AVEVA, a global leader in industrial software, strengthens its cybersecurity posture and streamlines its security operations.
AVEVA successfully migrated to Microsoft Sentinel to provide reliable, centralized security across a growing cloud footprint.
This migration has resulted in improved efficiency, enhanced threat detection capabilities and significant cost avoidance
As part of a company-wide effort to modernize operations, AVEVA, a global leader in industrial software, was moving all its applications to SaaS. To support this goal, the company needed a robust, cloud-native security solution that could scale with its growing footprint. Proactive cybersecurity provisions across the entire estate were strategically imperative to ensure complete visibility and protection.
“Microsoft Sentinel supports our move towards proactive security delivery by empowering us to be more efficient and effective,” explains Philomena Lavery, Chief Information Security Officer at AVEVA.
Upon joining the company, the new Chief Information Security Officer (CISO), Philomena Lavery implemented changes to enhance AVEVA's approach to security. “For us, relationship is just as important as technology,” Lavery explains, “We wanted a partnership with a supplier who would work alongside us to achieve our security goals.” The relational approach was not the only change she suggested. “The rise of artificial intelligence is changing the game from both offensive and defensive standpoints. We wanted to get upstream, changing our stance from defense to offense.”
AVEVA recently undertook a strategic initiative to enhance the efficiency and scalability of its Security Operations Center (SOC). As the organization continued to grow, it became increasingly important to streamline security tools and ensure that investments were aligned with operational needs. While the previous SOC solution provided foundational capabilities for proactive defense, certain advanced features required additional licensing, which led to higher costs. Over time, overlapping functionalities across multiple tools became apparent, prompting a comprehensive review of the security analytics environment. “We recognized an opportunity to simplify and optimize our toolset,” said Haffezal Yahaya, Director of Global Security Operations at AVEVA. “By consolidating platforms, we not only reduced operational complexity but also positioned ourselves to scale more efficiently as our usage expands over the next two years.”
“Microsoft Sentinel supports our move towards proactive security delivery by empowering us to be more efficient and effective.”
Philomena Lavery, Chief Information Security Officer, AVEVA
As AVEVA’s cloud footprint continued to grow particularly within Microsoft Azure, the organization saw an opportunity to align its Security Information and Event Management (SIEM) capabilities with its broader cloud strategy. With a strong internal Microsoft skillset and a focus on long-term scalability, Microsoft Sentinel emerged as a natural fit for the next evolution of AVEVA’s security operations.
To support this transformation, AVEVA engaged BlueVoyant, the 2024 Microsoft Worldwide Security Partner of the Year, to provide expert guidance and deployment for the new approach. BlueVoyant led a proof-of-concept deployment that effectively showcased Microsoft Sentinel’s advanced capabilities, helping secure internal approval for full-scale implementation.
Several factors influenced the decision to adopt Microsoft Sentinel, including its cloud-native, scalable architecture, integrated automation and analytics, cost-effectiveness, and comprehensive Security Orchestration, Automation and Response (SOAR) capabilities.
The migration effort was executed as a like-for-like transition from the previous SIEM platform, ensuring continuity of existing features while incorporating enhanced capabilities to support projected growth over the next two years. The success of the project was made possible through strong cross-functional collaboration, the technical partnership with BlueVoyant, and AVEVA’s established relationship with Microsoft.
That is not to say the deployment project was entirely problem-free. AVEVA’s security team needed to upskill to ensure they were able to use Microsoft Sentinel effectively. The in-depth knowledge and extensive experience of BlueVoyant consultants was invaluable.
“The BlueVoyant team really understands the Microsoft Sentinel product in depth,” says Shanthan Yellambhatla, Security Program Manager at AVEVA, “They would listen to our suggestions and follow up with their own improvements. Their knowledge and responsiveness were essential to helping us meet our project deadlines.
AVEVA Director of Security Engineering, Nick Channing agrees, “We worked together with BlueVoyant engineers in live sessions to build and improve the custom SIEM connectors required to full integrate Microsoft Sentinel into our environment. This assistance, coupled with the wider Microsoft community has been instrumental in driving continuous improvement across the AVEVA ecosystem.”
“There was no magic involved in our project,” Lavery concludes, “It was the complete commitment of our in-house stakeholders and the strong relationship with Microsoft and BlueVoyant that got this project across the line, on time.”
The migration to Microsoft Sentinel has delivered significant benefits to AVEVA. Enhanced capabilities included seamless integration with Microsoft Active Directory and Microsoft Defender for Business, built-in SOAR functionality, and improved user experience with central dashboards. The company is also testing AI-powered security assistance with Microsoft Security Copilot.
Operations have been streamlined, transforming SecOps processes, enabling faster and more efficient detection and response, improving cross-functional visibility, and facilitating data-driven decision-making. Scalability has been improved and aligned to business growth as well.
“Rising costs were a significant factor in our decision to migrate to a new SIEM platform,” explains Haffezal Yahaya, “However, we chose to focus on cost avoidance rather than cost cuts.” This focus paid off when AVEVA avoided 40 percent of their SIEM costs in Year 1 and 50 percent in the following year.
Switching to Microsoft Sentinel has delivered additional benefits. Efficiency improvements were notable, with a double-digit improvement in developing and tuning use cases, and a 30- 40 percent efficiency improvement through automation. AVEVA expect efficiency to increase further as they apply more artificial intelligence and automation to their security operations.
AVEVA continues to leverage Microsoft Sentinel to reinvest time savings into developing new use cases, extend and improve SIEM capabilities, and focus on proactive threat hunting and strategic security decisions. Philomena Lavery, CISO at AVEVA, emphasizes the importance of people in security: "Security is about people. Upskill and empower the team to get involved, it helps to encourage buy-in to get the project done and to enable the switch to proactive security provision."
Yahaya is also keen to emphasize the people aspect, “SIEM has to be at the heart of everything. And by automating manual activities, you can free your teams to focus on critical thinking activities – or as I like to call it, ‘fun work’.”
By migrating to Microsoft Sentinel, AVEVA has not only enhanced its security posture but also positioned itself for future growth and innovation in cybersecurity.
Follow Microsoft