Visibility is our most effective weapon against cyber ‘unknown unknowns.’ We adopted Microsoft Sentinel so that we could detect threats and anomalous behavior faster and more effectively than ever before.
Matteo Feraboli, Group Sr. Director, Cyber Security & Anti-Fraud, Intesa Sanpaolo Group
Finding the right key to the digital vault
The Intesa Sanpaolo Group stakes its reputation as one of the top European banking groups not just on its innovation and business leadership, but also on its world-class commitment to social, environmental, and climate issues. That sterling reputation hinges on an unwavering commitment to leading-edge security enhancements that keep pace with a rapidly evolving attack landscape. Growing cloud adoption, geopolitical uncertainties, mounting legal and regulatory requirements, and increasingly complex security data complicate that responsibility at a time when the cybersecurity talent pool isn’t expanding at pace.
In addition, hundreds of branches in other European countries and a sprinkling in North America, Africa, Asia, and Oceania make for a widespread Intesa data estate. The shortfall of cybersecurity talent combined with that complex environment pointed to the need for a sophisticated cloud-based security information and event management (SIEM) system for proactive, up-to-the-minute monitoring and threat response.
Accounting for cyberactivity around the globe
Intesa knew that the answer lay in simplifying cybersecurity while maximizing visibility for faster, more comprehensive threat remediation. When it rolled out cost-effective Microsoft Sentinel, the bank filled those needs while also nurturing the bottom line. Intesa found that it could combine data sources quickly and efficiently with just a few clicks, especially for cloud sources. This enabled a full platform migration in less than six months. At the same time, Intesa’s granular control over ingested security telemetry helped it to easily discard unnecessary data, reducing storage costs. Intesa appreciates the AI-enhanced threat-finding capabilities of Microsoft Sentinel, now enhanced by Microsoft Copilot for Security.
Intesa’s Global Cyber Defense Center replaced its aging, on-premises SIEM with Microsoft Sentinel to achieve the global visibility that would keep the team ahead of the cybersecurity curve. Matteo Feraboli, Group Senior Director of Cyber Security and Anti-Fraud at Intesa Sanpaolo Group, and his team created a master security enhancement plan for a proactive approach that prioritizes dynamic correlation and analysis. “Visibility is our most effective weapon against cyber ‘unknown unknowns,’” says Feraboli. “We adopted Microsoft Sentinel so that we could detect threats and anomalous behavior faster and more effectively than ever before.”
The Global Cyber Defense Center team heightened its effectiveness with its new centralized command and control approach. By embedding cyberthreat intelligence (CTI) feeds in Microsoft Sentinel, Intesa analysts can now use real-time, actionable insights into emerging threats to detect and respond to potential security incidents faster. Says Feraboli: “We’ve gained enhanced visibility of all our legal entities, and we also have situational awareness on local cybersecurity events through a natively federated architecture.”
Welcoming further AI innovation
Microsoft Copilot for Security was the next stop on Intesa’s security consolidation journey. The bank began evaluating the solution in early 2024 as a participant in the Microsoft Copilot for Security Early Access Program. Intesa uses the tool to effectively support its cybersecurity teams and help new threat analysts work faster and more effectively. Threat hunters often use Kusto Query Language (KQL), an open-source Microsoft-developed query language that, by virtue of its sophisticated power, requires a steep learning curve. Even a junior analyst can become effective very quickly by using Copilot for Security prompts to generate KQL scripts, freeing senior analysts for more complex matters. And although expert analysts have deep KQL capabilities, they too can save precious time with the KQL script generator and the script analyzer feature. This feature provides “on the job training” by exposing the malicious patterns used by attackers, increasing analysts’ awareness and improving overall quality of analyses.
And because security is a team effort, the Intesa Global Cyber Defense Center appreciates the Copilot for Security reporting capability. The team uses it to quickly create and share executive briefings, even as they immediately refocus on proactively defending the enterprise. These invaluable insights into incident resolution and KPIs keep executives apprised and ready to support security initiatives.
Enjoying security dividends
Despite an ever more complex and changing cybersecurity landscape, Intesa remains proactive with a tool set fed by constant innovation. Thanks to comprehensive threat intelligence from Microsoft and the flexibility of Microsoft Sentinel in ingesting multiple threat intelligence feeds, the bank can quickly identify and mitigate previously unknown threats while also prioritizing them appropriately. Every analyst on the team is more productive and focused by making full use of Copilot for Security to hasten repetitive tasks and search vast data stores to get faster, more accurate guidance. Feraboli’s vision for security at Intesa is unfolding according to plan. “This is an exciting journey, and we believe we have established the roots for greater effectiveness through this transformative program,” he concludes. “With AI-enabled security tools, we’re facing the future with greater confidence.”
Find out more about Intesa Sanpaolo Group on X, Facebook, and LinkedIn.
We’ve gained enhanced visibility of all our legal entities, and we also have situational awareness on local cybersecurity events through a natively federated architecture.
Matteo Feraboli, Group Sr. Director, Cyber Security & Anti-Fraud, Intesa Sanpaolo
We believe we have established the roots for greater effectiveness through this transformative program. With AI-enabled security tools, we’re facing the future with greater confidence.
Matteo Feraboli, Group Sr. Director, Cyber Security & Anti-Fraud, Intesa Sanpaolo
Follow Microsoft