With agricultural and food industry clients around the world, Rabobank has a widespread IT estate to protect. The bank’s mission of “Growing a better world together” hinges on a blend of innovation and strong ethical principles. For the Rabobank Cyber Defense Center, that means securing a vast and disparate hybrid, multicloud environment. Not content to merely keep up, Rabobank rolled out Microsoft Security solutions to implement proactive, effective security and compliance—all while optimizing cost and security team productivity.
“The difference we’ve experienced in visibility and threat detection since deploying Microsoft Security solutions is like night and day.”
Raoul van der Voort, Global Service Owner, Cyber Defense Center, Rabobank
Rabobank honors the people who grow our food, like the farmers who originally depended on the nascent cooperative to fund their enterprises. True to its roots as a community bank in the Netherlands, the Utrecht-based bank supports growers of sustainable foods, focusing on answers to important social and environmental challenges. That original small community of Dutch farm families now supports growers around the world—it’s now the second-largest bank in the Netherlands and the second-largest agricultural bank in the world.
Protecting the data and information that supports this sprawling enterprise is a complex undertaking. That’s why Rabobank manages its multicloud environment with Microsoft Security solutions, using Microsoft Sentinel to tie together insights from throughout the company, and Microsoft Defender for Cloud for threat detection and response. Thanks to the consolidation it achieves with Microsoft Security solutions, Rabobank now works with just four security vendors rather than 20, with licensing savings—and most importantly, security—on the rise.
Carving out a cyber defense strategy for an evolving world
The Cyber Defense Center at Rabobank has its work cut out for it: four security operations centers (SOCs) dispersed across the planet, with the main SOC for Europe in the Netherlands. The other three are in the United States for the North America region, Brazil for the South America region, and one in Australia for the APAC (Asia Pacific) region. That dispersed security team of fewer than 400 people safeguards more than 40,000 Rabobank employees and thousands of contract workers in 38 countries.
Size isn’t Rabobank’s only security challenge. At more than 120 years old, the organization has long-standing systems that form a sizeable chunk of its estate. And its global presence dictated maintaining several on-premises systems to satisfy different regulations, all of which can change at any time. The threat landscape continues to intensify, with ransomware being one of the most critical security issues in the Netherlands. Rabobank’s multicloud strategy further complicates the picture—it uses Azure, Amazon Web Services, and Google Cloud. This strategy poses no management challenges for Rabobank, however, because it uses Microsoft for a bird’s-eye view of the entire multicloud, hybrid environment.
Given the difficulty in finding security engineers with the right skills, along with the undeniable efficiencies and economies of the best-in-suite approach, Rabobank assessed its cybersecurity management model in 2018 and embarked on a major change.
Forming a unified security posture with Microsoft Security solutions
The bank decided to shift from a “build it in-house” approach and use as much out-of-the-box functionality as possible. A longtime Microsoft business productivity app customer, Rabobank immediately capitalized on the security tools in Microsoft 365 and replaced its Symantec desktop solution with Microsoft Defender for Endpoint, adding Microsoft Defender for Identity to help protect its on-premises Active Directory environment with cloud technology. It was just the beginning.
At the start of its cybersecurity upgrade, Rabobank used security solutions from more than 20 vendors. The company’s Defender for Cloud deployment marked a turnaround. “Our engineering team previously spent most of its time working to keep everything up and running and trying to integrate all those systems,” recalls Raoul van der Voort, Global Service Owner, Cyber Defense Center at Rabobank. “It’s difficult to ensure that we have full insights from a security perspective when our platforms are so varied. We wanted protection and visibility everywhere,” he adds. “That’s why we use Defender for Cloud—it gives us single pane of glass visibility across our hybrid and multicloud environment.”
The company relies on the Microsoft Secure Score features in Defender for Cloud as a way for individual departments to take charge of securing their own data. “We benefit from the various departments within Rabobank using their close knowledge of their own data to best assign risk and also address open issues they find with Secure Score,” explains Nico van de Haar, Global Lead Cyber Security Engineer at Rabobank.
Rabobank replaced several more non-Microsoft and custom tools, including multiple security information and event management systems (SIEMs), like Splunk, with Microsoft Security solutions, notably Microsoft Sentinel and Azure Monitor Logs. “We’ve been able to replace a number of SIEM technologies and other security solutions,” says Van de Haar. “We no longer needed them after we began deploying Microsoft Security solutions.”
The Cyber Defense Center added the extended detection and response (XDR) solution within Defender for Cloud, integrated with Microsoft threat and vulnerability management. “We’re saving about €400,000 by replacing Qualys with Defender for Cloud threat and vulnerability management functionality,” says Van der Voort.
Needing a cloud access security broker to help safeguard its software as a service (SaaS) apps, Rabobank again turned to Microsoft technologies, including Microsoft Defender for Cloud Apps. “We use Defender for Cloud Apps for visibility over everything in our cloud estate,” says Van der Voort. “We can see which SaaS services are being used without Conditional Access or what types of traffic go with certain services, and we can relate that to security scores for those apps.” Rabobank used the visibility it gained over its full landscape with Defender for Cloud Apps to better understand what areas needed closer management. Azure Arc is key to that strategy. ”We’re deploying Azure Arc to organize and fully manage our complex hybrid, multicloud environment,” adds Van der Voort. “We expect from €2 million to €3 million in savings from using Azure Arc.”
Today, the Rabobank security vendor count stands at four. “Microsoft isn’t only our main vendor—it’s the one that gives us the most functionality,” says Van der Voort.
Meeting the compliance challenge
The Cyber Defense Center wanted Rabobank’s systems to comply with Center for Internet Security (CIS) benchmarks, a set of cybersecurity best practices that apply to operating systems, devices, server software, and other aspects of an organization’s IT estate.
Van der Voort considers standardization as the key challenge to compliance. “We use so many different platforms and services, not just on-premises, but also in the cloud,” he explains. “Standardization has been one of our biggest challenges to ensuring compliance. We use the compliance center module in Defender for Cloud to assess our CIS compliance because everything is in one place. Showing regulators that we’re compliant and understanding what we need to work on is easy.” That information is critical for a wide range of users, from DevOps teams to higher management.
Setting the stage for ongoing successes
With all its talent and cutting-edge technology at hand, an organization ultimately depends on individual members of its security teams. “Training our people who do the frontline investigations so that they can react appropriately is crucial,” says Van de Haar. “We have our people take the Microsoft Ninja training, and we’ve created our own extended version. Our Samurai training adds the specific Rabobank configurations and internal security team contacts.”
The Cyber Defense Center is pleased with its across-the-board benefits, but ultimately, security is top priority. “The difference we’ve experienced in visibility and threat detection since deploying Microsoft Security solutions is like night and day,” says Van der Voort. “For me as a security guy, that far outweighs cost savings. The moment we’re able to mitigate a ransomware attack, we’ve already saved much more than that for Rabobank.”
Find out more about Rabobank on Twitter, Facebook, LinkedIn, and YouTube.
“We benefit from the various departments within Rabobank using their close knowledge of their own data to best assign risk and also address open issues they find with Secure Score.”
Nico van de Haar, Global Lead Cyber Security Engineer, Rabobank
Follow Microsoft