Cielo speeds threat detection and response with Microsoft Defender XDR and Microsoft Sentinel

Every company that handles the financial data of its customers has a duty to safeguard that information. Cielo, one of the largest payment system companies in Latin America by both revenue and market value, takes this responsibility very seriously. The company not only maintains clear customer-facing communication channels and a high degree of transparency regarding data controls, but it also steadily works to improve its security stance. “Data security is a highly dynamic space,” says Glauco Sampaio, Chief Information Security Officer at Cielo. “As a professional in that space, I’m always studying trends and staying up to date on what is ultimately an ever-evolving threat landscape.”  

Like most large companies, Cielo has, over the years, improved its data security infrastructure by adopting solutions that meet its immediate needs. This resulted in an IT landscape that granted good visibility of the company’s critical assets but was costly and labor-intensive to maintain. Constant, time-consuming effort was required to keep the solution working correctly. These costs were compounded by the need to attract and maintain a specialist workforce trained on a diverse array of platforms from multiple solution providers. More burdensome than all of these issues, however, was the lack of interoperability between the solution’s security layers.  

Recently, Cielo identified an integrated platform capable of replacing its complex security solution. Importantly, this platform not only drove operational efficiency, it increased threat responsiveness and strengthened the company’s overall security posture—providing every bit of control over sensitive data that Cielo requires. Entirely built on Microsoft technology, the new solution centers on Microsoft Defender XDR, Microsoft Sentinel, and Intune while also incorporating Microsoft Purview, Defender for Office 365, Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, and Microsoft Entra ID.  

A powerful new security landscape 

The replacement of its legacy endpoint management solution was a major win for Cielo. Internal systems and localized settings on over 5,000 devices made the transition complex. The company made sure to make the required changes gradually in order to minimize any potential negative effects on users. This decision paid off, both financially and with regard to user experience. Cielo was able to end its costly contract with the legacy solution provider, and users quickly gained confidence in their skills with their new Microsoft solutions. “We had a healthy number of questions and some debate early on in the adoption process,” recalls Sampaio. “Once our security professionals gained confidence with the technology, however, they quickly became some of our strongest advocates for Microsoft Security solutions.”  

Microsoft Sentinel, a complete security and operations solution that allows businesses to confidently detect and respond to threats at the speed and scale of the cloud, is central to the new solution. As Sampaio puts it, Microsoft Sentinel provides centralized visibility, the rules that dictate how security alerts are generated, and automated responses for Cielo. “Microsoft Sentinel is at the core of our response team’s work,” says Sampaio. “It delivers greater agility to our team and allows for automated responses to a number of potential threats and premapped use cases.”  

Cielo also views Defender XDR and Intune as fundamental to its new security architecture. Defender XDR provides incident-level visibility across the company’s numerous and diverse endpoints, and Intune helps identify company assets as well as the potential of executing actions against them. Other Microsoft solutions play important roles as well. “I like Purview for its document classification capabilities and for preventing information leaks,” notes Sampaio. “We also highly value Defender for Endpoint and Identity as primary layers of protection for our environment.”  

As each of these solutions was introduced, Cielo made sure to put employee education at the center of the adoption process. This deepened employee understanding not only of the technologies at their fingertips but also their responsibilities as data stewards. “It’s important for every company to have data security in its DNA in a real way,” says Sampaio. “That’s how we operate at Cielo.” 

Definitive results 

Since migrating to its Microsoft security solution, Cielo has seen its security posture improve in several ways. “By adopting multiple interoperable Microsoft security solutions, we have improved our preventative capabilities, our incident response times, and our scope for monitoring our environment,” says Sampaio. “And we did it all much faster than we otherwise could have.” 

These benefits have continued to grow since the adoption process as well. Increased automation, for instance, has played a major role in what Sampaio describes as a dramatic reduction in threat identification and containment times. The Cielo security team has also been pleasantly surprised by both the solution’s advanced technical capacity and the frequency with which Microsoft expands its functionality, including through the addition of new capabilities. “At one point, third-party technologies presented potential gaps in our security landscape,” recalls Sampaio. “Thankfully, Microsoft solutions filled those gaps at no additional cost to us.” 

Even more surprising to the security team was the Security Operations Center’s (SOC) newfound visibility. Synergistic benefits from multiple Microsoft solutions have combined to grant the Cielo SOC expansive, real-time visibility of the devices, identities, emails, cloud apps, and data across its landscape. “It was surprisingly simple to enable real-time visibility across our environment,” says Sampaio. “It’s been a leap in our security maturity level, and with the native interoperability of our Microsoft security solutions, we achieved it much faster than we expected.” While Sampaio greatly values the reduced costs and the simplicity of managing fewer supplier relationships, it is this increased interoperability that he values most. It’s also something he hopes to expand Cielo’s use of in the near future.  

“We continue to work with Microsoft to increase the synergy between multiple technologies,” he says. “We’re steadily identifying new opportunities that will deliver greater operational and financial benefits to Cielo.” One technology on the roadmap that Sampaio is especially excited to work with is Microsoft Copilot for Security, an AI-powered security analysis solution capable of delivering bespoke security insights and new integrations through a natural-language interface. “Easily automating known incident response scenarios is something that we were unable to do until we adopted an integrated Microsoft security platform,” says Sampaio. “With Copilot for Security, we expect our incident investigation and response times to accelerate even further.” 

By consolidating its security landscape, Cielo has reduced its operating costs, increased visibility, and advanced its overall security maturity level. But Sampaio sees one other important benefit. “Consolidation can present a real opportunity to break stagnant paradigms, tinker with process, and unearth opportunities for improvement that business leaders might otherwise not detect,” he says. “With so much to gain, I don’t see any reason not to take the opportunity.” 

Find out more about Cielo on Instagram, Twitter, Facebook, YouTube, and LinkedIn.