Cyber Security Insights for Resilient Digital Defence

Summit Homes enhances operations courtesy of Macquarie

Macquarie Telecom, part of Macquarie Technology Group, has announced it has signed a new agreement with Summit Homes Group, a Perth-based leading residential builder. The deal has enabled Summit Homes to enhance its operations, decrease costs, and improve customer service as it delivers modern builds for Western Australia’s growing population. As Summit Homes’ business expanded from 280 to more than 500 staff in the last few years, with multiple additional sites, the company sought to enhance its operations with a more integrated and efficient telecommunications solution. It was vital to Summit Homes to maintain focus on delivering exceptional customer service while also looking to improve cost control and security as cyber risks expand in Australia. Recognising the limitations of its provider and dissatisfied with the high cost, lack of customer service, and lack of understanding of Summit Homes’ growing business needs, the company engaged in a tender process to find a comprehensive networking upgrade that would replace its existing environment and streamline infrastructure management, enhance security, and improve bandwidth across current and future sites. Surrounded by reports of the Western Australia housing crisis, many residential builders struggled with increased demands and soaring costs. “In the residential construction industry, embracing change and prioritising customer experience is crucial,” says Summit Homes IT Manager, Fabio Fusari. “We prioritise building strong relationships with our clients and understanding their unique requirements for traditional homes, unit developments, renovations, modular and ‘innovative tiny’ homes. “When it comes to people’s homes, personalised interactions and proactive communication aren’t ‘nice-to-have’, they’re critical.” Having partnered with Macquarie Telecom in 2003 for a mobile fleet of over 200 services, Summit Homes made the decision to rely on its trusted partner once again. The Australian telco rolled out a robust, secure, multi-carrier access wide area network (WAN) to all sites. The choice of best access type in each site, between NBN, Telstra, and other major carriers was pivotal in balancing cost reduction with quality of performance, and networks are made resilient with 4G/5G backup. “The dedicated project management team at Macquarie Telecom ensured the rollout of the network to all sites, including our showcase head office and new regional offices, was smooth,” Fabio adds. “If we had an issue, our call would be answered immediately by someone local, and we knew the problem would be fixed.” The new agreement has considerably improved network infrastructure which resulted in improved connectivity and efficiency across all sites and primed the company for continued expansion. Summit Homes has also seen cost savings and a reduction in administrative overhead, allowing the company to focus more on its core business of building quality homes and providing exceptional customer service. “Summit Homes has seen astonishing success in a difficult sector which is currently under the microscope, and this is largely due to the company’s ingrained passion for innovation, adaptability, and customer service,” comments Aaron Tighe, Western Australia State Manager, Macquarie Telecom. “Macquarie Telecom has built its business on customer experience, and we place a high value on forging meaningful connections with our customers, so they are better able to achieve their goals.” “Macquarie Telecom’s customer-centric approach has ensured we receive personalised support and tailored solutions to meet our exact needs,” Fabio notes. “The customer service has been fantastic throughout the whole process. We’ve worked with different providers and partners in the past and although customer service is often excellent during the sales process, once you sign on the dotted line, you don’t hear from anyone ever again.” For more from Macquarie Telecom, click here.

New bill protecting public services from cyberattacks

In yesterday's King’s Speech (17 July 2024), the new Labour government pledged to strengthen the UK’s cybersecurity and resilience, promising to introduce new legislation designed to protect critical infrastructure and the digital services businesses rely on from highly damaging cyberattacks. The Cyber Security and Resilience Bill will expand the remit of existing regulation to cover a broader range of digital services and supply chains, put regulators in a better position to ensure best practices are implemented, and mandate increased reporting so that better data on cyberattacks, and their impact, is available. This comes following a series of cyberattacks against public bodies throughout the year, including attacks targeting the NHS and MoD. Darren Anstee, Chief Technology Officer for Security at NETSCOUT, comments on the new Cyber Security and Resilience Bill, and the best practices for organisations to implement to improve their cyber resilience: “The existing regulations in the UK, introduced in 2018, have helped to ensure that critical national infrastructure and the services it delivers are defended from cyberattacks. As we’ve seen recently though, attackers are targeting these services indirectly by going after elements of their supply chain. We’re also seeing the nature of the threats we all face evolve, with more sophistication and broader, as well as increasingly persistent, activity from nation-state affiliated actors. Given this, broadening the scope of regulation, and giving the regulators more powers to ensure best practices are followed, can only be a good thing. “Equally important is the ability to mandate increased incident reporting. A broader, deeper and more timely view into the nature of the incidents that organisations experience can help to both refine best practices and ensure that companies can move quickly to prevent attackers repeating their success. Bad actors share tools and techniques – organisations delivering critical services, and those involved in their supply chains, should follow suit, working with one another, or via industry and government institutions that can aid communications. “What’s key in delivering better reporting capability, from a technology perspective, is that organisations have consistent visibility across their increasingly diverse infrastructures, without blind spots at internal or external technology borders. Consistent broad and deep visibility helps to ensure comprehensive threat detection, but also speeds up investigation and delivers the forensic capability required.” For more from NETSCOUT, click here.

Avaneidi secures funding to advance data security

Avaneidi, an innovative Italian start-up specialising in security enterprise storage systems, has announced an €8 million (£6.7m) Series A funding round by United Ventures. The investment underscores a shared commitment to advancing solid-state storage technologies, enhancing data security, and promoting a sustainable digital transition. Avaneidi develops comprehensive enterprise storage systems based on a rigorous 360-degree, multi-level 'security by design' approach, enabling an unprecedented degree of cyber security, protection and data reliability for enterprise-grade applications. Avaneidi’s storage technology advancements boost performance, security and reduce energy consumption. This allows electronic devices and data centres to increase their operating efficiency and limit their carbon footprint, addressing key sustainable development goals such as clean energy and sustainable industry innovation. Avaneidi’s Enterprise Solid State Drives (ESSDs) utilise tailor-made chips and advanced algorithms, providing a bespoke solution optimised for performance and cyber security applications. Designed for on-premise data centres, their storage appliances offer a cost-effective, highly efficient alternative to traditional storage solutions, featuring extended drive lifetime, improved security and significant energy savings. “Our mission at Avaneidi is to pave the way for more secure, efficient, and sustainable data storage solutions,” says Dr. Rino Micheloni, CEO of Avaneidi. “This funding will keep us at the forefront of the market, enabling us to accelerate the development of our enterprise ESSDs and all-inclusive storage appliances. Unlike off-the-shelf products, our solutions address cyber security and data governance issues by leveraging a tight hardware-software co-design while offering extensive customisation options.” Avaneidi targets organisations and industries that are highly sensitive to data governance and security, particularly within the rapidly evolving field of AI applications, where these issues are of paramount importance, such as finance, defence, automotive and healthcare. By prioritising data integrity and protection, Avaneidi empowers entire industries to better leverage AI technology safely and effectively when it comes to storage solutions. Avaneidi’s technology’s potential has attracted the attention of major industry players, the company states. Negotiations and preliminary agreements are in place to validate and expand the market reach of its innovative products. “United Ventures invests in technologies that have a tangible positive impact,” states Massimiliano Magrini, Managing Partner at United Ventures. “Avaneidi's vision and mission to enable organisations to make better and more sustainable storage decisions, focusing on governance and data security, align with our investment philosophy. By channeling resources into AI infrastructure like Avaneidi’s, we aim to facilitate the development of technologies that will redefine industries and transform tomorrow's society.” As the AI sector rapidly expands, robust infrastructure for advanced AI applications is paramount. According to recent estimates, the AI infrastructure market is projected to grow from $25.8 billion (£20.3bn) in 2022 to $195 billion (£153.9bn) by 2027, reflecting a compound annual growth rate (CAGR) of 50%. This surge is driven by significant advancements in AI computing, which is expected to escalate from $15.8 billion (£12.4bn) in 2022 to $165 billion (£130.2bn) in 2027, achieving a 60% CAGR.

Infinidat innovation recognised for its cyber security credentials

Infinidat, a provider of enterprise storage innovations, has announced that its InfiniBox SSA II has been recognised by analyst firm, DCIG, as one of the world’s top cyber secure all-flash arrays (AFA) for enterprise storage. This high ranking, which was revealed in the 2024-25 DCIG Top 5 Cyber Secure High-End All Flash Arrays Report, is based on independent research that DCIG conducted into the AFA marketplace, with an expanded focus on cyber storage resilience and recovery. “The recognition of the InfiniBox SSA II as one of the top five cyber secure AFAs in the world validates that not only is Infinidat’s primary storage solution the fastest all-flash array with industry-leading ultra-low latency, but also an industry acclaimed solution for cyber resilient storage,” says Eric Herzog, CMO at Infinidat. “Ever since we delivered the ground-breaking capabilities of InfiniBox SSA with our InfiniSafe cyber storage software and our InfiniVerse platform, Infinidat has redefined cyber resilience and recovery for enterprise storage. With an unprecedented guarantee, our InfiniBox SSA II ensures that enterprises and service providers recover and restore data at near-instantaneous speed after a cyberattack, significantly reducing the impact of ransomware and malware and saving companies time and money.” Cyber resilience is among the most important and highly demanded requirements of enterprises today to ensure exceptional cyber security and resist cyber attacks across the entire storage estate and data infrastructure. Infinidat’s InfiniSafe cyber secure capabilities in the InfiniBox SSA II innovation combines immutable snapshots of data, logical air gapping, a fenced forensic environment, cyber detection, and virtually instantaneous data recovery, which clocks in at less than one minute, guaranteed. Infinidat leverages artificial intelligence (AI) / machine learning (ML) to provide deep content-level scanning to identify compromised data. The InfiniBox SSA II creates a private network that is isolated for data validation, facilitating the critical step of identifying a clean copy of data for reliable, rapid recovery. "Having a cyber secure all-flash array is a necessity for enterprises to protect data from cyber attackers and ensure the security of the entire storage infrastructure, as well as to maximise business benefits by automating and consolidating workloads onto a higher-performance all-flash platform," said Dave Raffo, Consulting Analyst at DCIG. "A legacy all-flash array without cyber security capabilities built into it is already outdated and a potential huge liability in today's world of continuous cyberattacks. Our list of the top five Cyber Secure High-End All Flash Arrays constitutes the future of enterprise storage. The InfiniBox SSA II has earned a top spot because of advanced cyber resilience features on its platform, coupled with the performance, scalability, 100% availability, and cost-effectiveness that enterprises need." The InfiniBox SSA II is Infinidat's high-performance, all-flash array aimed at mission-critical workloads that demand the ultimate in real-world application performance. It is integrated with the InfiniVerse platform, which accelerates Artificial Intelligence for IT Operations (AIOps) to automate and streamline storage management, utilises AI-based predictive analytics, and enables easier management of hybrid cloud storage implementations. In addition to creating a cyber secure enterprise storage infrastructure that is efficient and dynamic, the InfiniBox SSA II allows customers to not only have optimal application and workload performance, but also allow for substantial storage consolidation, transforming storage performance, providing superior reliability, and reducing CAPEX and OPEX. The SSA II delivers the same 100% availability, white glove service, and lower total cost of ownership that defines the industry acclaimed InfiniBox customer experience, the company states. To read the DCIG report, click here. For more from Infinidat, click here.

Storage must form the core of an enterprise cyber security strategy

By James ‘JT’ Lewis, Director of Channel Sales for EMEA and APJ at Infinidat It’s no wonder that in PwC’s 24th Annual Global CEO Survey, leaders ranked cyber attacks second place amongst the most serious of all possible economic, social, political, business, and environmental threats. Ransomware attacks represented 12% of breaches of critical infrastructure in the last year.  Cyber security experts have estimated that global cyber crime costs will exceed 7.5 trillion Euros this year, according to CyberSecurity Ventures. Enterprises run on data and when it’s hacked or corrupted by cyber criminals, the disruption can topple an operation overnight, with multi-million Euro consequences. The irony is that, if the fallout from a cyber attack happened that quickly, it may be less problematic to recover from. Remedial action should be started immediately and any damage minimised. The actual problem is much more insidious because when cyber attackers target an enterprise, they usually wait for almost six months before taking action. This increases their ransom power and without the right data controls, the victim’s only option may be to concede to whatever financial demands are being made. In that timeframe, their primary data, the live data your business operations depend on, could have been exposed to all kinds of criminal activity. For this reason, enterprise storage has become a main target of cyber criminals for the most damaging and hard-to-detect ransomware and malware attacks. One reason why enterprises still get trapped is because a cyber security strategy tends to focus on keeping criminals out in the first place, rather than accepting that attacks will most likely happen and there is an impetus for having a watertight strategy. The wolf will definitely keep knocking and will get inside your house. So, what steps can you take? Firstly, cyber security’s emphasis must widen, to address three areas - detection, resilience and recovery - and plug the vulnerability gap that cyber criminals have been exploiting. Combining resilience, which is the ability to instil defensive security measures to repel attacks; detection, which is the ability to know when data is corrupted and whether a known good copy of data is free of ransomware or malware; and recovery, which is the ability to bounce back and recovery with a known good copy of the data from cyber attacks, is the key to hardening storage infrastructure. Converging cyber resilience, detection, and recovery on an integrated enterprise storage platform is an advancement over former siloed approaches that rely on disparate tools and technologies. It makes the cyber capabilities more air-tight and ensures a rapid recovery of data within minutes to thwart cyber criminals, nullifying ransom demands and minimising downtime or damage to the business. There are some key features of enterprise storage that need to be in place to ensure cyber resilience against today’s cyber criminals, all of whom are highly skilled technology experts. These include ensuring the immutable nature of the data, recovered from a copy you can trust. Air-gapping to separate the management and data planes to protect the data. A secure forensic environment, to analyse the data thoroughly and ensure the fastest recovery speeds possible is critical. Immutable snapshots allow the end user to roll back the clock and recover guaranteed, uncorrupted copies of their data, before the execution of any malware or ransomware code introduced by an attacker. Immutable snapshots ensure data integrity because they prevent data copies from being altered or deleted by anyone. Even internal systems administrators are locked out of immutable snapshots manipulation. The enterprise can be confident that any disruption or damage caused by the intrusion is minimal. Logical air gapping adds a further layer of security, by creating a safe distance between the storage management layer and the immutable snapshots. There are three types of air gapping. Local air gapping keeps the data on premises, remote air gapping makes use of a remotely hosted system and hybrid air gapping combines the two. Fenced forensic environments help speed up the recovery process by providing a secure area to perform a post-attack forensic analysis of the immutable snapshots. The purpose here is to carefully curate data candidates and find a known good copy. The last thing an enterprise wants after an attack is to restore data infiltrated with malware or ransomware. Once these core elements are present within your storage infrastructure, the whole restoration can progress like clockwork. It’s why our focus as an organisation is dedicated to educating IT leaders about the need for a convergent, tripartite approach. One that combining cyber resilience, detection, and recovery on a single storage platform. Reliance solely on backups and preventing attacks is no longer enough to secure storage systems.

How to prepare for increasing cyber attacks on critical infrastructure

By Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea Today, everyone is well aware of the widespread and serious nature of cyber threats. Cyber criminals have infiltrated almost every sector, from banking to healthcare to government departments. And as the years go by, we see increasingly sophisticated and harmful attacks happening. However, while personal data and financial privacy remain top concerns in the public’s mind, there are other targets in the crosshairs of cyber criminals that pose an even greater threat to society – critical infrastructure.  How is critical infrastructure being impacted by modern cyber threats? Critical infrastructure attacks are becoming a major concern for the safety of people worldwide. A 2022 report from Waterfall Security states that major sectors like energy, utilities, and transportation experienced over 150 cyber attacks last year, representing an alarming rise of almost 150% from the year before.  Cyber criminals, using methods like ransomware and DDoS attacks, are focusing on essential systems that maintain the well-being and security of communities. As more public services organisations and government agencies digitise their operations, the risks of these types of attacks are only going to continue to rise. Fighting back: How organisations are protecting critical infrastructure Awareness and action are two primary factors contributing to critical infrastructure organisations fighting back against modern cyber threats. Below are some key actions that need to be taken by organisations to reduce the risks of major operational disruptions due to cyber attacks: Adopting a proactive approach to cyber security Not having proactive security measures in place is a major risk within critical infrastructure systems. This not only includes taking the time to audit and test systems for potential weaknesses, but also putting more priority into budgeting and allocating resources to cyber security.  Focusing on network segmentation Because of the amount of data and interconnected systems that make up critical infrastructure operations, there are wide attack surfaces for cyber criminals to exploit. To significantly limit the impact of potential attacks, organisations need to focus on network segmentation and strong access controls between both IT and OT (Operational Technology).  By dividing networks into smaller pieces and implementing security measures, such as Privileged Access Management (PAM) and Defence in Depth protocols, it becomes much more difficult for attackers to move laterally across systems and networks. Establishing a cyber security culture Without a culture of security awareness, organisations aren't able to effectively identify and combat the constant threats. This requires a much more holistic approach, going beyond just implementing security technologies and instead establishing a culture of security throughout the entire organisation. Employees who are trained are more likely to report suspicious activity and contain an attack before it turns into a catastrophe.   Because critical infrastructure systems often involve a large number of employees and third-party contractors, it is essential to educate and train everyone on security best practices including the use of Remote Desktop Protocol (RDP) and strong password hygiene such as using a password manager or PAM (Privileged Access Management) solution. Creating a comprehensive incident response plan With the crosshairs consistently on organisations with industrial operations, it's important to think of cyber attacks as a matter of "when" instead of an "if”. This means having a comprehensive incident response plan in place to effectively counter and respond to attacks.  This plan should include steps such as identifying the breach, containing and minimising damage, restoring systems, and learning from the incident to improve future response. Keep our critical infrastructure secure No matter where a cyber security threat comes from, organisations must have a comprehensive strategy in place to protect their infrastructure. Prioritising network segmentation, strong access controls, establishing a culture centered on cyber security, and having a clear incident response strategy can help organisations minimise or avoid altogether these crippling attacks.

NMi Group acquires TrustCB

NMi Group has announced the transformative acquisition of TrustCB in the cyber security domain. This strategic move solidifies NMi Group as the premier provider of certification services for the evolving landscape of digitally integrated and smart devices. A key emphasis of the acquisition is TrustCB’s expertise in translating common criteria standards via SESIP to the Internet of Things (IoT) domain. This strategic move further fortifies NMi Group's dedication to "measure tomorrow" by synergising precision in measurements with increasingly requested robust cyber security standards. In legal metrology and common criteria, coexistence is imperative to guarantee a holistic approach to the functionality, accuracy, and security of devices such as smart meters, smart grids, and other smart industrial devices. Manufacturers and operators navigating these digital landscapes must adhere to both legal and cyber security regulations, ensuring compliance with standards for accuracy and security. Expressing enthusiasm about the strategic move, Yvo Jansen, NMi Group CEO, states, "Acquiring TrustCB fortifies our commitment to excellence in smart industrial devices. By integrating accuracy in measurements with robust cyber security standards, we ensure regulatory compliance and enhance the overall reliability of our solutions." Echoing this sentiment, Wouter Slegers, TrustCB CEO, adds, "Joining forces with NMi Group is a strategic move safeguarding the TrustCB common criteria and dedicated scheme certification business even further. In practical ways, nothing changes; TrustCB stays the trusted, responsive partner as a certification body. This synergy amplifies our commitment to precision and security in smart industrial devices, advancing the global standard for regulatory compliance and elevating the trustworthiness of our certified solutions."

Logpoint and SecurValue to secure organisations in Southern Europe

Logpoint has announced a partnership with SecurValue, providing cyber security services to help customers detect and respond to cyber threats. Armed with its SIEM+SOAR solution, SecurValue can offer robust threat detection and response, real-time data analysis, early detection of data breaches, and easy implementation of compliance requirements. “We’re happy to partner with SecurValue to help organisations strengthen security posture and cyber resilience. They share our vision for conducting long-term business in Southern Europe,” says Christian Pijoulat, Regional Director SEMEA at Logpoint. “SecurValue has a tailored approach to their customers, based on skilled cyber security professionals and trusted technologies, and we’re proud that Logpoint’s solution is now a part of that.” The Southern European market is preparing for the local implementations of the Network Information Security (NIS)2 directive from the European Union to increase cyber resilience across the EU. The directive will expand the existing regulations within data and cyber security, introducing stricter requirements for a broad range of sectors. Non-compliance and failure to report incidents will result in significant fines and sanctions. “We’re excited to add Logpoint to our portfolio to offer our customers improved security capabilities, streamlined operations, and enhanced compliance adherence,” says Fabio Cagna Vallino, Cyber Security BU Director at SecurValue. “CEOs across the region are becoming aware that cyber threats are a top concern and that investments in cyber security are essential to minimise cyber risk. Especially small and medium-sized organisations are struggling with the lack of cyber security professionals trained to handle threats effectively, which leaves them at a major risk of exposure.” SecurValue will offer the Logpoint SIEM+SOAR solution, which analyses security incidents and automates the investigation of threats, improving cyber intelligence, reducing cyber security risk, and accelerating threat detection, investigation, and response. SecurVlaue will also use Logpoint Director, a platform that helps MSSPs and MDRs update, manage, and monitor large and multi-tenant deployments.

Aspire expands its footprint with the acquisition of Cloud Cover IT

Aspire Technology Solutions, a cyber security and modern workplace managed service provider, has announced the acquisition of Cloud Cover IT, a managed service provider based in Glasgow. This is an important strategic acquisition for Aspire, aligning with its vision for expansion into new UK regions and expanding its portfolio of cutting-edge technology solutions.  As part of this investment, Cloud Cover IT will become a part of the Aspire group, and its software development and business applications division will be rebranded as 'Flyte.' The company will be well-positioned to make ongoing investments, better serving its growing customer base by extending its business applications offerings. Cloud Cover IT has been delivering IT support and digital transformation solutions for over 11 years. It prides itself on providing excellent service to its customers. As part of the Aspire group, it has access to the full range of Aspire products, solutions and expertise, offering greater benefits to its customers. Chris Fraser, CEO and Founder of Aspire says, “Our acquisition of Cloud Cover IT marks a new and exciting chapter for both companies. This move will strengthen our presence in Scotland, positioning us in a thriving market. The Cloud Cover team will become an integral part of the Aspire group, and together, we believe we can grow significantly in this key strategic market. I'm excited to see the opportunities accelerate as we offer customers, present and future, the innovative solutions that they need in a changing world. Exciting times lie ahead.” Lance Gauld, Founder and MD at Cloud Cover IT, comments on the synergy between the two companies, “Multiple factors drew us to Aspire; they are an outstanding company. The alignment between our organisations and how we complement each other is evident. We share similar values in our approach towards our people, customers, and objectives. This partnership is not merely a merger with a large IT company; it is a collaboration with a leading UK technology provider that understands us. As part of the Aspire group, we can grow our footprint further and broaden our offerings with access to more expertise, resources and an extensive portfolio of solutions to help our customers drive their businesses forward.” With a 17-year legacy in the technology sector, Aspire has experienced significant growth, serving over 1,700 customers and nurturing a dedicated team of around 250 experts. It has a notable footprint across the UK, including offices in Gateshead, London, Leeds and Teesside. Aspire has earned a reputation for delivering leading solutions across cyber security, cloud, managed services, connectivity and unified communications.

Implementing an effective cyber security strategy in data centres

A robust, scalable and efficient cyber security solution is of critical importance to Colt Data Centre Services (Colt DCS). When looking for a partner to bolster its threat detection and response capabilities, Colt DCS turned to Armor to provide a uniform cyber security platform across all its multinational sites, implementing Armor’s XDR + SOC solution, as well as its VAPT programme to continually identify potential flaws. Background Operating 16 data centres in seven cities across Europe and Asia Pacific, Colt DCS has been designing, building and operating hyperscale and large enterprise data centres for more than 25 years. Like all hyperscale data centre solution providers, Colt DCS’ business model is dependent on customer confidence and being able to convince potential customers that their confidential data, and the data of their own customers, is in the safest of hands. The vast amounts of sensitive and valuable information stored, processed and transmitted by Colt DCS for some of the world’s largest organisations make it a potentially attractive target for cyber attacks. Therefore, effecting a robust and highly assured cyber security platform is essential to its operations and ongoing success. Challenge As part of its commitment to delivering a sustainable hyperscale future for its clients, Colt DCS undertook a thorough evaluation of its cyber security posture. The business found itself reliant on a multitude of disparate solutions, making threat monitoring and response less efficient. This fragmentation also meant that its IT teams did not have a single view of the threat landscape and associated vulnerabilities, instead having to sift through data from various vendors, which reduced response efficiency. Guy Gibson, IT Infrastructure Manager at Colt DCS, says, “What we realised is that we were often ‘reactive’ to threats. We had access to a huge amount of data, but no single view. It felt disjointed and that our current approach lacked structure and control.” Greater vulnerability assessment and penetration testing (VAPT) was also an area it identified for improvement, requiring continuous monitoring and testing of the environment in order to expose potential faults and security weaknesses. Guy Gibson explains, “At the heart of what we were trying to achieve was more efficient threat detection and response, seeking a single source of truth solution that would provide us with greater global threat intelligence, control, testing and guidance, whilst also facilitating large scale growth when required. “We needed to work with someone who really understood the threat detection landscape and who could provide a solution that offered zero downtime to facilitate business continuity. The solution would also have to be compliant to data storage regulations across every country we are located in, and crucially, allow us to retain ownership and control of all data. In essence we needed security delivered in an unobtrusive way.” The cyber security team at Colt DCS was also looking for the reassurance of 24/7, 365 days a year platform security, as well as a trusted supplier and subject matter expert who could provide guidance, training and knowledge to its teams, helping them to grow. “We wanted to learn and improve, so trust, communication and seamless integration between the new provider and our Incident Management Team (IMT) was also a must,” Guy continues, “focusing on detecting and resolving Priority 2 (P2) incidents or higher with a well-defined process for incident resolution.” The solution With all challenges and concerns identified, Colt DCS initiated a search for a cyber security partner who could provide an effective solution across its multinational sites. Armor immediately impressed with its delivery capabilities, technical expertise and the comprehensive solution it proposed to simplify the detection and remediation of cyber security-based threats. Guy explains, “We were highly impressed with the solution proposed by Armor. Other vendors/platforms were considered, but Armor came out top in terms of the technical solution, delivery and the flexible capabilities it offered.” Armor project managed the implementation of Microsoft Sentinel, Azure’s cloud-native security information and event management (SIEM) system, as part of its Extended Threat Detection and Response (XDR) function to correlate logs and telemetry data from all sources, providing a complete view for threat identification. A 24/7 Security Operation Centre (SOC) added an additional layer of cyber security expertise to Colt DCS’ defence, enabling swift threat response and guiding remediation efforts effectively.  As part of the XDR+SOC deployment, Armor configured each of the following custom and native log sources: Azure AD: Provides insights into audit and sign-in logs Azure Activity: Provides an overview of subscription level events Azure WAF: Provides Web Application Firewall logs Azure Firewall: Provides network security and application rule logs Azure SQL Database: Provides audit and diagnostic logs Azure Storage Account: Provides audited and diagnostic logs Microsoft 365 Defender: Monitors and logs logons, file, process and registry events Microsoft Defender for Endpoint: Provides security alerts on network endpoints such as laptops, tablets, routers etc. Additionally included in the solution were Armor’s advanced: Analytics Rule Library – including correlation alerting and threat-hunting rules Security dashboards and widgets Configuration of Open Source and Commercial Threat Intelligence Feeds An ongoing VAPT programme was also deployed to identify any potential security flaws and enhance its DPS’ overall security position. As a second stage to this project, Colt DCS is now ingesting a new telemetry as part of its XDR solution – Microsoft’s Defender for IOT.  This will enhance its security further by protecting and monitoring internet-connected devices and endpoints within the data centre infrastructure to prevent cyber threats and vulnerabilities. Guy explains, “The implementation of the solutions was well-managed and required minimal input from our internal teams. Not only was it straightforward, but the benefits were felt almost instantly. The solution from Armor has allowed us to have a better oversight of our global operations and assess the cyber landscape more efficiently. “I haven’t received a single complaint from my team. Everyone sees Armor as a force for good. Armor’s solution has allowed us to shift our mindset internally, we are more proactive and focused. We can spend more time on access control rather than trying to process and understand vast quantities of data, which had become the norm. “There have been numerous threats and vulnerabilities picked up since the implementation of Armor’s system. Issues that I think could have posed a real risk had our teams not been able to detect and remediate them. One example was the detection of a compromised email account which had the potential to be used for malicious means if not resolved swiftly. With this new solution we were able to be informed accordingly and take immediate remediation steps.” Shortly after the implementation of the Armor solution, Colt DCS expanded capacity across ten of its sites. Guy adds, “Having implemented the XDR solution ahead of this expansion undeniably meant that this process was much swifter. It was far less concerning to all involved than it would’ve been using our previous approach. “Overall, the entire solution has helped us to achieve every single objective we set out to achieve on this journey, making the assessment of the cyber landscape a lot simpler for our team, threat detection and response quicker and more efficient, whilst continually facilitating our expansion.” The wins Unified cyber security provision Greater threat visibility Minimised false positives and reduced alert fatigue Simplified and faster incident response Reduction in people hours to detect and manage threats Elimination of threats before they cause damage Improved global oversight across Colt DCS’ locations Implemented with zero downtime and full business continuity experienced Enhanced access control Compliant with data storage regulations across every location Retained ownership and control of all data Accessible guidance, training and knowledge support