GO! gains the equivalent of half an FTE with new Microsoft security application

Eighteen months ago, GO! – the Department of Education for the Flemish Community – became the victim of several digital hacking attempts, with software for virtual desktops targeted in particular. For ICT manager Jan Buytaert, this wasn’t just the final straw to accelerate the migration to Microsoft Azure and Microsoft Office 365, it was also an added incentive to get a stronger grip on cyber security. Cyber security specialist Secwise advised GO! to add the Microsoft 365 Defender security suite to its migration plans.

What are the key take-aways?

  • GO! boosts cyber security with Microsoft 365 Defender
  • Automatic phishing control on laptops saves the equivalent of half an FTE
  • Azure Sentinel monitors cyber security, partially automated

Remarkable numbers

  • 400: mailboxes scanned for malware and spam in the central departments
  • 2: GO! is aiming to work fully in the cloud within two years
  • 3: applications from the security suite already activated by GO!

‘Tight security is an absolute must,’ says ICT Manager Jan Buytaert. ‘We had a number of cyber incidents at the start of the year which had an impact on our operations and convinced our directors to identify and then secure our vulnerabilities. We appointed Secwise to carry out a security audit for us in the context of our existing framework contract.’

Microsoft 365 Defender

Secwise translated the 20-step audit into a roadmap with a whole series of recommendations. ‘In the past, it was sufficient to just have a firewall and antivirus software, but you simply can’t rely solely on those products anymore,’ says Koen Jacobs from Secwise. ‘GO! wanted to scale back its own data centre in favour of the cloud – and switch over to Microsoft technology in particular – so we recommended extending their licence to A5, which also includes the Microsoft 365 Defender security suite.

GO! can now use this suite to secure its laptops, protect its email application from spam, and keep its new cloud environment free of malware. ‘People often think that the cloud is already secure, but you’re still always responsible for what happens on their – albeit secure – platform. It’s up to you to ensure that the applications which run on it are secure,’ says Buytaert.

The Department of Education for the Flemish Community made a conscious decision in favour of Microsoft. ‘As an IT department, we’re already a good customer – we use their software for our development processes. We also work with Microsoft Office 365 and Microsoft Azure already, and now we can plug Microsoft 365 Defender 100% into existing applications such as Teams and Outlook, too. So we can warn others about potentially harmful emails or spam with just a single click. It’s mainly from a user perspective that we decided to switch over to Microsoft,’ explains Buytaert.

Before April, it could take us almost a full day to analyse phishing attempts. Now Defender ATP stops them automatically, which saves us the equivalent of half an FTE.

– Jan Buytaert, ICT Manager van GO!

Virus scanner on 400 laptops combats phishing, among other things

The first step in the new security strategy was to add Microsoft Defender Advanced Threat Protection (ATP) to the Windows 10 devices at GO! This project started just before the coronavirus lockdown and will be completed by the end of 2020. GO! already scans its 400 employees’ mailboxes in the central departments for spam and malware, as Buytaert is well aware: ‘Before April, it could take almost a full day to determine if certain emails were phishing attempts or not. But now Defender ATP stops them automatically, which saves the team the equivalent of half an FTE.’

You can create grand strategies to shape your security, but Secwise takes decisive action very quickly, which makes them more cost-effi- cient than others.

Smarter with Azure Sentinel

In order to increase the visibility in their network and gain a better insight into cyber security, Secwise also activated Azure Sentinel – security incident & event management software that the security team uses to inspect and tackle every cyber incident. Jacobs: ‘We want to be able to monitor the servers better and send all “security logs” from each application to Azure Sentinel, automatically filtering them and taking action if required. Sentinel automatically quarantines harmful files. There’s also a machine learning component, which helps us identify false positives.’

‘We’re a small team but need to deliver the same services as a large IT department,’ adds Buytaert. ‘You can automate lots of tasks with smart software such as Sentinel, so we don’t need to provide specialist technical training for our people.’

GO! wants to manage devices remotely in future

Together with identity and device management, there are other security projects also underway already. The ICT manager wants to start by managing the GO! devices more efficiently. ‘Our current device management software doesn’t work remotely, and the coronavirus epidemic has highlighted this as a problem. We can tackle it better with Microsoft Endpoint Manager, but we’re also thinking about purchasing security managed services so that we have an expert to help keep an eye on our security.’

The ICT manager is once again looking to Secwise. ‘They’re definitely not the first security partner we’ve had here, but my colleagues are very happy with their transparency, pragmatism and specific information. You can write entire books and make theoretical models about security, but Secwise takes decisive action very quickly. They keep a good overview of the situation and translate it immediately into products and tools, which makes them more cost-efficient than others. We work together very well, from devising strategies to specific implementation.’

Download case