Case Study Mikron AG

Mikron AG was founded in 1908 in Biel, Switzerland. In the first half of the last century, Mikron contributed to the industrialization of the Swiss watch industry with gear cutting machines and tools. From the 1960s onwards, Mikron gradually expanded its activities to include milling machines, plastic components and machining systems (special machines). The Mikron Group develops, produces and markets highly precise, productive and adaptable automation solutions, machining systems and cutting tools. Rooted in the Swiss culture of innovation, Mikron is a global partner to companies in the automotive, pharmaceutical, medtech, consumer goods, writing instrument and watchmaking industries. Mikron employs about 1’400 people across their three divisions that work from 8 different locations across the globe, hence providing a stable and secure infrastructure that allows Mikron’s workforce to collaborate with internal and external people is an important mission for Mikron’s IT department.

Initial Situation

  • Classic IT infrastructure with Windows 7 enabled workplaces, most client / server management and security solutions running on-premise
  • Migration to Windows 10 through 2018 – 2019
  • 3rd party classic Antivirus solution deployed on clients and servers
  • Mikron recognizes that they need better ‘advanced’protection for their clients and servers

Our Solution

  • Security Assessments and implementation guidance supporting Mikron to improve their security posture
  • Introduction of Microsoft Defender Advanced Threat Protection (MDATP) for all Windows 10 devices
  • Migration of the existing antivirus solution for servers to Windows Defender and Microsoft Defender ATP
  • Implementation of Office 365 Advanced Threat Protection
  • Implementation of Azure AD Privileged Identity Management
  • Migration from Active Directory Federation Services to Azure AD Password Hash Sync
  • Implementation of Azure AD Multifactor authentication, Identity Protection and self-service password reset
  • Implementation of Windows 10 device compliance monitoring

Vision

  • Improve Mikron’s overall security posture
  • Provide every user with the same level of protection
  • Reduce the number of security tools from different vendors
  • Harmonize license plans

At that time Mikron was looking into raising the security posture and endpoint protection solutions were on the raise. It was clear that correlation power between many security sensors was the key to
success, so instead of looking at single products needing integration we started looking at the 365-security offering that sounded promising even for midsized business companies: a single security pane of glass for everything. Today after 2 years I can say it was the right choice, together with the expertise of baseVISION AG we reached the goal of having visibility at first and are now continuing our journey with Microsoft Threat Protection Suite.

Rolando Galeazzi, CISO Mikron group

Most beneficial Microsoft technologies used

  • Microsoft Defender Advanced Threat Protection
  • Office 365 Advanced Threat Protection
  • Azure PIM
  • Azure AD Conditional Access
  • Microsoft Secure Score
  • Active Directory Federation Services migration to Password Hash Sync
  • Azure AD Identity Protection
Fernglas: ein erfolgreiches Projekt mit Mikron

We found in Microsoft a wellbalanced solution, harmonized with our current environment (on premise and cloud), which was rapidly evolving constantly to cover all the security aspects in an integrate manner.

Daniele Colì, CIO Mikron group

We found in Microsoft a wellbalanced solution, harmonized with our current environment (on premise and cloud), which was rapidly evolving constantly to cover all the security aspects in an integrate manner. 

Daniele Colì, CIO Mikron group

The transformation

In 2018 Mikron started migrating their existing Windows 7 clients to Windows 10. Knowing that the renewal of the licensing of their existing 3rd party antivirus solution was due within the coming months and that a more advanced solution was needed to protect their users against nowadays threats, Mikron decided to conduct an evaluation of Microsoft Defender Advanced Threat protection.

Mikron Prozess: Co Sell with MS, Planning, Implementation, Review

baseVISION AG supported Mikron in conducting the proof of concept for Microsoft Defender Advanced Threat Protection. baseVISION’s security consultants worked directly with Mikron’s IT infrastructure and security teams providing installation, configuration and deployment guidance allowing Mikron to perform the needed assessment of Microsoft Defender ATP within their own environment.

Convinced about capabilities Microsoft Defender ATP can provide to protect their workforce, Mikron decided to adopt Windows Defender and Microsoft Defender ATP for the protection of their Windows 10 devices. Then shortly after making that decision, Mikron requested to also revisit the Antivirus strategy for server workloads as well and after conducting a review and some tests on various server workloads Mikron decided to migrate their existing antivirus solution for servers to Windows Defender and Microsoft Defender ATP as well.

Mikron’s workplace was now equipped with a state of the art EDR solution, Mikron’s senior IT management and their CISO were well aware that just adding an EDR solution isn’t enough and following a defense in depth strategy that they must continue reviewing and adjusting existing security related procedures and solutions to ensure that they continue to protect their users regardless of the location they work from and where they store their data. In early 2019 baseVISION, Microsoft and Mikron conducted a two-day workshop that had its primary focus on how Mikron can provide a secure and modern workplace environment for their users leveraging the capabilities included in the Microsoft 365 E5 security stack.

Throughout 2019 baseVISION and Mikron continued to work together and started planning the deployment of Microsoft Office 365 ATP which replaced a 3rd party solution, the adoption of Azure AD Privileged Identity Management that provides an extra layer to the identities of their IT administrators. By migrating from ADFS to Password hash synchronization Mikron could remove additional server workloads and complexity out of their on-premises IT infrastructure. 

As of the beginning of January 2020, the deployment of Multifactor Authentication, Azure AD conditional access along with Azure AD identity protection is deployed providing the required protection mechanisms so to protect Mikron’s employees.

Summary

In summary Mikron’s move to the cloud provides benefits that come with reduced infrastructure and increased agility. The adoption of Microsoft Threat Protection which includes Microsoft Defender Advanced Threat Protection, Office 365 Advanced Threat Protection, Azure Advanced Threat Protection and Microsoft Cloud App Security together with baseVISION allowed Mikron to reduce infrastructure and provides an integrated security solution to protect their workforce.

  • Improvement of Mikron’s overall security posture for on-premises and cloud workloads
  • Every user gets the same level of protection
  • Reduction of infrastructure and 3rd party security products

Do you have similar challenges? Dont hesitate to contact us.