Protection and Monitoring of a Complex Network in Italy and Abroad
A large Italian company in the Information & Communication Technology (ICT) sector, with over 1,000 employees in Italy and a highly complex IT infrastructure that includes several international offices, faced numerous challenges related to cybersecurity and the management of its network and IT services. The corporate network spanned multiple locations and included a wide range of devices and applications, with extensive use of cloud solutions. The main challenge was ensuring network security, particularly in an international context, and minimizing the risk of cyberattacks, while maintaining a consistent and secure level of operation across all devices and platforms.
The company required effective protection for all its digital assets, both in Italy and abroad, and advanced management of its Microsoft 365 accounts to monitor potential external threats. In such a dynamic environment, the ability to monitor the network 24×7 and respond rapidly in case of emergencies was crucial.
Activation of Italtel’s SOC Service
To address the company’s security needs, a 24×7 Security Operation Center (SOC) service was implemented. This service provides continuous monitoring of security events and proactive management of cyber threats through the analysis of Cyber Threat Intelligence (CTI) sources, as well as the preventive identification of vulnerabilities through continuous Vulnerability Management services. Additionally, the adoption of Network Detection and Response (NDR) platforms using AI and Machine Learning algorithms allows the service to detect real-time anomalies, potential threats, and improper user activities, offering enhanced protection against cyberattacks. Italtel’s SOC applies well-established incident management procedures in line with best practices defined by NIST frameworks.
Advanced 24×7 Monitoring and Integrated Network Security
The SOC ensures continuous monitoring of the corporate network, gathering security events from a complex infrastructure spread across multiple locations in Italy and abroad. The service perimeter includes the on-premise IT infrastructure, with over 300 servers and network devices. Security events from cloud services, such as Microsoft 365, and data from active Endpoint Detection and Response (EDR) systems on user workstations are also monitored. In the event of suspicious activities or external attacks, the SOC systems detect the incident in real time, correlating all available information, which is then immediately provided to Italtel’s SOC Incident Response Team. Using specialized expertise and following best practice guidelines, the team applies all necessary technical skills for incident analysis and management.
Microsoft 365 Account Management in the Cloud
A key aspect of the solution is the protection of Microsoft 365 accounts, which the company uses for global collaboration and productivity management. Advanced monitoring enables the tracking of suspicious activities, preventing phishing attacks or account compromises. Specifically, the SOC enforces strict security protocols, significantly reducing the risk of external attacks and ensuring the confidentiality, integrity, and availability of corporate data.
Incident Management Procedures and Processes
Italtel’s expertise in network emergency management ensures a quick and effective response to threats. Every intervention is carried out following predefined procedures, with clear role and responsibility assignments, which has helped reduce response times and improve the effectiveness of corrective actions. The integration of escalation processes allows the timely involvement of the specialized teams required to resolve each type of incident. The SOC’s operational procedures align with international standards such as NIST 800-61.
Strengthened Global Security
With the implementation of Italtel’s SOC service, the company achieved a significant enhancement in network security, with integrated and proactive threat management across all Italian and international locations.
The protection of Microsoft 365 accounts and continuous monitoring have considerably reduced the risk of attacks, boosting the resilience of the company’s infrastructure and ensuring uninterrupted operational continuity.
The 24×7 system enabled constant surveillance, improving the company’s ability to respond quickly to incidents and prevent potential damage.