International e-Assessment provider secures its business in Azure with Managed Detection and Response
About DRS Data Services
For over 50 years, DRS has been a world leader in data capture for the education sector. Their in-depth expertise has helped organisations around the world to automate and streamline their assessment and marking processes.
With universities, technical learning institutions, and secondary education sectors around the world relying on DRS to handle the sensitive and confidential data of millions of exam candidates every year, the company is at the forefront of evaluating and protecting the intellectual property of their customers and students. Front page news of recent exam paper leaks from other providers underline how this must be a zero margin of error operation.
The success of DRS’s examination processing and electronic marking was demonstrated in 2016 when the company was acquired by AQA, an independent education charity and the largest provider of academic qualifications for UK schools and colleges.
Long gone are the days when examinations were just a paper and pen exercise. Today, it’s a global business. High volume and highly digitised."
James Coxon
IT Director - DRS
The challenge
Like many organisations, DRS migrated it’s on-premise IT estate to the cloud around 2015, with their preferred solution being Microsoft’s Azure platform.
But, with a growing footprint of IT in the public cloud and the ever-increasing threat of a potential breach, it was clear to the senior team that a new approach to cybersecurity was needed. In the past, their monitored IDS/IPS solution had been sufficient. But with digital transformation, a more comprehensive managed cybersecurity service was a natural progression for them.
As James Coxon, IT Director at DRS commented: “Long gone are the days when examinations were just a paper and pen exercise. Today, it’s a global business. High volume and highly digitised”.
“With this, a much greater degree of scrutiny is needed because the systems we run are a prime target. Cyber attacks are becoming more sophisticated all the time and so continuous monitoring and threat hunting is essential to prevent a full breach.”
Their first response was to look at native tools such as Azure’s Sentinel service. But it soon became clear that the time required to configure and maintain the system would become a full-time role in itself, let alone the requirements of a team of sufficiently trained analysts required to monitor the alarms and actively hunt for threats across the source data sets.
All security related incidents can now be reviewed in a single pane of glass."
Joe Pike
Cloud Infrastructure Architect - DRS
The solution
DRS engaged with Claranet’s Cyber Security team to assess its Managed Detection and Response service as an alternative. This offered the company a combination of cloud-based SIEM software with human SoC analyst’s who would act as an extension of the in house IT function. In other words, no need for heavy capital investment or lengthy and complex implementation and tuning exercises.
Faced with a move to public cloud and the need for a more comprehensive cybersecurity solution, Claranet and DRS then worked together to design and implement an early ‘Threat Hunting’ process to identify and prevent potential incidents that could interrupt operations, or worse. The value of the solution was immediately apparent for James and his team.
We are incredibly pleased with the partnership we have formed with Claranet. Their Technical and Delivery teams are knowledgeable and thorough. From Proof of Concept to Production, the transition was seamless."
Joe Pike
Cloud Infrastructure Architect - DRS
The result
A leveraged Security Operations Centre for a fraction of the cost of running the capability in-house, providing expertise around the clock, with Claranet supporting DRS as a long-term and trusted partner.
With their new Managed Detection and Response service now fully up and running, DRS are better placed to provide a secure-by-design e-Assessment service to all its customers.
All systems are continuously monitored, with automatic response now working to prevent low-level threats, and Claranet’s security analysts monitoring and ready to step in on more serious potential breaches.
Speaking about the result, Joe Pike Cloud Infrastructure Architect at DRS, added:
“We are incredibly pleased with the partnership we have formed with Claranet.
“Their Technical and Delivery teams are knowledgeable and thorough. They look out for the best interest of their customers and have worked with us to deliver a solution that brings real value.
“From Proof of Concept to Production, the transition was seamless. We were especially impressed by the ease of integration with existing products and services, which very quickly allowed the IT Team to identify potentially malicious traffic.
“This also allows the support team to view all security related incidents in a single pane of glass. In short, we are now more confident than ever of being able to rapidly identify and respond to any potential threats, both today and in the future.”