Time lapse of roads in the middle of the city at night

Case study

Microsoft security suite pays dividends for a UK asset management company’s security posture

arrow icon arrow icon

Liontrust improved its threat visibility and data protection through a holistic approach to security – utilising Microsoft’s cloud-native SIEM and extended detection and response (XDR) technologies.

For Liontrust, a specialist fund management company with £34 billion of assets under management and advice (AuMA), threats such as rising phishing attacks, information protection, and endpoint security for its home workers were a critical concern.

By taking advantage of Microsoft 365 E5 security and compliance technologies, Microsoft Sentinel, the Microsoft Cloud Accelerator Program (MCAP), and Kocho’s Managed Security Services, Liontrust saw a significant uplift in its overall cyber security posture.


  • Identified, prioritised, and planned remediation of security weak spots.

  • Improved threat visibility across the client’s entire environment.

  • Improved defence against phishing and shadow IT endpoint exploitation.

  • Reduced demand on internal IT assets by outsourcing security services.

  • Enhanced compliance and communication via Virtual CISO service.

Watch 3-minute Security Posture Assessment Demo

Identify hidden threats and prioritise security risks.

A wealth of security and compliance challenges

As a specialist fund manager, Liontrust operates in the financial services sector.

This sector is the number one target for hackers due to the vast quantities of sensitive data it processes every day. The financial and reputational penalties from falling foul of increasingly strict regulations are a continuous and very real threat.

Regulators such as the Financial Conduct Authority can stop companies from trading overnight if a breach is reported. As a result, comprehensive security and compliance controls are critical.

On top of industry risks, Liontrust also faced several internal security challenges:

  • The rapid shift to remote working due to COVID-19 increased security and compliance risks around secure access to sensitive data and endpoint protection.
  • The firm had seen a rise in volume and sophistication of phishing attacks targeted toward its senior executive team and fund managers.
  • Growth through mergers and acquisitions, coupled with rapid cloud adoption, posed challenges around shadow IT and moving acquired on-premises infrastructure into the Cloud.
  • Liontrust’s IT team also wanted support in outsourcing and automating security tasks relating to threat monitoring and incident response – eliminating noise from low-level security risks and freeing up the internal team to better protect the organisation.

Plotting a roadmap to improved security

Having initially attended one of our roundtable events, Kocho has helped Liontrust with consultation and adoption of a range of Azure security and Microsoft 365 E5 security solutions.

Many of these solutions have been deployed following a strategic road mapping exercise – a central part of our Security Posture Assessment (SPA) engagement, where Kocho assess and review a client’s security posture and consult around improvements.

Having performed a SPA for Liontrust, Kocho surfaced concerns and potential threats from phishing and other threat vectors. Microsoft Defender for Cloud and Microsoft Defender for Office 365 were deployed to protect against phishing threats, remove vulnerable endpoints, and help eradicate shadow IT risks.

The SPA is a unique Kocho engagement providing a visual security score, posture dashboard, and detailed security report for the Board. This dashboard, along with an accompanying action plan and provision of a strategic roadmap, helps clients identify and prioritise improvements aligned to their biggest security gaps.

“The SPA has helped us immensely to have a strategic roadmap so we can visualise what is important and prioritise accordingly. The result has been a continuous delivery of enhancements to our security posture.” – Paul Mathanarajah, Head of Infrastructure, Liontrust.

Enhanced threat monitoring with Microsoft Sentinel and managed security services

Liontrust required an approach that would improve threat visibility across its entire Microsoft investment and provide a single pane of glass view to simplify management.

A Microsoft Sentinel Proof of Concept experience allowed Liontrust’s security team to test and formally review Sentinel monitoring their environment. Liontrust was impressed with the simplicity and capability of the solution, allowing it to easily connect systems and provide aligned and integrated monitoring.

The internal IT team could also see huge value in the modern AI, machine learning techniques and improved automation – to filter out low-priority threat noise, improve threat monitoring, enhance protection, and accelerate response.

“Protecting critical workloads is crucial for us. Kocho brought their experience and knowledge in implementing and managing Sentinel to seamlessly integrate with our systems. This led to a simplification of our SecOps processes and greater awareness of our security posture.” – Stephen Parnell, Systems & Infrastructure Analyst, Liontrust.

As part of the engagement, Kocho agreed to a five-year managed security service partnership, whereby Kocho’s managed security service team set up and manage a client’s Sentinel solution to proactively monitor and hunt down threats and provide advice for remediation.

CISO-as-a-Service: Security and compliance at board level

In addition to the deployment of key Microsoft security tools and a managed security service, Kocho has also partnered with Liontrust to provide our unique CISO-as-a-Service (vCISO) solution.

“The CISO-as-a-Service was needed to articulate the threats and risks at board level as well as across the various business silos.” – Paul Mathanarajah, Head of Infrastructure, Liontrust.

The vCISO provides an important link between the Liontrust Board and the IT Team to prove Microsoft 365 E5 ROI and drive deployment and adoption. It also provides third-party assurance around rigorous compliance controls that would stay in place as the company grew.

The vCISO service helps tell the security and compliance story inside board meetings – breaking down silos and elevating the power of compliance toolsets beyond the IT department to the wider business.

An ongoing partnership

Improving security is a continuous process. Following the initial project engagement, Kocho also supported Liontrust in their migration from Skype for Business to Microsoft Teams as well as the adoption of Privileged Identity Management (PIM).

We continue to work with Liontrust to ensure that they are at the forefront of secure modern work practices which allow for effective and safe hybrid working.

Next Steps

Watch 3-minute Security Posture Assessment Demo

See how a Security Posture Assessment:

  • Uncovers security blind spots
  • Prioritises your key risks
tag icon

Great emails start here

Sign up for free resources and exclusive invites

Subscribe to the Kocho mailing list if you want:

  • Demos of the latest Microsoft tech
  • Invites to exclusive events and webinars
  • Resources that make your job easier
Butterfly overlay image

Got a question? Need more information?

Our expert team is here to help.