Sentinel and cybersecurity on subscription

The GS1 Foundation uses the outsourced Security Operations Center service provided by All for One. The service is delivered in coordination with the client, based on an SLA contract. All for One’s role is to protect the organization against cyberattacks. This includes continuous monitoring and improvement of the security posture, prevention of cybersecurity incidents, their detection using advanced tools, analyzing of and responding to threats, and proactive measures. We also prepare recommendations for necessary investments in the cybersecurity area.

Every organization has specific IT security requirements. That is why we typically begin our cooperation with the client by conducting a detailed analysis of their needs, which later enables us to propose the implementation of specific solutions.

In the case of GS1 Poland, after a thorough assessment of the previously used solutions and current needs, we decided to implement Microsoft Sentinel – an advanced SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) platform that provides monitoring and response to threats across the IT infrastructure. Thanks to its integration with other Microsoft products and third-party solutions, Sentinel enables the collection, analysis, and automated response to security incidents.

Carried out over several weeks by All for One consultants, the implementation work covered all stages of the platform deployment – from taking inventory of all potential event sources at GS1 Poland, through planning their archiving and correlation within the Sentinel environment, to developing reporting and alerting mechanisms.

The system monitoring covered:

• User endpoint devices (workstations, phones);
• Network devices;
• Servers hosted both on-premise and in the cloud;
• Business services provided by hyperscalers;
• Hosting services.

Each day, the Sentinel service processes from several million to over ten million events. The events are then analyzed and classified, providing the basis for either automated or manual responses. Each day, alerts (related to individual potential threats or suspicious activities) and incidents (groups of related alerts that together form a more comprehensive picture of a potential threat) are generated and require further investigation. These tasks are carried out as part of the Security Operations Center service provided to GS1 Poland by All for One.

Sentinel reports ongoing visualization and analysis of security coverage based on the MITRE ATT&CK framework – a publicly available knowledge base of tactics and techniques used by attackers.

Another helpful feature of Microsoft Sentinel is the visualization of the geographical origin of detected threats.

Using Microsoft Sentinel, we have built a platform that enables full observability of IT system events at GS1 Poland, both in the on-premise environment and in public clouds. This tool is primarily used by the Security Operations Center team at All for One, while the IT team at GS1 Poland receives regular reports on security events.

Integration with various services such as Defender XDR, Intune, and Fortinet ensures broad protection of the IT infrastructure. Thanks to its flexible configuration and analysis capabilities, Sentinel serves as a key component of the security strategy in modern organizations.

With the support of Sentinel and All for One consultants, the GS1 Poland Foundation has gained security management as a service that not only enhances protection levels but also optimizes processes related to incident monitoring and response.

GS1 Poland is part of GS1, a global organization developing the world’s most widely used system of standards. The best-known GS1 standards include GTIN (product identification), GLN (location identification), and SSCC (logistics unit identification).

Unauthorized access to critical information or an attempt to manipulate assigned identifiers could disrupt supply chains. That is why we are strongly committed to ensuring the highest quality of services provided by GS1 Poland and securing our systems against cyber threats.

We decided to implement Sentinel, a tool for security information and event management (SIEM) as well as security orchestration, automation and response (SOAR) in the cloud. With intelligent security analysis, it enables detection of advanced cyberattacks. The implementation of this tool has been supported by a team of top-class experts from All for One. Thanks to their knowledge and commitment, the implementation of the tool has proceeded smoothly, and today our systems remain under their ongoing supervision.

Adam Kubisiak, IT Systems Integration Manager, GS1 Poland

The key features of Microsoft Sentinel include:

• Data collection – the ability to aggregate logs and events from various sources, such as operating systems, cloud applications, network devices, and security platforms;
• Threat analysis – the use of artificial intelligence and behavioral analytics to detect anomalies;
• Response automation – leveraging SOAR mechanisms, such as Playbooks, to automatically respond to incidents;
• Real-time monitoring – customizable dashboards that allow for continuous tracking of activities and threats;
• Advanced queries – using KQL (Kusto Query Language) to search for threats and analyze logs.

Analytic rules enable the automatic analysis of collected data, detecting patterns and anomalies that may suggest security incidents. They help quickly generate alerts and escalate detected threats for further analysis.

• Alerts – automatic notifications about detected anomalies or suspicious activities;
• Incidents – grouping related alerts into a single incident for further analysis and escalation.

Threat response in Microsoft Sentinel is supported by various response tools:

• Playbooks – automated threat responses using Azure Logic Apps;
• Workbooks – interactive reports and visualizations of logs;
• Hunting Queries – predefined KQL queries for threat analysis;
• Dashboards – visual monitoring dashboards customized to the client’s needs.

GS1 Poland is part of GS1, an international not-for-profit organization that has been developing the world’s most widely used system of standards for over 50 years. The most well-known GS1 standard is the barcode, now used globally and scanned 10 billion times a day. The BBC has recognized it as one of the 50 things that have most significantly contributed to the emergence of the modern economy. The standards developed by GS1 enable companies to identify, capture, and share information about products, locations, partners, shipments, and events across the entire supply chain. They are used in sectors such as retail, e-commerce, logistics, construction, and healthcare. GS1 standards help organizations operate in a more efficient, safe, and sustainable way.

GS1 has local member organizations in 118 countries and brings together over 2 million GS1 System participants, including more than 46,000 in Poland.

GS1 Poland actively educates the market on digital transformation, data standardization, and ESG, including through the GS1 Digitalization Academy, which helps businesses gain practical knowledge and implement modern solutions.

For over 25 years, we have been delivering secure services to hundreds of our clients. We support GS1 Poland on multiple levels, with the entire scope covered by the Security Operations Center service based on Microsoft solutions, including Sentinel. The most important part of our work is to ensure the operational continuity of the client’s systems, whether they run on a cloud-based or on-premise solution. What matters most is the rapid and effective identification of potential threats and internal escalation to maintain the full security of systems and services.

Michał Strzyżewski, Manager Cloud Services, All for One Poland

Maintaining and improving protection against digital threats requires a multidimensional approach – from both the management and technical sides. With the support of All for One, GS1 Poland has been comprehensively addressing this challenge for several years, systematically achieving its set goals. As a natural part of the evolution of IT services delivered by the internal IT team at GS1 Poland, the need arose to enhance situational awareness of events and threats emerging in a rapidly growing hybrid IT environment. A tool that effectively addresses these needs is Microsoft Sentinel, a scalable, cloud-based platform for security information and event management (SIEM) as well as for automation and response to threats (SOAR), implemented for GS1 Poland.

It is worth noting that the archiving, protection, and analysis of system logs, as well as the monitoring of activities for potential incidents, are requirements of all widely recognized information security management standards, such as ISO/IEC 27001 and VDA ISA/TISAX, as well as legal regulations under the National Cybersecurity System, which implements the NIS and NIS2 Directives. Above all, however, a commitment to cybersecurity – demonstrated by a detailed understanding of events occurring within the IT environment – should be a top priority for IT leaders and information security officers of each organization.

Microsoft Sentinel is one of the tools implemented by All for One that supports our clients in monitoring and understanding events occurring in their environments, effectively enhancing their level of cybersecurity.

Rafał Grześkowiak, IT Project Manager, All for One