Trace Id is missing
March 23, 2022

Cautious CIO turns evangelist after a successful migration to end to end Microsoft Security Solution

E-commerce presents a valuable target for cybercriminals, and global e-commerce company QNET recognized the need to adopt a more efficient and secure IT infrastructure. The company migrated on-premises infrastructure to Azure, and replaced its patchwork of security products and services with an end-to-end strategy built on Microsoft Security products and services. The team now has greater confidence from more complete and in-depth visibility into a previously opaque environment. A once-skeptical CIO recognizes increased productivity and transparency from a safer, more productive IT infrastructure and a boosted return on IT investments.

QNET

“After 20 years with QNET, I had reserved judgement as a CIO until I could see the value of the Microsoft Security solution. Now, I’m a believer.”

Ivan Woo, Chief Information Officer, QNET

“Like bears to honey,” says QNET Chief Information Security Officer Egal Egal, “Cybercriminals are attracted to e-commerce.” Why? Because in the highly competitive online retail space, that’s where the valuable customer data and operations information resides.

Global e-commerce company QNET, had previously faced regular threats to its IT infrastructure. The main problem for QNET was lack of visibility into the activities of its on-premises environment. “We had zero visibility. If you’re concerned about security, the number one problem that you must address prior to implementing anything is visibility..” says Egal.

Lacking insight into its own systems led QNET staff to assume that anything they might do in response to a threat, or to try to improve the infrastructure, could make things worse. Ameer Deen, Chief Technology Officer at QNET, compares the staff’s reluctance to a popular but frustrating game: “It was like Jenga—you’re afraid to touch anything because everything might come crashing down.” This had a chilling effect on his staff. “There was extreme pressure at all hours of the day and night. Trying to do anything was extremely difficult, and the applications were often very brittle.”

It wasn’t as if QNET hadn’t invested in security products in the past. “Other vendors brought us bits and pieces, but after having bought all that stuff, we really didn’t know if we were any more secure,” Egal says. He was still frustrated by the inability of those ‘best in class’ products to provide a comprehensive, end-to-end view of activities across his IT environment. As a result, “It was a no-brainer to adopt a more holistic approach with Microsoft Security solutions rather than continue with that patchwork from different vendors,” he says; “I had faith that Microsoft could best meet our security challenges because I see they have aggressively gone after security, investing hugely in it, and backing it with AI and machine learning.”

A transformed outlook for the team

Microsoft Security products interact seamlessly, not only helping secure the entire environment, but also providing ongoing feedback on the performance of the infrastructure to add transparency for monitoring and reporting activity. Deen says that the company’s IT staff members now feel confident that they have an accurate picture of the overall organization and its security. “It’s a massive mental shift that we’ve worked through,” he says, adding that IT now feels empowered and confident enough to take a more proactive role in managing the security infrastructure. And it’s not like Jenga anymore, he says. “We’re at the other end of the spectrum—we have a transformed outlook, and we’re not afraid to intervene, make changes, and try things out.”

Deen adds that it’s not only liberating, but it’s a sound cloud design principle. “Engineering for chaos, literally breaking things safely and on purpose only to make them stronger,” he says. “We understand that’s the only way to make our infrastructure more robust.” Deen offers a great example of that transformed outlook; “We set up a datacenter in the cloud—everything was setup as infrastructure as code. Somebody deleted something by mistake, it turned out that something was the entire data center.  Every network, switch, DNS, router, server, the whole thing.  His reaction? ‘I guess I pressed the wrong button’. It was a learning experience; it would have been a catastrophe had it all been on-premises.”

Ivan Woo, Chief Information Officer at QNET, says “we used to see DDoS attacks almost weekly, and as an e-commerce company any downtime has a direct impact on revenue. One time, we were offline from Friday to Monday with losses in the millions.” But it’s not just financial losses that concerned Woo. “The effect has multiple layers—hackers could obtain our data and offer it to competitors. Then there’s possible reputational damage from leaked information, direct revenue impact of downtime, and internal risk from phishing attacks.” Something had to change.

An evolved QNET IT infrastructure

Change began in 2019 with the beginning of a journey for QNET that included embracing Microsoft 365 E5, migrating IT operations to Azure, and replacing a collection of improvised 3rd party security products with Microsoft Defender for Endpoint, Microsoft Defender for Cloud and Microsoft Sentinel.

Deen says that transformation to cloud brought not so much revolutionary as it did evolutionary change. “Though the fundamentals are pretty much the same as on-premises, what truly changes when you go to the Microsoft cloud platform is the operating model and how you interact with your infrastructure,” Deen says. “Automated workflows, APIs, tools, powerful UI, and improved governance bring repeatability and stability.” He offers the example of replacing outdated antimalware products with Microsoft Defender for Endpoint, which deployed easily and offered automatic threat signature updates to keep systems current with no additional intervention.

He considered other options, but Azure was a natural choice, he adds, not only because of the fit with QNET’s existing investments in Microsoft products and services. “We made a business case, we did some analysis, and it seemed like for many different reasons, including cost, support, licensing and from an overall capability perspective, Azure was a much stronger fit for our needs than was Amazon Web Services, for example.”

Must-have security features

“There are three Microsoft security products in particular that I can’t live without today: Microsoft Sentinel, Microsoft Defender for Endpoint, and Microsoft Defender for Cloud,” says Egal. “These three services are central to our security.”

Defender for Endpoint, he says, is a key driver in QNET’s journey toward Zero Trust. “From our Microsoft 365 E5 suite of products, one product that’s been particularly helpful for us is Defender for Endpoint. That’s the endpoint detection and response system that we have for all of our servers, including our desktops and laptops.”  Egal remembers an incident from July 2020, when, Defender for Endpoint caught a web shell attack on one of our critical web servers. “It caught the entire timeline because it knows the behavior of the system, what is normal, what is right and what is wrong.”

Alongside Defender for Endpoint, Defender for Cloud provides a continuous flow of information on the security of our cloud services and user activities. “Microsoft Defender for Cloud provides us Secure Score that we monitor to make sure that our cloud security posture is where we want it to be.” Says Egal. “It gives us the ability to define what good security looks like for us. We’ve operationalized Microsoft Defender for Cloud, and we're looking at that Secure Score percentage changes on a weekly basis and make changes as necessary.”

And Microsoft Sentinel brings the entire landscape—on-premises and cloud infrastructure, devices, products, and services—together for orchestrating collection, analysis, and mitigation workflows. QNET has been ingesting around 150 gigabytes (GB) of data per day into Microsoft Sentinel from across the cloud infrastructure, including Office 365, cloud applications, SQL servers, user identity, and from remaining on-premises resources and endpoint devices. Administrators can now build a complete picture not only of infrastructure, but of user behavior. “We pump all that data into Azure Log Analytics,” says Egal. “We’re able to see how people are using resources, recognize risky behavior, and flag it. That’s where we run all our compliance standards and help ensure we’re where we want to be.” Recognizing user behavior is key because unintentional and intentional breaches of security and compliance standards are recognized as among today’s leading threats. And oftentimes, risk and productivity can be two sides of the same coin because protecting assets also helps ensure ready access when required and authorized.

Microsoft Sentinel also offers a new level of integration and automation for identifying and acting on threats to the overall environment, with available scripts that can be used to fine-tune detection and response. Egal gives an example of learning from the Microsoft Security blog about a potential threat and writing a query to check his environment and generate an incident report if necessary; “We’re able to find out what we need to know with a simple set of KQL queries,” says Egal. “We can hunt for anything now. We never had that ability before.” It’s a straightforward process, he says; “I can go into a blog that essentially has a set of IOCs of some threat intelligence. Then in Sentinel, I can easily write up a query that will generate an incident.” Egal sums up the advantage: “QNET couldn’t do this two years ago. it’s a huge leap forward.”

Believing in the ROI

CIO Woo says that he, too, has learned from QNET’s migration to the Microsoft cloud platform and the company’s investment in Microsoft Security technologies. “After 20 years with QNET, I reserved judgement until I could see the value of the Microsoft Security solution. Now, I’m a believer.” The value, he says, isn’t so much in cost savings but in the performance of the solution and its impact on his organization. In fact, QNET, he says, has similar IT costs as it did before transition to the cloud. But now the company has secured its entire infrastructure compared with the 25 percent or so from before the migration, there’s a corresponding boost in user experience and overall productivity for his IT administrators, and lowered risk is helping protect his company’s reputation and its business bottom-line.

Increased visibility and control also bring a corresponding level of transparency when Woo reports on his infrastructure and operations to risk and compliance teams, and to executives in the broader QNET organization.  It enables him and his staff to be far more proactive, bringing potential threats under control before a problem is reported. “we tell the director, this has happened, but it’s not an issue because we were able to detect and resolve it already.  That’s a huge improvement over a few years ago. I think that transparency of your IT operation is key to success in the digital world,” he says. “That’s where the ROI increase from the Microsoft cloud platform lies, and that’s why other organizations like ours should consider adopting it.”

Find out more about QNET on YouTube, Facebook, Twitter, and LinkedIn.

“Though the fundamentals are pretty much the same, what truly changes when you go to the Microsoft cloud platform is the operating model and how you interact with your infrastructure. Automated workflows, APIs, tools, UI change management, and governance bring repeatability and stability.”

Ameer Deen, Chief Technology Officer, QNET

Take the next step

Fuel innovation with Microsoft

Talk to an expert about custom solutions

Let us help you create customized solutions and achieve your unique business goals.

Drive results with proven solutions

Achieve more with the products and solutions that helped our customers reach their goals.

Follow Microsoft