Centrally secured: Körber entrusts its security system to Microsoft Sentinel

The challenge: Increasingly complex security attacks across all subsidiaries

Körber is an international technology group with four main business areas: digital, pharma, supply chain, and technologies. In these areas, the company itself and its numerous subsidiaries work and interact with particularly sensitive data. And the security of this data is paramount. “Like many other companies, we’ve observed that the number of cyberattacks has been steadily rising in recent years, and they’re becoming increasingly complex and harder to identify. That’s because cybercriminals, too, know how to use rapid technological progress to their own advantage,” says Andreas Gaetje, Chief Information Security Officer (CISO) at Körber.

Cyberattacks differ greatly in their targets and methods and are often highly individual: attacks through phishing emails and social engineering, which encourage employees to click on malicious links or disclose confidential information; attacks on network connections to gain access and intercept data; and attacks on machines or software to jeopardize the integrity of products. “We can’t prevent all attacks, but we need to ensure that we can respond quickly and effectively to prevent major damage,” Gaetje says. “This is why cybersecurity is firmly embedded in our corporate strategy. Not only do we want to be cyber resilient ourselves, but we also want to lead the way for our customers with confidence—and thus guarantee a uniformly high security standard worldwide.”

Every day, Körber processes 300 to 400 gigabytes of security data from all its subsidiaries. That’s roughly equivalent to three or four million text documents of 100 KB each, and results in a high level of complexity for the company—both in the data and in the IT landscape. Strict regulatory requirements in the business areas complicate things further. “We needed a solution that was flexible and scalable for use at all our subsidiaries. Three aspects are crucial to counteracting security attacks: visibility, speed, and a robust IT infrastructure,” Gaetje says. “As a managed service, Microsoft Sentinel was the tool we needed to gain the necessary visibility and control over our diverse systems and establish a central cybersecurity organization.”

The solution: A central cyber defense center based on Microsoft Sentinel

Körber began evaluating various solutions in March 2024 together with NVISO, member of the Microsoft Partner Network. The company opted for a solution with Microsoft Sentinel, and by June 2024, it was fully rolled out. NVISO´s cybersecurity experts not only provided its technical expertise, but it also contributed strategic advice for optimizing the automation and orchestration of the security processes. As Gaetje points out, “The collaboration with NVISO was crucial to our success and to accomplishing the rollout in record time. Their experience in this area helped us become faster, make our security measures more efficient, and start at a higher level.”

Today, Körber collects all security data in its CDC, filters it using intelligent data aggregation, and then analyzes and monitors it. This ensures efficient, around-the-clock processing of the huge volumes of data worldwide. In addition to threat intelligence (the collection and analysis of threat information), the CDC is also responsible for identifying and managing vulnerabilities as well as monitoring and responding to security incidents. This enables Körber to, ideally, identify potential threats in advance, or to respond to them more quickly—in processes mapped transparently in interactive dashboards. “Speed and visibility are crucial. Every attack is heralded by small indicators. More complex attacks often become apparent only when looking at different signals from different systems, and the faster we localize and neutralize them, the better we can prevent damage,” Gaetje explains. “Our time-to-response and mean time-to-response have dropped enormously thanks to Microsoft Sentinel. This makes our IT infrastructure and us as a company much more resistant to cyberattacks.”

A core element of this success is automation, which keeps cost-intensive manual work to an absolute minimum. Erik Van Buggenhout, NVISO co-founder and partner, says, “We’ve ensured that the systems are robust, that correlations are used effectively, and that the company can respond more quickly.” Predefined manuals and automated responses from NVISO further minimize the effort required and shorten the time it takes to respond to security incidents.

Although further expansion stages are still to come, the advantages are already plain to see: faster response times, reduced manual effort, increased visibility, and greater cost efficiency by optimizing the data. That’s why Körber is already planning to expand the solution with AI so as to make security analyses even faster and more precise. AI will also enable the company to better recognize and respond to more complex and targeted attacks. Körber is further optimizing its security processes for itself and its customers—and is well equipped to counter the security attacks of the future.