As digital transformation continues to accelerate and evolve in all sectors, so does the complexity of security threats. For the past few years, billions of records of users’ personal information or confidential business data have been exposed, with irreversible repercussions on affected businesses. In 2021, the world saw an alarming 105% surge in ransomware cyberattacks.
Today, security must be integrated into the development process in its entirety. Given the widespread impact of the recent cyberattacks, organizations across industries must shift from a defensive to a proactive approach. This implies assuming internal systems are already compromised and, based on this principle, start building powerful security practices and monitoring systems.
Ensuring a proactive approach can be overwhelming, especially for organizations with complex delivery processes. Monitoring their entire ecosystem regardless of the challenges it poses is an additional task for organizations willing to instill security in the very core of their development process. Nonetheless, teams who succeed in this are 1.6 times more likely to meet or exceed their organizational goals.
Powering security monitoring systems and practices: Sameday
One of our long-standing clients that were willing to power its development process and build a strong security monitoring system was Sameday, the courier company with the largest national delivery network on the Romanian market, providing same-day and next-day shipping services. In 2021, Sameday started offering delivery services to customers in Hungary, with plans to further expand and strengthen its position in both markets. For the past years, the company has invested in digital transformation, with a focus on predictable delivery.
Innovation is at the core of the business strategy for Sameday. For the past six years, we have been able to support them in employing the latest technologies and building solutions aimed at ensuring a high level of flexibility and convenience for customers and couriers alike.
The courier market has been essential in the pandemic, especially during the lockdown, when it ensured the continuity of certain vital economic activities. Due to the huge growth in eCommerce, delivery services had to adapt to new requirements and shopping behavior. This unparalleled growth, which is expected to change people’s perception and expectations of delivery services in the long run, needs to be exploited and adapted to ensure high levels of convenience. People expect to be able to track their packages, select alternative delivery options and enjoy the same level of convenience during peak times, such as Black Friday. On the other hand, couriers need to enjoy similar predictability and automated processes like package arrangement by address or traffic tracking.
This state of affairs comes with new variables and challenges for the courier market. Sameday no longer sees the speed of delivery as the main competitive advantage among courier companies. Above all, there’s the rapid adoption of the latest technologies that help in creating new value propositions for customers and the entire value chain. The pandemic has proven that companies can rapidly meet fast-changing customer expectations by leveraging the right technology.
A new challenge
For Sameday, we have been developing several applications and functionalities over the years: the core app, the self-service intelligent locker system, the locker app, the client website, and the mobile app for couriers.
The growth of the projects and of the Sameday business has led to the need for more focus on security in the entire development process and digital assets monitoring. The Zitec Security team was already involved in all processes, from analysis and initial discussions to testing of the different functionalities from a security point of view. However, the monitoring of potential attacks and malicious attempts on the entire Sameday ecosystem had to be addressed.
Given the growing complexity of recent years’ cyberattacks, it is no longer optimal to only implement security measures. Today, monitoring infrastructures and digital assets is a key factor in the prevention of a security breach, which ensures business resilience in the long run.
The solution: Microsoft Sentinel
In order to monitor Sameday’s ecosystem of diverse apps, devices, users, and infrastructure, the company needed a solution powerful enough to meet the security requirements of such a complex structure. Microsoft Sentinel was the obvious choice in this case since it helps in monitoring the entire ecosystem regardless of the challenges it poses. Prior to this, for Sameday it was difficult to maintain a holistic view of all of its apps and ensure robust information security practices.
Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. It delivers intelligent security analytics and threat intelligence across the entire organization, providing a holistic solution for attack detection, threat visibility, proactive hunting, and threat response. In essence, with Microsoft Sentinel companies are able to:
- Collect cloud data across all users, devices, applications, and infrastructure;
- Detect previously uncovered threats and minimize false positives;
- Investigate threats with AI and hunt suspicious activities;
- Respond to incidents rapidly.
To help minimize the number of alerts that have to be investigated, Microsoft Sentinel uses analytics to correlate alerts into incidents and provides machine learning rules to map network behavior. To build playbooks with Azure Logic Apps, organizations can choose from over 200 connectors for services such as Azure functions. The connectors allow the application of any custom logic in code, ServiceNow, Jira, Zendesk, HTTP requests, Microsoft Teams, Slack, Windows Defender ATP, and Defender for Cloud Apps.
The implementation phase
We took a deep dive into the Sentinel capabilities, switching from the traditional SIEM to a truly integrated monitoring solution. With Sentinel, we have access to unparalleled visibility alongside a deep understanding of Azure services, all in one platform.
After understanding the architecture of the solution, the implementation was trivial. Sentinel is a SaaS, so in a matter of days, we prepared a log analytics workspace, set up the data collectors, and selected the analytics rules. Having all set, we had to create incidents, based on the alerts that we were interested in, and decide what actions should be performed when an incident is created. There is no need for a dedicated hardware infrastructure, no license requirements, and no log ingestion integration problems with the monitored services. When talking about monitoring and responding to security events in the cloud, Azure Sentinel became our go-to solution.
Results and future plans
For Sameday, the monitoring system built by Zitec and powered by Microsoft Sentinel has so far processed 490 million events (logs) monthly and generated over 1300 alerts. This translates into an increased degree of predictability, reduced security risks, and better data protection for safe business growth. Sameday now has a proactive approach to security practices in place, the company being able to easily integrate security checks and practices without compromising their operational performance.
When digital transformation is no longer a vision, but the norm, we believe it is important to constantly invest in measures to protect digital assets, especially when sensitive information is involved. At Sameday, we found this openness and desire to invest in security in the long run. As digital transformation grows in importance for companies in all sectors, attacks become more sophisticated; therefore, building new measures to safeguard the business means thinking ahead of fraudsters to prevent malicious attacks.
In the medium and long run, Sameday’s innovation plans are focused on predictable delivery for customers and couriers alike, with the aim to reach the same level of convenience offered by food delivery or ridesharing apps. Moreover, the company has ambitious plans to explore Green Delivery, with options like drone delivery, which is expected to reduce the shipment time and increase operational efficiency.
If you would like to know how prepared your company is in the event of an attack, our Security and Data Protection team can shed a light on the loose ends. As a one-stop shop for all your security needs, our team can help you develop the right security strategy to keep your digital assets safe and ensure business resilience in the long run.