Case Study

Quorum bases its Cyber One solution on Microsoft Sentinel, easing and lifting security for customers like CountPlus

2022-01-25

Managed security service provider Quorum Systems gets the crunch its small- and medium-sized business (SMB) customers face: competing with enterprise companies means finding enterprise-level tools on a small business budget, and their emphasis needs to be on supporting a company vision, not IT security. Case in point is leading Australian accounting network CountPlus, which needed outside experts to handle cyber security. That’s why Quorum created its Cyber One portal, a streamlined way for its SMB customers to stay on top of security affordably. Based on Microsoft Sentinel, the solution also uses Microsoft security intelligence to make supporting those customers easier—a win for everyone.

We used Microsoft solutions to develop Cyber One—a valuable tool that really hits the mark. I’m most proud of the impact our product is having to enable our customers to enhance their security.

Gavin van Niekerk: Practice Manager of Cybersecurity – Quorum

Quorum believes in the importance of karma. “Do right” is a corporate value held by the innovative managed service security provider (MSSP). It adheres to that value as it counters the cyber criminals who hold less honorable intentions.

The Sydney, Australia-based company also prides itself on the inventiveness it brings to supporting its small- to medium-sized business (SMB) customers who work hard to stay ahead of the constantly evolving threat landscape. Its highly trained systems engineers and architects are Microsoft experts who not only know the solutions in depth—they have a solid grounding in the breadth and interconnected value of the platforms. Quorum trusts Microsoft Sentinel, the solution that epitomizes that interoperability, as the base of its Cyber One managed security incident event management system.

Thanks to its deep Microsoft expertise, Quorum has created a system that it can use to deliver exactly the right level of managed security for every customer—like long-time Quorum customer CountPlus, a typical business customer eager to share its security burden with a highly skilled MSSP.

Providing enterprise-level performance, SMB affordability

When Quorum set out to create a managed security service solution for its SMB customers, it prioritized value for customers who often lack in-house security expertise. “We asked ourselves tough questions to kick off our Cyber One project,” says Gavin van Niekerk, Practice Manager of Cybersecurity at Quorum. “Microsoft has a number of portals. Was another one really needed? We decided ‘yes,’ but with the key principles of avoiding duplication while reducing insight complexity.” Following a roughly 12-week development project, Quorum released Cyber One, which went live in late 2020.

Cyber One simplifies security data for SMB customers while also consolidating the information managed service providers depend upon to support their customers. It’s sometimes described as a wrapper for Microsoft Sentinel, Microsoft Defender for Cloud, and the rest of the Microsoft Defender suite, as well as other Microsoft security technologies—an easy way for SMBs without their own cyber security teams to quickly get insights they need. “We created Cyber One to streamline security service delivery and incident management with Microsoft capabilities and Microsoft security tools,” explains van Niekerk. “Microsoft Sentinel is a key part of Cyber One, but it’s not a hard requirement for the customer. We strongly recommend that they use it, but they can use Cyber One to hook into APIs within their estate to get the data we need.”

Sharing insights while taking on the heavy lifting

Quorum knows that without a dedicated security team and with a mission demanding their focus, many SMB customers need help to protect their data.

Quorum customer CountPlus is typical. It’s a fast-growing network of 16 professional accounting and consulting firms and associated sole practitioners. Numerous priorities kept its skilled IT manager from focusing on key security architecture insights. “For a company like CountPlus with a time-challenged IT professional, the ability to self-enable fast insights with the Cyber One platform was vital,” says van Niekerk. “CountPlus’ IT manager didn’t have to submit a ticket or email to our team with questions. He could slice and dice the data through the dashboards enabled through Azure, determine insights, and share them as he needed to within CountPlus.”

In less than six weeks, CountPlus went completely live on Cyber One. Quorum has full visibility into its customer’s vulnerabilities and supply patches, as needed. CountPlus IT staff, on the other hand, can view the Quorum team’s progress in real time. “We take our customers on a full-circle journey, wrapping up with an improved security posture,” says van Niekerk. “Their data transformation platform and service is working well, secured by controls and monitored by Cyber One. And with an easy way to monitor the estate continuously, the security posture doesn’t drift.”

Building on an intelligent security platform

Van Niekerk points out the need to right-size the solution to the customer. Quorum relies on Microsoft Secure Score to assess customer security postures. The solution pulls data from the Microsoft Defender suite: Defender for Office 365Defender for EndpointDefender for Identity, and Microsoft Defender for Cloud Apps. It also incorporates Microsoft Azure Active DirectoryMicrosoft Teams, and Exchange Online. Secure Score awards points for tightening security features and addressing issues, with the high-number scores indicating stronger security postures. Van Niekerk feels that those scores aren’t always a black-and-white matter. “No one wants a Secure Score of 20 or 30 percent,” he says. “But of course, customers always ask what their score should be. It really depends on the organization. We guide them to a score that is attainable, understandable, and safe.”

That same intelligence underlies Microsoft Sentinel, which uses machine learning to lower alert fatigue. “The Microsoft platform natively is very good at reducing false positives,” says van Niekerk. “We’re grateful for the quality the Microsoft research and development and engineering teams build into Microsoft Sentinel and all the tooling, because the system does the heavy lifting before the data gets to us, so we have few false positives to deal with.”

A direct link to the Quorum IT service management ticketing system is one of the key efficiencies built into Cyber One for the benefit of both customers and the Quorum support team. The system automatically assigns a ticket number within the Cyber Security board in Cyber One to all high severity alerts and incidents, ensuring that Quorum’s security operations teams not only comply with its agreed service level agreements, but also have a fluid mechanism to transfer ownership, enable faster collaboration, and report on trending information—all with the goal of improving mean time to response. “Customers often ask for 24-hour, 7-day [per week] support, but that gets expensive for them,” says van Niekerk. “We have a smarter way of providing that responsiveness by using push notifications for our on-call team, who can respond right away.”

Building strength from great relationships: MISA and Cloud Collective

Quorum appreciates that security isn’t just about stellar technology. Human behavior is key to a digital asset defense strategy. Quorum prioritizes its relationships with every customer to ensure “best fit” solutions and practices. On the other side of the relationship equation, the company relies on its membership with the Microsoft Intelligent Security Association (MISA) and the Cloud Collective, of which it is a founding member.

As a member of MISA—an ecosystem of managed security service providers and independent software vendors working together to provide coordinated cyber security solutions—Quorum extends both its depth of cybersecurity solutions and its ability to help its customers. “I see MISA as an ecosystem of like-minded individuals and organizations that align with Microsoft security solutions,” says van Niekerk. “It gives us the insights, visibility, and connections not only to Microsoft engineering and product groups, but also to other experts and organizations within the industry. Coming together as a collective think tank is invaluable to our cybersecurity work.”

The company is also a founding member of the Cloud Collective, a group of four Microsoft partners at the gold competency level that pools its varied skills and solutions to bring deep expertise to its customers.

Supporting security with ‘One Microsoft’ impact—for the long term

Quorum relies on the value of interoperability in the Microsoft solutions used by so many of its customers. When customers occasionally ask about combining solutions from diverse solution providers for a ”best in breed” strategy, van Niekerk points to the ROI and extended detection and response (XDR) considerations. “We see so many benefits from One Microsoft interoperability from a Cyber One perspective,” he explains. “XDR is much, much easier from an MSSP perspective, while the customer benefits from being fully covered in their Microsoft 365 E5 estate. Everything is fully connected, on, and tuned. It makes it easy for us to respond to and actually contain security incidents.”

CountPlus was gratified at its Secure Score jump to 79 after it adopted Cyber One. It hadn’t had the capacity for the degree of in-house monitoring and security it needed, and Cyber One fit the company’s needs exactly. “We’ve found that Cyber One provides more comprehensive monitoring and identifies incidents earlier compared to other solutions,” says Reghinald Gabila, Head of Licensee Systems at CountPlus. “It’s also extremely competitive on price, coming in at four times less expensive than some solutions.”

Like CountPlus, other customers soon voiced their appreciation for the Cyber One platform. “We’ve gotten very positive feedback from customers, Microsoft, and other Microsoft partners we work with,” says van Niekerk. “We used Microsoft solutions to develop Cyber One, a valuable tool that really hits the mark. I’m most proud of the impact our product is having to enable our customers to enhance their security.”

Find out more about CountPlus on, Facebook, and LinkedIn.

I see MISA as an ecosystem of like-minded individuals and organizations that align with Microsoft security solutions. It gives us the insights, visibility, and connections not only to Microsoft engineering and product groups, but also to other experts and organizations within the industry. Coming together as a collective think tank is invaluable to our cybersecurity work.

Gavin van Niekerk: Practice Manager of Cybersecurity – Quorum

We’re grateful for the quality the Microsoft research and development and engineering teams build into Microsoft Sentinel and all the tooling, because the system does the heavy lifting before the data gets to us, so we have few false positives to deal with.

Gavin van Niekerk: Practice Manager of Cybersecurity – Quorum

Share this post
Back