Westminster School improves security and gets peace of mind with Microsoft Defender Experts for XDR

Westminster School is a leading coeducational independent day and boarding school in Marion, South Australia. Situated on 57 acres, it offers more than 40 subject choices and more than 200 sporting teams, clubs, and activities. Westminster School has a heavily trafficked IT network, with around 1,350 students and a staff of 550. While the school has a highly specialized team of six handling security, it does not have a dedicated SOC team and chooses to engage external experts.

The small security team at Westminster School faced significant cybersecurity challenges due to lean resources and an influx of incidents. The team manages all student and faculty devices and is responsible for investigating and remediating unwanted applications, malware, and password spray attacks—which resulted in three to four incidents per week. The school’s previous managed security service provider often flooded the team with excessive false-positive alerts and emails, hindering their ability to proactively respond to actual threats. The solution also fell short in providing detailed guidance for remediation. These constraints highlighted the need for effective cybersecurity solutions tailored to the unique demands of school environments. 

Westminster School sought a managed service for detailed investigations, threat prioritization, and prescriptive responses. The school prioritized gaining visibility into student and staff devices, crucial for safeguarding sensitive information like visas, medical details, and personal information. Despite the trust within the school environment, protecting this data from external threats and educating students about cybersecurity was the security team’s top priority.  

An extension of the team 

To handle the school’s multifaceted cybersecurity needs, Westminster School turned to Microsoft Defender Experts for XDR to improve three specific areas of interest: improving security insights, enhancing visibility, and reducing noise to focus on critical threats. Defender Experts for XDR is a managed extended detection and response service that provides end-to-end security protection and expertise. Westminster School chose the service to essentially transfer the need to manage its incidents onto the Defender Experts team, saving time and resources. 

With Defender Experts for XDR, Westminster School relies on field-tested experts to prioritize, triage, investigate, and respond to critical incidents to improve the school’s security posture. The school also appreciates the proactive, human-led response capabilities Defender Experts for XDR brings to the table. “The experts-on-demand feature of Defender Experts for XDR helped us learn from each incident, both to better handle them in the future or prevent them altogether,” explains Chris Rowtcliff, Head of IT at Westminster School. As an example, Westminster recently stopped a student from accidentally exposing their school device to malware. “We had a student who clicked on a link in an email that tried to take them to a site that had been known to distribute malware,” explains Rowtcliff. “The Defender product blocked it, and then the Defender Experts for XDR team was able to trace it back to where that email came from, which happened to be from another student.”  

Westminster School is the first school in Australia to adopt Defender Experts for XDR. The school was already operating in the Microsoft ecosystem, using Windows and Surface devices in classrooms. “Defender Experts for XDR integrated so well into our devices, and we appreciate how heavily Microsoft invests in cybersecurity,” says Rowtcliff. The integration has given the team full visibility over devices, allowing them to efficiently prioritize alerts. “The way Defender Experts for XDR categorizes alerts by severity, in tandem with the expert collaboration, has been a game-changer,” explains Rowtcliff. “The reduction in noise and our refocusing on severe alerts is making a safer learning environment for our students. Defender Experts for XDR gave us so much more visibility beyond what our security team used to have and freed our team up to focus on the threats that actually demand our attention.” 

“From day one, the Defender onboarding process was smooth, and our service delivery manager gave us excellent guidance and support,” says Rowtcliff. The team appreciates the weekly check-ins, as well as the constant evolution of the software and the introduction of new features. “It’s easy to integrate the new tools when we can just reach out to the experts to teach us,” Rowtcliff says. The communication between Westminster School and the Microsoft teams has been useful beyond just improved cybersecurity and peace of mind. And while contact with the Defender Experts for XDR team usually consists of incidents and action queries, the assistance goes both ways. “Collaboration with various teams at Microsoft has been fruitful, fostering a sense of partnership and the opportunity to suggest improvements in the tools we use every day,” says Rowtcliff. “The Defender Experts team feels like an extension of our own team.” 

Continuous collaboration and peace of mind 

Since deploying Defender Experts for XDR, the security team at Westminster School has seen a major reduction in noise. “It’s nearly down to zero,” says Rowtcliff. “While it’s hard to say exactly how much time we’ve saved, we’re now able to thoroughly investigate every incident without missing anything, which is invaluable.” The team can remediate almost 100% of action items for each incident and finds the collaborative nature of Defender Experts for XDR extremely fulfilling. “The sense of partnership feels good, and we’re grateful for the opportunity to preview features and provide input for product development.” Another benefit from Defender Experts for XDR has been an emotional improvement in the team. “I can’t overstate the peace of mind that Defender Experts for XDR has brought us,” says Rowtcliff. “We feel so much less overwhelmed knowing the school and the students are safe.”  

Going forward, Westminster plans to expand into other generative AI capabilities for security purposes. “We’re committed to continuing our professional development, particularly in cybersecurity,” says Rowtcliff. For Rowtcliff’s team, this looks like staying informed on the evolving nature of threats and how to fight them. “We want to further educate our students and staff about cybersecurity principles, balancing safety with the freedom to explore and innovate,” says Rowtcliff. The school recognizes the need to engage with students and families to discuss risks associated with technology use and promote responsible digital behavior. Overall, Westminster School is setting its sights on a more proactive and holistic approach to cybersecurity, focusing on education and collaboration to create a safer digital environment. 

Find out more about Westminster School on Facebook, Instagram, and LinkedIn.