First, we worked with the customer to map out the existing infrastructure and record all security-related systems – from firewalls and Entra ID to the M365 environments. This involved not only technology, but also organizational processes and responsibilities. Only then were we able to develop a clear roadmap that took into account both regulatory requirements and corporate goals
From correlation to automation – security that grows with you
Following the assessment, PROTOS designed and implemented a cloud-based SIEM solution based on Microsoft Sentinel.
Key steps summarized:
- Connection of all security-related systems (Azure tenants, firewalls, Entra ID, M365, Microsoft Defender)
- Establishment of a CMDB for asset, service, and organizational models
- Development of a hybrid SOC operating model, including escalation chains and SLAs
- Implementation of over 200 new or adapted detection rules (KQL) and automated SOAR playbooks
- Setting up a vulnerability management system with Qualys VMDR and Defender VM
The development of API integrations and CI/CD pipelines was particularly important for automating security workflows. We opted for infrastructure-as-code early on to ensure that adjustments to policies and compliance checks remained reproducible and scalable. This enabled us to lay the foundation for a modern SecDevOps model.
In operation: Response in minutes instead of hours
Following successful implementation, PROTOS SOC took over 24/7 operations. Continuous monitoring, threat hunting, and automated response processes enable security incidents to be detected and dealt with at an early stage. In addition to operational defense, PROTOS supports customers in setting up their own SOC team as part of a “Cloud Center of Excellence” and conducts awareness training to sensitize employees to current cyber threats.
Just a few weeks after going live, we were able to identify suspicious access via compromised login credentials in the Azure environment. Thanks to Sentinel correlation and automated SOAR playbooks, the account was immediately locked and the attack contained. Within minutes, the incident was under control – without any data leakage
Technologies and tools used
SIEM & SOC
- Microsoft Sentinel, Splunk Enterprise Security
- AWS-native Log Analytics
Log Management & Monitoring
- ELK-Stack (Elasticsearch, Logstash, Kibana)
- Azure Monitor & Metrics
- Microsoft Defender for Cloud
- CloudTrail, VPC Flow Logs
Threat Detection & Incident Response
- Microsoft Defender XDR, AWS GuardDuty
- Azure Sentinel Fusion, Wazuh (Endpoint Security Monitoring)
Compliance & Governance
- Azure Policy, MS Compliance Manager
- Chef InSpec
Vulnerability & Risk Management
- MS Defender Vulnerability Management, Qualys VMDR
- Nessus
SOAR & Automation
- Azure Logic Apps
- Microsoft Sentinel SOAR
- Power Automate
Network & Asset Visibility
- Azure Network Watcher
- Nmap, Lansweeper
Security in numbers: From audit to response time
- Reduction of average incident response time from >4 hours to <15 minutes
- Introduction of 200+ use cases & correlations for SIEM rulesM-Regeln
- 100% compliance with regulatory requirements (ISO 27001, GDPR, BSI-KRITIS, NIS2)
- Establishment of a hybrid SOC operating model with clear escalation paths
- Training of 50+ employees in cybersecurity and compliance
With PROTOS: Future-proof cloud security for critical infrastructure environments
With the support of PROTOS technology, the customer was able to establish a highly secure, regulatory-compliant, and future-proof cloud security architecture. The combination of strategic consulting, technical implementation, and operational SOC operations ensures that critical infrastructures are protected and resilience to cyberattacks has been sustainably increased.
For us, it was crucial not only to implement a project, but also to set the course for a long-term security and cloud strategy. Today, the customer benefits from an architecture that is scalable both technologically and organizationally, meets regulatory requirements on an ongoing basis, and can grow with future threats. This not only ensures current security, but also creates a sustainable basis on which digital innovation and regulatory security go hand in hand
The project exemplifies how PROTOS, as a vendor-independent partner, supports customers in highly regulated industries in implementing complex cybersecurity requirements – from planning and technical implementation to long-term operation.
