Trace Id is missing
November 06, 2020

Process automation company keeps complex landscape safe with Microsoft Azure Sentinel

When a leading robotic process automation (RPA) software company like UiPath takes stock of its security landscape, there’s a lot to consider. With multiple clouds and a sizable on-premises estate to protect, the company needed a solution that would address its complex needs. It chose Microsoft Azure Sentinel and the full suite of Microsoft security solutions. Security is tighter—and easier—than it’s ever been.

UiPath

“When we turned on Azure Sentinel, we were pleasantly surprised at how effortlessly it worked with all our solutions. And it was easy to perform complex searches right from the start. Our team picked it up quickly.”

Gabriel Necula, Security Operations Engineer, Incident Response, UiPath

UiPath is a next-generation robotic process automation (RPA) software provider that organizations rely on for help in removing tedium for employees and to realize maximum operational value. The global company’s software robots interact with computer systems just like a human being would, ingesting data, responding to it, and communicating with other systems. Without the mundane burden of copying and pasting data, filling out forms, and other routine tasks, humans are freed up for jobs that require greater discretion. With RPA, these activities can be processed in a fraction of the normal time—for example, processing small business Paycheck Protection Program loans or scanning medical records for trends related to a contagious disease.

UiPath offerings support a multitude of functions that enable its robots to work effectively in an enterprise environment. It uses Microsoft Azure Sentinel and a variety of other Azure and Microsoft 365 security solutions to help keep its software as a service (SaaS) environment safe and secure.

Security as a mindset

Consider the immensity of the task for an engineer who’s charged with the care of multiple threat vectors that may impact on-premises and cloud resources. For Gabriel Necula, Security Operations Engineer on the Incident Response Team at UiPath, it’s important to get a cybersecurity strategy right from the start and involve everyone. “At the end of the day, security is a mindset,” he explains. “After you have well-established security principles, it’s easy to apply them to any new application in the environment.”

UiPath maintains separate production and testing environments in Azure. Add to that the mobile culture of the UiPath workforce, and the challenge intensifies. The classic corporate network behind the firewall approach doesn’t apply to UiPath, with its highly mobile workforce and global reach. And because the company provides numerous offerings supporting robots, it must address security, privacy, and compliance goals. According to Necula, monitoring must occur across multiple interconnected levels, and a security failure at the on-premises user identity level, for example, can spread to the cloud layer and then to applications and data.

Getting it right from the start: a complete cybersecurity strategy

Necula describes his approach to cybersecurity as a series of logical steps. A security strategy begins with the prerequisites: a workable procedure for signing in and a technology stack that aligns with the company’s security team structure. Then the entire landscape is assessed regarding the applications and data in the cloud, subscriptions, and the on-premises environment. Necula also needed to know how the company’s users work and collaborate. In a lean organization like UiPath, he knew that an interconnected technology would be key to developing a complete cybersecurity strategy. “Microsoft was the most suitable choice for building our security stack as it interoperates very well with many other technologies in our enterprise and cloud environment,” says Ashish Popli, Head of Product Trust, UiPath. “Everything we deployed was very straightforward—a major value for our security, operations, and engineering teams.” 

UiPath uses Microsoft 365 and many Azure security services to create a complete, tightly meshed cybersecurity strategy.

A critical part of that strategy is collaboration between the security team and the engineering teams. “Security isn’t a one-team job,” says Cody Nicewanner, Manager of Cloud Security and Compliance at UiPath. “It must be a collaboration across various teams.” After evaluating multiple options for a security monitoring solution, UiPath turned to Azure Sentinel for monitoring. The cloud-native security information and event management (SIEM) solution collects cloud data across all levels—from users and devices to applications and infrastructure throughout multiple clouds and on-premises. “When we turned on Azure Sentinel, we were pleasantly surprised at how effortlessly it worked with all our solutions,” says Necula. “And it was easy to perform complex searches right from the start. Our team picked it up quickly.”

His team also appreciates that Azure Sentinel can use Jupyter Notebook. “That’s a great feature,” says Necula. “I also value the ongoing efforts of the Microsoft team to provide connectors for analytics and the automatic remediations and playbooks. You can do almost anything in Azure Sentinel.” His team is beginning to use the AI capabilities in Azure Sentinel to investigate threats and automate responses, but it’s just scratching the surface of the productivity savings possible with the automated SIEM. Necula now finds that even performing a custom implementation with junior engineers is a non-event. Although UiPath hasn’t yet compiled formal metrics, the team hasn’t had to increase in size despite rapidly increasing activity.

Augmenting a flexible SIEM with connection-ready Microsoft security solutions

UiPath committed to the full spectrum of Microsoft security solutions. It uses Azure Security Center for hybrid security management and threat protection for virtual machines. Necula appreciates the native coverage the security management platform provides for multiple Azure resources, and the context-rich investigation features. “I like the compliance and recommendations capability Azure Security Center provides,” he says. “That’s been a big part of our certification strategy.” 

With Microsoft Cloud App Security, a multimode cloud access security broker, UiPath gains the visibility and control over data in transit that’s key to protecting data and intellectual property. The company also implemented Microsoft Defender for Endpoint to protect endpoints against threats and to detect data breaches and advanced attacks. The solution connects seamlessly with its counterpart in the Microsoft 365 cloud, Microsoft Defender for Office 365, giving security teams a full view of alerts for all user devices in the landscape. For Necula, this threat protection solution meets the same bar for ease of use and effectiveness set by other Microsoft security solutions. “Without being an email security expert, I managed to configure it for effective usage within less than a day,” he says. “Microsoft Defender for Office 365 also requires little to no maintenance. Not only does it run on its own automatically with little intervention from me—it also provides great forensic value.” UiPath also uses Microsoft Defender for Identity to monitor its on-premises Active Directory environment. “We used Microsoft Defender for Identity to detect some suspicious events that might have become dangerous had we not found them first,” adds Necula.

It all comes together as a unified security shield that’s worth more than the sum of its parts, and the solutions interoperate with each other easily. “Connecting Microsoft Defender for Endpoint with Cloud App Security was as simple as clicking one button,” says Necula. “Likewise, sending data from Cloud App Security to Azure Sentinel is another click. It’s been a boon to our lean security teams.” In such a complex environment, Necula prizes the efficiencies his team realizes with the connections between the Microsoft 365 Defender solutions (Microsoft Defender for Endpoint, Microsoft Defender for Office 365, and Microsoft Defender for Identity) and Cloud App Security. “I like the connectedness between the security solutions,” continues Necula. “They cover multiple layers, interoperate easily, and each platform feeds intelligence to the others, providing context.”

Organizations that string together a series of unrelated security solutions might end up with some best-of-breed solutions, notes Necula, but when they’re from different vendors, maintaining the connections between them can be the stuff of nightmares. One usually connects those solutions using API calls, but when the API changes, troubleshooting and resolution is often time-consuming. “Using Microsoft security solutions is a plug-and-play experience,” says Necula. “We don’t have to worry about manually fine-tuning detection.”

The security team at UiPath faces new challenges almost daily, but the team is confident in its cloud and security choice. The Azure platform is the easiest to configure and maintain that they’ve found. Most importantly, the interoperability among Microsoft security solutions makes it easier for UiPath to optimize security as efficiently as possible. Nicewanner takes confidence from the alignment between the two companies. “Microsoft keeps moving,” he says. “It’s progressive and it understands the value of highly connected solutions.”

Find out more about UiPath on Twitter, Facebook, YouTube, and LinkedIn.

“Microsoft was the most suitable choice for building our security stack, as it interoperates very well with many other technologies in our enterprise and cloud environment. Everything we deployed was very straightforward—a major value for our security, operations, and engineering teams.”

Ashish Popli, Head of Product Trust, UiPath

Take the next step

Fuel innovation with Microsoft

Talk to an expert about custom solutions

Let us help you create customized solutions and achieve your unique business goals.

Drive results with proven solutions

Achieve more with the products and solutions that helped our customers reach their goals.

Follow Microsoft