Trusted IT consultant and Microsoft Gold partner LAB3 specializes in cloud-forward IT solutions for enterprise and government clients. So it makes sense that its own infrastructure can serve as an example for customers looking for their own state of the art security and compliance solution. LAB3 chose technology from Microsoft Security, protecting its internal production and development networks with Microsoft Defender extended detection and response tools, and including orchestrated organization-wide security information and event management (SIEM) from Microsoft Sentinel.
“Microsoft Security is in the top Gartner Magic Quadrant and provides the perfect base for us to build on to provide greater value for our shared customers. They can reduce their costs and improve their security posture by investing in a single partner with a single leading-edge platform solution that displaces the chaos of separate, siloed products and services.”
Anthony Wales, Director of Network & Security, LAB3
With increased security risk from growing cloud investments, LAB3 set out to earn the trust of all its customers by not just talking security but fully adopting all security and compliance practices. “All of the security-related solutions we recommend to our customers, we use ourselves,” says Anthony Wales, Director of Network & Security at LAB3. “We model best practices to instill confidence, not just in our security solutions but across every area of our business.”
Best-in-breed platform security
Among the largest Microsoft Azure specialists in Australasia and fully committed to Microsoft cloud solutions and infrastructure, it makes sense for LAB3 to also turn to Microsoft for its security and compliance technologies. “A good few years ago, the approach might have been to pick a handful of individual solutions to solve individual issues. Mimecast, CrowdStrike, or something else,” says Wales. “Those bits and pieces can be costly and very difficult to manage. Today, using Microsoft offerings, we give you cost effective simplicity by providing a holistic, best-in-breed platform with extended detection and response tools combined with integrated Security Information and Event Management.” With these leading-edge security features, LAB3 gains end-to-end visibility into potential threats across the entire business; it also gets sorted information, with prioritized alerts to enhance efficiency and effectiveness of responses with built-in intelligence and automation.
An organization-wide solution
Wales stresses the value of platform-based security infrastructure - both comprehensive enough to cover the entire organization, and flexible enough to apply to specific environments as well as adapt to changing conditions. “Security is integral to every part of LAB3,” he says. “We have taken a secure-by-design approach to earn the trust of our customers, ensuring we always meet our internal obligations first. All the products we adopt, the workflows we use, and the people, processes, and technology align to a security-in-depth mindset.” He points out that this makes for a more efficient overall business through the avoidance of compliance violations that might otherwise cause operational roadblocks. “Developers will know from the time they start creating right through to production that they are fully compliant.”
LAB3 favorite features
What are the top features of the Microsoft Security suite used by LAB3? “Oh, we use a lot of them!” says Wales. “Microsoft Defender protects the workloads that we run our internal apps on. We use Microsoft Information Protection and Endpoint Data Loss Prevention for data protection, document tracking, and so on. Insider Risk Management, part of Microsoft 365, is crucial for us, and our customers who entrust their data to us. We use Microsoft Defender for Cloud Apps, and we use Microsoft Defender for IoT to provide discovery and security monitoring for our in-house developed IoT hardware products.”
For LAB3, there are three major areas to seek advantage in developing, building, and operating a more secure and compliant infrastructure: technical, economic, and operational. Microsoft ticks all the boxes. “Microsoft is in the top Gartner Magic Quadrant for all of its security technologies for a reason. We recognize that, and our customers do too. Costs are reduced by investing in a single partner with a single leading-edge platform solution that displaces the chaos of separate, siloed products and services,” says Wales. “The operational advantage of integrated, end-to-end tools and services is massive. It’s easier, quicker, and more efficient for administrators who appreciate the ability to get more done in less time.”
Operational efficiency through automation
Powered by Microsoft’s automation capabilities, Wales sees operational efficiency not only in deployment processes but across the entire security life cycle. He identifies two additional phases which benefit from automation: lifecycle management and reaction.
“With lifecycle management, from design through to development and testing, automation means we can isolate environments, test changes, and safely push out new configurations at speed in a uniform and repeatable manner,” says Wales. “And then with reaction, we have automated threat responses, using Microsoft Sentinel to enrich incidents with further contextual information, history, and so on. Many reactions can be automatic, informing users, modifying access, creating reports, and driving monitoring and reporting tools through IT Service Management Connector (ITSM) in Azure Monitor. This together with Microsoft Sentinel filters out noise from unimportant events saving administrators a massive amount of time.”
Security as code
LAB3 also takes advantage of Azure resource deployment through Infrastructure as Code (IaC), so IT teams can deploy new features, change and update configurations quickly, reliably, and in a repeatable fashion. It helps avoid errors introduced by manual processes, whilst allowing for easy reversal of changes if required. When it comes to deployment, LAB3 can take an organization from zero to a fully-configured SIEM solution with Security Orchestration, Automation and Response (SOAR) capability in under five minutes using Microsoft Sentinel!
Although IaC has been common practice for some time, LAB3 is among the first to apply it specifically to security infrastructure development and deployment. Security IaC integrates security and compliance into Continuous Integration and Continuous Delivery (CI/CD) practices, streamlining operations, and enhancing security while it raises overall agility.
Wales notes that “our internal security team can use code to automate all aspects of platform management – the tedious but crucially important stuff. They achieve higher levels of governance because it’s fully automated and every change is recorded, along with who did it and what the approval process was.” And the best part, he says, is that “now our security team can get out of the weeds and pinpoint deeper threats, focusing on their primary job of keeping LAB3 and its customers’ business safe.”
Flexing Bicep to strengthen ARM
Igor Loza, LAB3 Security Practice Lead, is excited about the ability to incorporate security into his established DevOps process. “We get to use all our DevOps best practices, creating end-to-end lifecycle development and deployment workflows for security,” he says.
LAB3 scripts security deployment through Bicep, a domain-specific language for quick and efficient deployment of Azure resources through Azure Resource Manager. “The Bicep model is really simple, efficient, and easy to extend. It doesn’t create complex deployment objects; it only requires you to specify changed components. Everything else just gets built out automatically,” says Loza. LAB3 has built a library of tested and approved security modules that it deploys in combination as required. “We glue them together with Bicep along with all dependencies and references. Then we click a ‘Deploy’ button, and that’s it. For us, it’s perfect,” he adds.
A comprehensive and impartial solution
For its own internal operations, the cloud of choice is Microsoft Azure, but LAB3 provides multi-cloud solutions for customers who bring diverse challenges with a range of on-premises and multi-cloud environments. This validates the Microsoft Security infrastructure at LAB3 is flexible and adaptive to a myriad of environments. Wales says this is something his organization depends on internally, as it develops its library of broadly compatible solution modules. “It not only works with Microsoft very, very well, Microsoft Sentinel provides complete coverage for multi-cloud, SaaS, on-premises, and all your other cool sources of data; plus, it gives you a single, unified point of view into your overall security posture.”
He adds, “If you don’t believe it, give us just a few minutes and we’ll spin up a demo for you!”
“Today, using Microsoft offerings, we provide a holistic, best-in-breed platform with the extended detection and response tools combined with Security Information and Event Management.”
Anthony Wales, Director of Security and Networks, LAB3
Follow Microsoft