Suppose your company routinely acquires businesses that vary in size and IT sophistication. Further suppose that preserving their brand identities, operating models, and community involvement is vital to your business ethic. How would you manage all that disparity while affording those companies operational independence, especially when they vary widely in size and IT budget? Building material supplier US LBM answered that question by centralizing its technology management and adding automation from Microsoft 365 Defender and Microsoft Sentinel. It provides new acquisitions with connected Microsoft Security solutions for proactive visibility and a degree of security that the company had never before achieved.
“We scored higher than the benchmark during a recent independent maturity assessment. I attribute a large portion of that to our rollout of Microsoft 365 Defender and our use of Microsoft Sentinel.”
Mark Grimmelikhuijsen, Vice President of Information Security and Compliance, US LBM
Mixing local focus with national scale
“One for all, and all for one” could easily be the motto of US LBM, a powerhouse supplier of specialty building materials. Its unique operating model gives consumers the service and satisfaction of working with a favorite local supplier while enjoying the advantages that only a national company can deliver. US LBM’s network of local brands operate in more than 450 locations across the United States—the fruit of its growth through more than 80 acquisitions since its founding in 2009.
That lightning trajectory allowed US LBM to traverse into spaces such as retail, lumber yards, distribution, and manufacturing. But that growth posed a challenge for the company’s IT group, who over a five-year period from 2017 through 2022 contended with an explosion of users, from 3,000 to more than 15,000 employees. Moreover, acquisitions join US LBM with their own brand identities, customer bases, independent management, and local specialties. Preserving their regional flavor and independence is vital to the company’s model. Bringing so many diverse companies together created significant benefits from economies of scale. But the corporate IT team struggled to gain full visibility into the decentralized IT environment, an issue complicated by widely varying cybersecurity maturity levels among those acquisitions.
US LBM IT leaders knew that centralization was key to creating a sustainable strategy, but several factors needed to be reconciled: widely varying IT budgets and levels of sophistication, rural areas with connectivity issues, and a growing attack surface. Leadership solved vendor sprawl, improved security, and greatly simplified cybersecurity management by deploying Microsoft Security solutions—at a price that worked for the entire family of US LBM companies.
Shining new light on cybersecurity
The memory of so many independently managed IT organizations and disparate security solutions is still fresh for the company. “Every morning began with wondering if an email might mushroom into a virus-related issue,” says Mark Grimmelikhuijsen, Vice President of Information Security and Compliance at US LBM. “Our teams were trying to unravel and repair situations at smaller companies that didn’t have the resources to implement some of the leading security technologies.”
The company outsourced its security operations center (SOC) functionality to managed detection and response provider BlueVoyant. Security issues created by separate cybersecurity solutions made for complex back-and-forth exchanges between the two companies, detracting from effectiveness on both sides despite their close relationship. US LBM’s previous endpoint protection solution transmitted endpoint security data to its security information and event management (SIEM) system, but it wasn’t cost-effective. That limited US LBM’s use of the solution, precluding full visibility into the entire environment. “We weren't always sure what was covered,” recalls Grimmelikhuijsen. “Did we get all the workstations at a location? Were all of those agents deployed?” And the agent-based deployments weren’t always a fit for a network of companies that included low-connectivity locations in rural areas.
BlueVoyant recommended adopting Microsoft Sentinel and Microsoft 365 Defender for a complete SIEM and extended detection and response solution. “Replacing our previous SIEM was an easy decision,” says Grimmelikhuijsen. “Our cybersecurity was like a flashlight in a darkened room—we only saw the issues within a narrow beam of light. Moving to Microsoft Sentinel and Microsoft 365 Defender was like turning all the lights on. Suddenly, things were clearer.” Frank Ruiz, Cybersecurity Operations Manager at US LBM adds, "The effectiveness of our investigation process is leaps and bounds beyond what we were able to achieve with our previous solutions."
Now, US LBM and its SOC provider see the same comprehensive picture. “But it’s not just about what we see—it’s that both teams see the same data,” Grimmelikhuijsen points out. “Our relationship has also grown stronger. What once felt like something that was outsourced and managed separately is now far more closely integrated with the Cybersecurity Operations team.”
Keeping local flavor and enhancing cybersecurity
The company kick-started an aggressive revitalization journey, rolling out Microsoft Sentinel and Microsoft 365 Defender in 125 days to bring 10,000 workstations and 2,000 servers into one pane of glass. “Our tool and asset visibility has dramatically changed as our endpoint detection and response capabilities have grown because we have data that wasn’t available from our previous tools,” says Ruiz, whose team also rolled out Microsoft Defender for Endpoint. “We can perform deeper analysis with Defender for Endpoint and Microsoft Sentinel. I really like the Microsoft Sentinel feature that shows exactly where a file has gone because that information exposes potential vulnerabilities and risks.”
The company took its device management effectiveness to the next level with Microsoft Intune to manage its rapidly growing inventory. “We’ve achieved a streamlined workflow with Intune that we never had before,” says Jethro Davis, IT Endpoint Security Manager at US LBM. “We know exactly what software has been installed and whether a device is connected with Defender for Endpoint.”
Appreciating significant cost advantages
Initially, US LBM regarded price differences between most of the security solutions it was considering as insignificant. But Grimmelikhuijsen found that the highly interoperable nature of Microsoft Security solutions afforded advantages not only in performance but in affordability. The company expanded its Microsoft Security solution activation to include Microsoft Defender for Cloud Apps as its cloud app security broker. It also layered in Azure Active Directory Privileged Identity Management. “Few people realize how much is in the box with Microsoft Security solutions,” muses Grimmelikhuijsen. “We can move a lot further, a lot faster now because all the insights are right in front of us.”
Those insights and extended capabilities were key to simplifying the cybersecurity insurance process, an increasingly complex and demanding ordeal. Referring to the increased payouts that the pandemic caused for insurers, Grimmelikhuijsen acknowledges the heavy lift to complete insurance qualification questionnaires. The additional detail that insurers are requiring points to a higher bar for corporate cybersecurity. “We’ve heard of organizations without certain security capabilities being denied insurance. Having Microsoft’s set of solutions definitely helps us cover our bases,” says Grimmelikhuijsen. “We scored higher than the benchmark during a recent independent maturity assessment. I attribute a large portion of that to our rollout of Microsoft 365 Defender and our use of Microsoft Sentinel.”
Because the tool set contains so many capabilities, US LBM IT teams were relieved of the burden of managing agents after replacing their previous SIEM solution with Microsoft Sentinel, and this kind of simplicity equals improved cybersecurity. “Da Vinci said that simplicity is the ultimate sophistication,” concludes Grimmelikhuijsen. “We have more to protect than ever, but our team hasn’t had to grow exponentially because its capabilities dramatically increased. Simplifying our environment has not only made us more effective today, but it’s laid a common foundation on which we can continue to build.”
“Our cybersecurity was like a flashlight in a darkened room—we only saw the issues within a narrow beam of light. Moving to Microsoft Sentinel and Microsoft 365 Defender was like turning all the lights on. Suddenly, things were clearer.”
Mark Grimmelikhuijsen, Vice President of Information Security and Compliance, US LBM
Follow Microsoft