Malta Information Technology Agency improves proactive threat detection with Microsoft security solutions

The Malta Information Technology Agency (MITA) is the central driver of the Maltese government’s ICT policy, programs, and initiatives. The majority of the ICT initiatives and services entrusted to MITA are of national importance, large-scale in nature, and process sensitive, mission-critical data. This includes health, tax, and social security services information. 

MITA operates across four main sites. Two of these are Tier 3 datacenters, and the other two are offices located across the Maltese archipelago. The agency employs approximately 350 professionals across the four sites, including a dedicated information security and governance department. The government landscape that MITA manages consists of approximately 50,000 nodes, 30,000 government employees spread across numerous governmental ministries, and 20,000 servers and endpoints. As such, the efficacy of MITA’s security operations is paramount to ensuring the government’s digital assets are well safeguarded from threats.  

“We were heavily dependent on a single on-premises security event management solution,” says Jonathan Cassar, Chief Technology Officer at MITA. “Given the scale of our operation, that solution proved to be cumbersome to maintain, and relied on specialized personnel to ensure its effectiveness in detecting abnormalities within our landscape.” A security architecture review concluded that the agency’s existing security tools were primarily effective in post-incident scenarios. “We had good investigation tools, but we needed a comprehensive solution capable of alerting our security analysts in a proactive manner, detecting abnormalities in our infrastructure in a real-time stance, and providing us with sufficient time to take necessary measures to protect our infrastructure,” continues Jonathan Cassar.  

MITA concluded that Microsoft security and cloud offerings best suited its needs. Used together, the security features of Microsoft Azure Sentinel and Microsoft 365 Defender—which spans across emails, documents, endpoint, identity, and cloud apps—create a layered, defense-in-depth security architecture that uses AI, automation, and identity-based access to provide a high level of visibility and customization to customers looking to create highly secure cloud-based and hybrid infrastructures. “Over the years, we’ve seen Microsoft emerge as a leader in the security space,” says Jonathan Cassar. “Their products have evolved and matured, providing us excellent insight into the threats present at any time, and they’re humble enough to listen to their customers. That’s the sort of company we want to be in business with.”

Fitting the solution to specific needs

Microsoft 365 Defender—which encompasses Microsoft Defender for Office 365, Microsoft Defender for Endpoint, Microsoft Defender for Identity, and Microsoft Cloud App Security—protects against a broad spectrum of threats. Adopted together, the elements that make up Microsoft 365 Defender provide an integrated pre-and post-breach enterprise defence suite. Azure Sentinel, however, represents something new. 

Azure Sentinel collects security data from various sources of interest within the infrastructure. Based on this data, Azure Sentinel then uses advanced machine learning and AI to detect potential threats and assist security analysts to triage, investigate, and respond to incidents. “There has always been a balance between the granularity of customization that a productivity-increasing security solution provides and the way it simplifies the process of defining the required next steps to address a potential threat,” says Jonathan Cassar. “Azure Sentinel broke that mold, providing us with improved actionable security insights from every recess of our vast infrastructure from the very first day it was enabled.”

The way Azure Sentinel is implemented can be customized to manage the unique infrastructural needs of each customer. For MITA, the synergistic use of these solutions has created a new infrastructural footprint that shares all the benefits of a hybrid cloud deployment, without the uncertainty of having the agency’s data spread across datacenters that are either in vulnerable geographical areas or that have insufficient levels of security. “We worked with Microsoft to move our security audit data to strategic datacenters in Europe,” says Robert Muscat, Security Specialist at MITA. “Upon completing our necessary due diligence activities, we’ve deemed that the physical and logical security controls implemented by Microsoft are in line with our security controls, and we’ve accepted Microsoft as the first company to host hybrid workloads on our behalf.” 

A layered approach to security

Following a modernization exercise, MITA began to incorporate numerous new security layers that are available in the cloud. “Starting the process of adopting new security tools is easy because you expect the gaps to be wide,” remarks Jonathan Cassar. “Progressing from there, you will soon realize that tools from different vendors can potentially overlap in their mandate. Such an overlap might be desirable for checks and balances but might also come at a hefty financial cost.” MITA enlisted the aid of Microsoft consultants in order to obtain an objective perspective on how it is protecting its digital landscape. “We have embarked on a journey, together with Microsoft, that will identify where we need to invest further—be that in terms of processes, tools, or people—to ensure that we are providing a truly comprehensive security architecture,” continues Jonathan Cassar. 

Solutions like Microsoft 365 Defender grant customers rapid response functions against potential threats. “In the past, we had to rely on manual human intervention to disconnect a potentially infected device from the network,” says Antoine Debono, Security Specialist at MITA. “Nowadays, our security analysts have the capability to remotely isolate a machine from the network, subsequently containing and investigating a potential threat.”

Hosting on Azure provides platform owners simplified user and system insights through the use of user-friendly visualizations that encourage customers to implement stronger security controls. “We strongly believe that security is a shared responsibility,” says Jonathan Cassar. “Thus, we’ve always worked hard to facilitate an environment in which our clients can take ownership of the security controls mandated on their own security landscapes. Without the appropriate tools, it would be impossible to achieve adequate security visibility into all of our vast infrastructure. Having Microsoft as our security partner, we are now able to provide our clients greater security insights into their infrastructure, enabling them to further strengthen their own security landscapes.”

In addition to creating a holistic security solution, MITA is also focusing on adopting security layers that feed into one another, providing a more detailed and coordinated real-time view of its infrastructural status. “What we have created is a cybersecurity detection framework, composed of numerous tools and facilities, that permits the detection, almost in real time, of any abnormalities within our network,” says Jonathan Cassar. “We can now very rapidly isolate abnormalities and take all the actions necessary to protect our infrastructure and our clients’ infrastructure.”

Benefitting from seamless cloud-centric security

Compared to previous shifts in MITA’s approach to security, the process of onboarding employees to the Azure Sentinel and Microsoft 365 Defender model has been a simple, efficient, and effective one. “Given the common query language, along with the unified look and feel across the environment created by our Microsoft security products, our analysts find these solutions much easier to use,” says Reuben Gauci, Security Operations Manager at MITA. 

Also, because most of the security layers MITA uses today originate from a unified portal, managing them and fine-tuning their use is much easier. Security personnel can simply hover from one function to another without needing to reorient themselves within differing interfaces. Even the provisioning of new virtual machines has become easier. “In view of the processes that each task is required to follow, and as a result of the sensitive environment we operate in, summoning one virtual machine with all the required resources and configurations used to take us days,” says Robert Muscat. “Thanks to our new hybrid Azure infrastructure, we can now deliver in a matter of hours.”

The agency’s client organizations have also benefitted from the new model. “In the past, we saw the tendency for our service owners to resist the deployment of tools or agents within their environments,” continues Jonathan Cassar. “They quickly change their perspective when they realize the benefits that such tools bring about, without causing any disruption of services.” 

Well positioned for what comes next

As ever, MITA continues to evaluate its future security needs. The organization now utilizes machine learning and AI to predict emerging security threat trends. This will empower the agency to refine its active threat hunting capabilities. “What we previously operated was a signature-based antivirus solution,” says Robert Muscat. “By interweaving the security layers from Azure Sentinel and Microsoft 365 Defender, we now have a fully fledged cloud-native SIEM, SOAR, and enterprise defense solution, which takes full advantage of AI.”

MITA has built its security infrastructure using leading security partners. “I strongly believe that the major benefits of using a comprehensive Microsoft security solution are the three technologies that it’s built upon: big data, cloud computing, and AI,” says Jonathan Cassar. “Innovative technology is seamlessly built into Microsoft security tools, providing us the kind of value and mileage that would otherwise take years to attain.”

Find out more about the Malta Information Technology Agency on Twitter, Facebook, YouTube, Instagram, and LinkedIn.