Galp Energia: Keeping critical services secure using an xDR Platform with M365 E5

“We don’t do cyber resilience just to sleep better at night. We provide critical services to millions of people who rely on us. Anything going wrong in our network can have significant impacts.”

Luis Filipe Morais, Chief Information Security Officer at Galp Energia, is discussing the role that cyber resilience plays at his organization—and how it’s helping it to keep the lights on for thousands of households.

“At Galp, our goal is simple,” Morais says. “To provide the energy people need to move their lives by using flexible and competitive solutions designed for today’s energy and mobility needs.”

It’s a mission that hugely relies on a watertight cybersecurity system to be successful. One that recently led Galp to partner with Microsoft and roll out a full security xDR platform powered by M365 E5.

“The energy sector is at a turning point,” he says. “Our services are more critical than ever—getting targeted more often than ever—and we have thousands of people depending on them.

“We have a duty to keep them up and always running—and to do it in the most secure way possible. With Microsoft’s contribution, that’s exactly what we’re doing.”

Scaling for today’s security challenges

Headquartered in Lisbon, Portugal, Galp operates across three continents and ten countries—with operations spanning upstream projects, commercial and renewable energy initiatives, and more.

“From Brazil to Namibia, Spain to Mozambique, we are a truly global company with a strong focus on sustainability and carbon neutrality,” says Edgar Oliveira, Head of Cybersecurity at Galp. “And we believe that having a strong IT network and digital presence is key to maintaining that.”

A core member of the company’s Technology, Transformation, and Data department for more than three years, Oliveira has played a key role in improving Galp’s cybersecurity maturity—helping it to both reach and surpass the Global Benchmark Average.

“When I started here, improving Galp’s cybersecurity maturity was key for me. One of the priorities was strengthening our man- and brain-power,” he says. “That was part of my main mandate—to put together a new team to help Galp drive the implementation of an ambitious and challenging Cyber Roadmap to reduce cybersecurity risk.”

Amid geopolitical tension and growing economic uncertainty, energy companies like Galp are increasingly targeted by cyberattacks. This is urging them to strengthen their security posture across their operations and adopt more proactive measures in the face of online threats.

That’s exactly what Oliveira’s department has been doing. Now 17 people strong, the team has spent the past few years rolling out initiatives to make Galp more resilient towards cyberattacks. All powered by Microsoft solutions.

“Like any company, we have a lot of challenges,” he says. “We have a huge network distributed all over the world, a heterogeneous applicational environment, various operating system versions and a disparate range of employees with different technological proficiency and spread across different geographies.

“Having constant visibility of this ecosystem is crucial for us. That’s why we started our cybersecurity partnership with Microsoft three years ago.”

A single view for security operations

As they set out to find a security provider for their system, Galp had one main requirement, says Oliveira. “We have a complex IT landscape made of multiple solutions and technologies that we struggled to manage simultaneously at the time,” he explains. “What we needed was a platform that would put them all in one place and give us greater visibility across all of them.

“We had been working with Microsoft for many years, and as soon as we found out that they had the capabilities we needed, we knew we had found our match.”

It was the beginning of Microsoft and Galp’s security collaboration. Since then, the partnership has led to the creation of an xDR Platform with Microsoft 365 E5. This is made of, among others, Defender for Server, Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps and Defender for Identity.

“We finally have a single pane of glass that gives us greater clarity into all our vulnerabilities, risks, and configurations on different types of devices,” he comments.

“This is game-changing for us. To have a single solution for all our various operating systems and be able integrate it with the visibility we already have on the endpoints has really made a world of difference for us.”

Empowering office and frontline staff, wherever they are 

Crucial to Galp’s security efforts has been tailoring the solution to the needs of its employees.

The company currently employs nearly 7,000 people from 54 nationalities. Half of these are based in Portugal, with strong presences in Africa, South America, and Spain. The range of roles varies from office-based to in-store operations, plus frontline work in industrial sites, stations, and more. This makes cybersecurity measures particularly challenging to plan for Oliveira and his team.   

“We have a lot of diversity when it comes to the people working at Galp,” he says. “Some work in solar parks and refineries, others at fueling stations or at our headquarters.

“So, from the beginning, one our main questions was how to approach cybersecurity across such a disparate workforce.”

The answer, they soon found out, lay in solutions such as Microsoft Defender for Endpoint and Defender for Office 365 for internal operations, as well as Azure Virtual Desktop for third-party and external partners’ remote access to Galp’s systems.

“We found a huge ally in Defender for Office 365,” he says. “In the past, we were running an in-house, on-prem email infrastructure that made everything more complicated and slower.

“By moving to Office 365, we not only use its own security suite, but we can also add further protection layers, like anti-malware on emails, safe links, multi-factor authentication and more. Combine that with the fact that we now have Defender for Endpoint too, and you can see just how greater our visibility has become.”

Future challenges and technology

Galp’s cybersecurity efforts are far from over. As the company embarks on a new roadmap for 2024, it is now focusing on driving awareness and upskilling its current workforce.

More specifically, Galp is looking to support further innovation and growth across its business, and sees a modern security strategy—especially Microsoft’s Zero Trust architecture—as a key element to achieve its objectives. And it knows that Microsoft consulting will be of assistance along every step of its current and future security projects.

“We see our colleagues and partners as an extension of the cyberteam,” says Luis Morais. “So it’s important that we pass our knowledge on to them and train them to be more aware of what could happen.”

The idea, he adds, is that there will always be new trends and tactics that cyber-criminals come up with to breach through a system. Making sure that everyone is aware and alerted is more crucial than ever to protect the company.

“That’s what our regular phishing simulations and training sessions are for: to sensitize our people to the issue and make sure they’re ready for anything,” he says. “The huge wealth of solutions and technologies Microsoft has is helping us in this journey, particularly with the different products and capabilities that we can use ad hoc, whenever we need.”

That’s something that Galp envisions for its future too.

Currently in the process of enhancing its data protection measures using Azure Information Protection, the company is laying an additional foundation for disruptive technology like Generative AI.

“We know AI has a lot of potential when it comes to cyber, and we are already using it on the day-to-day to increase our threat-detection and response capabilities,” concludes Morais.

“By continuing to count on Microsoft, and with our people well on-board, we know that we can continue to deliver our services in the most secure and threat-ready way possible.”