Delivering managed SOC flexibility for Viking

Cyber security and compliance play an essential role in maintaining Viking’s reputation as one of Europe’s leading and most trusted names in office supplies and workplace solutions.

So, when the time came to look for a new security partner to manage their Security Information and Event Management (SIEM) system, Viking looked for a partner with the ability to meet specific criteria.

Namely, to demonstrate the high level of expertise, knowledge, and flexibility needed to meet Viking’s requirements. Plus, an organisation committed to a culture of trust and collaboration.

The background

As the Viking business has evolved and expanded so its security operations (SecOps) team has grown out from a single person to a tight-knit team of experienced, skilled cyber analysts.

With growth and ongoing investment in the business, Viking were also able to invest in modernising their security technologies. Following a strategy of maintaining a consistent, consolidated digital estate, over a period of years their investments included servers, firewalls, and several SIEM solutions. In addition, they utilised a third-party partner to manage their SIEM.

However, due to rising costs that were becoming prohibitive, and some ongoing issues around client set-up, Viking took the decision to look for a new managed security partner.

The challenge

Viking needed a trusted managed SIEM partner for their European operations who could provide a solution to some core challenges.

Such as:

• Data management: Viking needed a partner who could manage their Microsoft Sentinel SIEM within their own Azure environment without hosting the data on a third-party platform.
• Cost management: Having seen costs become prohibitive with their incumbent providers, there was a need for any new partner to demonstrate a cost-effective approach without undermining core security objectives.
• Skill sets: Viking required a partner who could demonstrate high levels of expertise, experience, and flexibility with Microsoft technologies. A partner capable of going beyond off-the-shelf Sentinel offerings.

The solution

Kocho’s Managed Security Operations (SOC) was selected as the new service provider for several reasons:

• Reputation and relationship: Kocho had an existing relationship with Viking’s infrastructure architect and had previously provided consultancy on building out Viking’s Azure tenant.
• Flexible and tailored service: Unlike other vendors, Kocho could provide a Lighthouse connection within Viking’s own environment, ensuring no need to shift data elsewhere.
• Cost consideration: While not the cheapest option, Kocho were able to offer a flexible approach to ensure Viking’s key objectives were maintained within a pricing structure that satisfied all parties.
• Expertise and experience: Kocho’s team, led by Anna Webb (Head of SOC), demonstrated significant expertise and maturity in managing SOC services, particularly with their tailored Microsoft Sentinel offering.

The implementation

Viking and Kocho have shared values around the idea of working in partnership. Something that ensured a robust, honest collaboration between all parties from the outset.

This included:

• Phase-by-phase onboarding: Kocho provided a comprehensive onboarding plan delivered in phases, ensuring a smooth transition and quick progress.
• Enhanced visibility: There was a key objective for the team to enable greater visibility of risks and vulnerabilities across Viking’s extensive server estate.
• Tailored playbooks: Kocho developed customised playbooks to fit Viking’s specific needs, moving beyond standard Microsoft out-of-the-box solutions.
• Ongoing guidance: Kocho offered continuous guidance on configuring log connectors and other technical aspects, facilitating a seamless setup and operational process.

The outcome

The partnership with Kocho resulted in several positive outcomes for Viking:

• Maximised security posture: Enhanced visibility of risks and vulnerabilities, along with the development of tailored playbooks, significantly maximised Viking’s security operations and maintained a strong security posture.
• Collaborative knowledge sharing: The collaborative approach enabled effective knowledge sharing between Kocho and Viking’s teams, ensuring both parties benefited from each other’s expertise.
• Flexibility and cost efficiency: Kocho’s flexible service offering provided Viking with a cost-effective solution without compromising on core security operations’ needs.

Summary

The partnership between Viking and Kocho Managed SOC has proven to be a success. By leveraging Kocho’s expertise and flexible approach, Viking maintained control over their Microsoft Sentinel SIEM within their Azure environment, ensuring data security and compliance.

And, by working in partnership with full collaboration between teams, aligned to tailored solutions, Kocho have helped Viking maintain a strong security posture. Sharing goals to continually improve key areas such as visibility of risks, reporting, and automation-led efficiencies.

Next steps

Built on this strong foundation of trusted partnership, some of the plans to ensure on-going improvement include:

• Further integration and automation: Enhance existing integrations and automations within Azure and Microsoft Sentinel to improve service accuracy, speed, and efficiency.
• Performance metrics: The introduction of new SOAR capabilities including enhanced dashboards and reporting to enable improved data-driven decisions, quantify improvements, and gauge performance at executive and granular levels.
• Continuous improvement: Regularly review and update tailored playbooks to adapt to evolving security threats and business needs.
• Knowledge sharing: Maintain and expand knowledge-sharing initiatives between Kocho and Viking’s teams to stay updated with the latest security trends and technologies.
• Ongoing support: Continue dedicated account management and support to ensure Viking’s security operations run smoothly.