to the work from home mandate imposed by the COVID-19 pandemic. Unfortunately, the bad guys are at an advantage during these times as IT is scrambling to enable and support the remote workforce. They have not been afforded the time and focus necessary to adapt their security strategy to align with this new reality.

While IT teams are working around the clock to deliver and support a remote work-centric technology stack, their ability to effectively monitor, detect, and respond to risks within their changing environment has weakened. The risk of security incidents has increased and the last thing any business needs right now is to deal with a security event that could further interrupt business operations, tarnish reputation, and bring an already taxed IT organization to their knees.

The average ransomware payout was $41,000 in Q3 of 2019 and the associated revenue loss of downtime averaged 16.2 days in Q4 2019. This is not something to take lightly, especially when many organizations are in survival mode as they battle the disruption caused by COVID-19.

The solution for many businesses is to outsource identity, endpoint, and access risk management to a trusted partner; this is where BDO Digital’s Microsoft 365 Managed Defense (Managed Defense) comes in. Managed Defense was developed in sponsorship with Microsoft to monitor, detect, and respond to security events within our customers’ “front line” systems – Cloud, Office 365, and user endpoints.

We first harden our customer’s environment to ensure that the powerful security tools built into the Microsoft 365 product suite (powered and interconnected by Microsoft’s Intelligent Security Graph) are properly deployed and configured. We then provide 24x7 monitoring, detection, and response services to triage and resolve the security events that matter most.

One of our banking customers, who invested in this service 6 months ago, has seen the positive effects of Managed Defense and the impact it has had on their organization prior to and during the COVID-19 pandemic. The service was started at a time when the bank was reevaluating their security strategy from traditional signature-based antivirus software and disparate security solutions. Their goal was to move to an integrated model leveraging Microsoft’s security framework that complimented the bank’s cloud-first mentality and in-flight initiatives around collaboration, productivity, and data center consolidation.

By March 2020, the bank was using Azure AD, Microsoft’s MFA solution, Office365, and Windows 10, with Microsoft’s Advanced Threat Protection (ATP) enabled in the cloud and on the endpoints. The bank was well positioned from a technology perspective, and Managed Defense added the value of providing ongoing threat management.  

Prior to COVID-19, Managed Defense had provided the bank value by surfacing changes to global administrators, tracking MFA enforcement, and identifying potentially compromised user credentials, all of which reduced the bank’s attack surface. As Microsoft’s service continues to learn patterns for access, MFA use, times of day services were used, and other common feature behaviors that strengthen overall security posture over time, Managed Defense takes advantage of these improvements and increases its effectiveness in identifying and remediating security events.

When the bank moved to a remote workforce, the capabilities between Managed Defense and Microsoft ATP helped to surface much needed insights around important metrics such as:
  • Uncommon patterns in end user access, such as risky sign-ons
  • Unconventional queries to the network, such as domain enumeration from unexpected sources
  • Accounts added to a global administrator group
  • Email accounts compromised from a phishing exploit
  • Mail forwarding rule changes or newly configured
Managed Defense generates alerts for these activities and other metrics which are then triaged by the 24x7x365 BDO Digital security team and reviewed with the bank. This has led to an increased security posture and peace of mind for the bank during this period of rapid change and disruption.

Security is an ongoing need and the rapid change experienced in such a small window of time has led many businesses to rely on partners to provide security advisory and operational expertise needed to reduce risk and effectively manage security events. The BDO Digital team behind Managed Defense are certified experts that have expansive practical experience identifying and closing security gaps, managing complex security breaches, and protecting your data. Contact us to learn more about Managed Defense and how we’re helping others like you.
  New call-to-action