Dominican Republic repels cyberattacks with help from Microsoft Dynamics 365 and Microsoft Azure

The CNCS of the Dominican Republic is the entity dedicated to the development of cybersecurity, the strengthening of digital user confidence and the protection of the critical and technological infrastructure of the Dominican state. Since 2018, it has ensured national cyber security through the continuity, updating, and evaluation of the National Cybersecurity Strategy, as well as the prevention, detection, and management of incidents generated in the government's information system and in national critical infrastructures.

As a result of the increase and complexity of modern cyberattacks, the Dominican entity noted the need to structure information. Up to that point, they had a lot of data was scattered and from different structures; they didn't have the ability to establish indicators, trends, or have visibility into major threats.

In light of this situation, the CNCS decided to explore Microsoft technology to find a management system that meets their needs. "Cybersecurity is a key component of the 2030 Digital Agenda. We cannot think of digital transformation without first having the protection and prevention mechanisms in the infrastructures," says José David Montilla, Vice Minister of Digital Agenda of the Ministry of the Presidency. He also emphasizes that having a strengthened organization with the ability to provide accurate and timely risk indicators and threats "ensures the development of a cybersecurity culture with a view to achieving a more reliable, safe, and resilient cyberspace."

Dynamics 365: An integrative solution

"The first thing we did was adopt Dynamics 365 Customer Engagement over Azure as a ticketing and case management system," says Carlos Leonardo, Director of the National Cyber Incident Response Team. This solution consists of a suite of intelligent enterprise applications that help with management and deliver better results through the use of predictive insights generated by AI. "With Microsoft's support, we customize the rules of our business, and from there we worked towards other integrations," he adds.

The Dominican organization needed a solution that would allow it to integrate different sources of unstructured data to carry out the incident detection process more automatically. "We needed a tool that would allow us to process the information and analyze it to make value decisions," Leonardo says. Therefore, the second step in the digital transformation of the CNCS was to implement Azure Data Explorer—a data collection, storage and analysis service—and Azure Data Factory, a cloud solution for scale-out serverless data integration and transformation.

To reach the level of maturity that the National Cybersecurity Center had in mind, they also needed to integrate a solution that would allow them to control threat and security events in the state. To this end, they chose Microsoft Sentinel, a security information event management and automated security planning response solution that delivers intelligent analytics and threat intelligence across the enterprise. "The Azure Sentinel product was very useful in this regard, and since most organizations in the state have Microsoft 365, the integration was native," Leonardo explains. "We always found a Microsoft component to help us."

Today, Dynamics 365 is a great supporter of CNCS management. Cases are opened there and the monitoring, analysis, investigation, and final closure of the event is carried out.

Agility, automation, and trust

CNCS quickly witnessed the benefits of digitization; they received several incidents in a short period of time where, thanks to the event correlation system running over Azure Sentinel, they were able to quickly establish the relationship between their indicators of compromise. There they identified that the same type of attack had been targeted by leveraging the same vulnerability.

"The more threat and event intelligence is processed, the faster institutions can be notified to take preventative action against incidents," Leonardo says. He notes that "thanks to integrating Dynamics 365 with Data Lake, Data Factory, and Sentinel, today the process is four times faster than it was at the beginning."

In addition, the adoption of different solutions has increased productivity. At the National Cybersecurity Center, they have noticed greater flexibility, quality, and confidence in data. Not only do they save resources because the tools allow it to discriminate duplicate information, but they leverage automation from previously manual processes to focus on data analysis.

"Having this capacity for consumption and data analysis not only allows organizations to benefit from CNCS services, but also supports the development of services aimed at the general citizen," remarks Juan Gabriel Gautreaux, Executive Director of the National Cybersecurity Center.

A digital future

The Dominican organization had already thought about the future when it chose Azure over an on-premises structure. From the beginning, they prepared the platform so that it could continue to grow and be scalable. Its next goal is to create a unified repository of threat information data and indicators of compromise where the entire state can be nurtured and consumed to proactively protect its infrastructures.

"Technology alongside processes and people is just the tip of the iceberg," says Carlos Leonardo, Director of the National Cyber Incident Response Team. "Every day, the threats are greater, and the amount of data sources increases. Having the right technology enables faster information processing, proactiveness, and efficient protection of all organizations in the state."