OMV Aktiengesellschaft needed to modernize its security operations to keep pace with rapid growth, evolving threats, and the demands of digital transformation.
The company used Microsoft Sentinel, Defender XDR, and Azure Data Explorer to unify security operations, automate workflows, and scale more efficiently.
OMV Aktiengesellschaft reduced costs, cut mean time to respond (MTTR) by half, and gained rapid access to critical insights, empowering the business to innovate securely.
MTTR cut 50%
OMV Aktiengesellschaft, a global leader in energy, fuels, and chemicals with 23,600 employees, is reinventing essentials for sustainable living and focusing on circular economy solutions. But as security data volumes surged and threats evolved, its legacy on-premises security information and event management (SIEM) solution couldn’t keep pace.
Scaling security capabilities meant costly, time-consuming hardware upgrades and complex integrations. These slow integrations hindered the ability to analyze growing data sets and respond quickly to threats. Adding new data sources was challenging, creating operational delays and rising costs while attackers became more sophisticated.
OMV Aktiengesellschaft needed a modern solution to unify its Security Operations Center (SOC), automate workflows, and scale efficiently.
“It’s not just about detecting threats. Microsoft Defender XDR unifies our security environment, so everything works together seamlessly.”
Ulrich Koinig, Cyber Defense Manager, OMV Aktiengesellschaft
OMV Aktiengesellschaft wanted seamless integration with its Microsoft 365 E5 security products, plus the ability to scale rapidly and keep control over data privacy for the General Data Protection Regulation. This control included self-managed encryption keys to meet internal and regulatory standards. “Moving to the cloud and meeting our data compliance requirements was only possible with customer-managed keys for Azure Storage encryption,” says Ulrich Koinig, Department Manager of Cyber Defense at OMV Aktiengesellschaft.
After evaluating the market, OMV Aktiengesellschaft selected Microsoft Sentinel as the foundation for its SOC. The Microsoft Unified Support team helped with the transition, working with OMV Aktiengesellschaft to validate architectural concepts and ensure smooth deployment.
For scalability and efficiency, OMV Aktiengesellschaft relied on built-in automation in Microsoft Sentinel, flexible data tiering in Azure Data Explorer, and integration with Microsoft Defender XDR. “It’s not just about detecting threats,” says Koinig. “Microsoft Defender XDR unifies our security environment, so everything works together seamlessly.”
Integration with Microsoft 365 paid off. “Sentinel gave us the freedom to control our data and to adapt and evolve,” says Koinig. “Automating workflows, integrating threat intelligence from multiple sources, and tapping into the Microsoft security ecosystem have been game-changers.”
Automation is another boost. “With Logic Apps in Sentinel, we automate our security workflows, so we’re not dependent on manual updates from our external security partner,” says Koinig. “We can ensure our security operations are always aligned with current threats.”
“Microsoft Sentinel empowers us to protect our business and innovate with confidence. We can respond to new threats quickly, and our data privacy is fully under our control.”
Ulrich Koinig, Cyber Defense Manager, OMV Aktiengesellschaft
OMV Aktiengesellschaft has strengthened security coverage and boosted operational efficiency. The SOC now manages a higher number of incidents without adding staff. It also benefits from automated processes that speed investigation and response. The company handles routine tasks—like correlating alerts, gathering context, and prioritizing threats—with automated logic apps and runbooks.
This shift has reduced alert fatigue and enabled faster, more accurate decision-making. “Automation has cut mean time to respond in half. Before, analysts spent minutes gathering context from multiple tools. Now, Sentinel does that instantly,” says Koinig.
“We’re able to do more with less,” Koinig continues. “With automation, our analysts spend less time on manual tasks and more time on strategic investigations. The system handles low-priority alerts; we can concentrate on the threats that truly matter.”
OMV Aktiengesellschaft’s planning and data architecture have delivered a 10 percent cost reduction on SIEM/SOC operations. By streamlining security data management, the company also ensured rapid access to critical insights for threat detection and compliance, while still processing more than five terabytes of data daily.
With the unified portal in Sentinel and integration across the Microsoft security ecosystem, OMV Aktiengesellschaft can expand its capabilities. Future projects include expanding to AI-driven security tools, Zero Trust capabilities, data loss prevention monitoring, and AI-powered phishing detection.
“Microsoft Sentinel empowers us to protect our business and innovate with confidence,” says Koinig. “We can respond to new threats quickly, and our data privacy is fully under our control.”
Discover more about OMV Aktiengesellschaft on Instagram, LinkedIn, X/Twitter, and YouTube.
Follow Microsoft