When Chief Information Officer Rick Gehringer reviewed IT security at investment specialist Wedgewood, his first issue was lack of visibility into a diverse, partly siloed, hybrid infrastructure. He and Cybersecurity and Compliance Manager Aladdin Alsati partnered with KMicro with the mission to build protective security measures that will stop discovered threats before they disrupt business operations, and allow for the immediate detection and response to new threats.
“It was clear to us that Microsoft Sentinel was the best vehicle for this journey because it works with our current products, and it advances our plans to create a security environment built around Microsoft.”
Rick Gehringer, Chief Information Officer, Wedgewood
Wedgewood is a real estate company with a diverse collection of businesses, specializing in single and multi-family residences across the United States. Headquartered in California, the company operates from 20 offices, with the creativity and agility of a startup. Wedgewood’s 500 staff members work from mobile and onsite locations and from home, and they’re empowered to seek opportunities to revitalize communities while providing new opportunities for the company.
Rick Gehringer, Chief Information Officer at Wedgewood, describes the hybrid on-premises and cloud IT infrastructure that he oversees as vitally important to the business. But it’s a work in progress, and his strategy to transform the operation and consolidate around a Microsoft Azure based environment is gathering momentum.
Peeling the security onion
According to Gehringer, the challenge for midsize organizations is that hybrid architectures are often a mix of acquired, inherited, and sometimes outdated deployments. These can be inefficient, costly to maintain, and perhaps most important, difficult to secure. “That mix only makes the attack surface larger,” he says. “It’s hard to know your environment well and develop awareness of associated risks when it’s sprawling.”
That observation helped frame Gehringer’s goals when he took his current position over two years ago: efficiently and purposefully increase visibility into the environment and harden it against identified risks. “Security is like an onion,” Gehringer says. “I wanted to identify all the areas where we needed a solution for security while eliminating overlapping layers and ensuring that we maintained all required workflows and mechanisms for our people to work effectively and efficiently.”
Gehringer worked with longtime Wedgewood Cybersecurity Manager Aladdin Alsati to help transform the company’s security capabilities.
Partnering for a managed Microsoft Sentinel solution
Gehringer had already made major infrastructure investments in Dynamics 365 for customer management and was familiar with operating in a Microsoft environment. His team also deployed Microsoft Teams for enhanced productivity and collaboration in response to COVID-19, which had helped accelerate the transition of about 85 percent of Wedgewood’s staff to working remotely. He and Alsati realized that a Microsoft platform security solution built on Microsoft Sentinel could help secure and manage the entire environment, including a variety of existing security solutions.
They decided to engage a partner to help design a managed security service that would provide the solution they needed, and the skills and effort required to operate it. “We deployed Microsoft Sentinel and had KMicro, a premiere Microsoft gold partner with deep expertise in Cybersecurity Managed Services leveraging Microsoft Sentinel, help with the event management piece. KMicro has been instrumental in getting us to this point as our technical advisory service for security,” Gehringer says. “It was clear to us that Microsoft Sentinel was the best vehicle for this journey because it works with our current products, and it advances our plans to create a security environment built around Microsoft. KMicro’s experience helped fast track the Microsoft Sentinel deployment and provided expert-level resources that assisted with detection, investigation and response to threats.”
Alsati weighed the pros and cons of adopting the managed service versus managing the existing in-house environment, considering the overall goal of further off-premises migration and future consolidation around a cloud-based Microsoft infrastructure. “Although we still have different point solutions, the advantage of using Microsoft Sentinel is that the core of our network and our servers is Microsoft,” he says. “So, we ensure that our core infrastructure is compatible with the new SIEM, and then we’re well positioned to look into that Azure migration and retire our remaining on-premises environments.”
Before and after Microsoft Sentinel: the benefits of a scalpel over blunt instruments
Microsoft Sentinel was the right decision for Wedgewood. Gehringer says that the visibility he’s gained into his environment, coupled with the evaluation and mitigation support from the managed Microsoft Sentinel security information and event management (SIEM) solution, provides a more proactive security posture and effective response. It’s become increasingly important to be vigilant, he says, because even a smaller business the size of his can be subject to similar threats as are larger organizations. “Overseas threats, the ones you see in the press, and those from increasingly well-known bad actors are just as much a concern for us,” says Gehringer; “We can get swept up in the very same issues.”
In the past, the options for responding to those issues were limited. Gehringer says, “We’d use blunt instruments when someone suspected an issue. We’d shut things down and close off access, which negatively affected our business. And it was very clear to everyone because things would temporarily stop working.” But now he’s able to discover risks, identify genuine threats, and tighten security without diminishing user productivity. “In Microsoft Sentinel we have a scalpel with which we can surgically react to what’s happening. The business usually doesn’t even know when we’re responding to a threat, and that’s a really important measure of our success.”
The new managed service is already providing more comprehensive evaluation and response workflows with a greater degree of automation for evaluation and prioritization. Microsoft Sentinel can ingest data from across the environment, from existing Microsoft and third-party on-premises and cloud services by means of Microsoft Sentinel data connectors. Such a comprehensive view provides a single pane of glass that simplifies and accelerates the process of taking decisions and applying remediation for systems administrators.
Alsati says, “We bring in that information from all the underlying security components in order to establish a broader investigation at the Microsoft Sentinel level, where the service orchestrates all those layers and provides a fully coordinated and much more effective response.” Adds Gehringer, “Since we adopted Microsoft Sentinel, we’ve seen seven or eight incidents that have risen up to the orchestration level, and we were able to keep the company secure and eliminate the threat in each instance.”
The Microsoft Security advantage for small and midsize businesses
Gehringer says that cloud migration and a transformed IT security infrastructure is a journey rather than a destination. But he’s convinced that his investment in Microsoft Sentinel, his partnership with KMicro, and his roadmap to further adoption of Microsoft Security features has put Wedgewood on the right path. When asked where that journey begins for small and midsize businesses such as his, his advice is to look for targeted solutions that realize tangible results for specific challenges and circumstances. “You want to get maximum return on investment,” he says. “It takes a lot of thought to make sure that the products and services you’re investing in are of high value and mitigate risks that you’re actually facing, not just vague threats that might be marketed to you. If you can’t justify every dollar that you’re putting into security, you need to revisit your security plan.”
Gehringer also advises avoiding point products in favor of an end-to-end, cloud-based solution. He says it’s a more efficient use of resources, and it offers a holistic mix to better spot vulnerabilities, identify threats, assess risks, and provide support for an optimal response. “You can’t just buy tools, plug them in, and expect them to work—that’s not going to solve the problem,” he says. “The Microsoft solution is comprehensive, and Microsoft Security is at the forefront. The trajectory to the top right of the Gartner Magic Quadrants has been astounding.” Alsati agrees: “We’re moving into a future that’s simpler and safer because of Microsoft Security. That takes some pressure off me and helps me focus on supporting our core business and our workforce productivity.”
Find out more about Wedgewood on Twitter, Facebook, and LinkedIn.
“In Microsoft Sentinel we have a scalpel with which we can surgically react to what’s happening. The business doesn’t even know when we’re responding to a threat, and that’s a really important measure of our success.”
Rick Gehringer, Chief Information Officer, Wedgewood
Follow Microsoft