Rolling past modern transportation issues

The National Railway Company of Belgium (SNCB) epitomizes the word “challenge.” After nearly a century in operation, the company plies a network of 6,399 kilometers of mainline tracks and carries more than 250 million passengers a year. That rapidly increasing passenger group is the company’s highest priority, so ensuring the railway’s availability and safety is paramount. Keeping everything on the rails takes hard work by the company’s more than 20,000 employees, a mix of knowledge workers and frontline workers in stations and on trains.

Securing the critical infrastructure of a vibrant transportation company in today’s era of heightened cybersecurity risk requires vigilance over a complex environment. Consider the size of that task: 3,000 assets in the SNCB’s datacenter, devices for 8,000 knowledge workers, and a plethora of other endpoints for about 12,000 frontline workers using multiple devices in a high-availability setting. A five-person incident response team manages that fast-paced environment, which is relentlessly assaulted by malicious hackers. That’s why SNCB turned to Microsoft Security solutions for a coordinated approach to securing devices and data.

Putting the brakes on cyberthreats with Microsoft Sentinel

When SNCB began its modernization journey, it adopted a security-forward cloud option: Microsoft Azure. “Microsoft is the clear front-runner in the cloud marketplace,” says Bouke Stijns, Chief Information Security Manager at the National Railway Company of Belgium. “Google and Amazon still have a long way to go to match the performance that Azure offers, and we trust Microsoft’s diligent security with our data.” Adds Paul Standaert, CISO Security Operations Team Lead at the National Railway Company of Belgium, “The connected security solutions that Microsoft provides to support its cloud capabilities were a major incentive for our choice of Azure.”

The company deployed Microsoft Defender for Cloud to protect its cloud workloads and rolled out Microsoft Defender for Office 365 to protect the productivity apps that its knowledge workers use. With the company’s cloud journey well underway and proactive cybersecurity its perennial watchword, SNCB revisited its choice of security information and event management (SIEM) solution.

Until 2020, SNCB’s SIEM was QRadar. “We wanted a SIEM that would better integrate with all of the security tools in our environment,” says Standaert. Working with SNCB’s external security partner, his team deployed Microsoft Sentinel. “When we adopted Microsoft Sentinel, we gained full visibility over our environment and consolidated vendors,” he continues.

SNCB needed the most efficient tool it could find to optimize its small security team. “Our team needed a centralized tool to afford visibility throughout our entire estate,” explains Standaert. “We adopted Microsoft Sentinel so that we could manage our landscape on one console. Now we can compile a historical record to make correlations between diverse types of information.”

The company’s incident response team and forensic analysts needed a simple way to query threat data. Because the Microsoft query language (Kusto Query Language, or KQL) is intuitive and fast to learn, new team members can write simple queries which they can combine for more complex issues. “That’s vital when we have to correlate events in the moment,” says Standaert. “No matter which Microsoft solution our cybersecurity team members are using, they only need to know KQL.” Finding new team members also became somewhat easier after SNCB adopted Microsoft Sentinel. “It’s not easy to find cybersecurity experts, but most of them have Microsoft Security solution experience,” adds Standaert. “Onboarding new employees and upskilling them is faster than using another tool set or requiring them to learn how to use multiple tools.”

Connecting people and devices

SNCB’s next stop was to help secure and seamlessly manage 33,000 diverse devices. The company’s frontline workers operate in a highly mobile, fluid environment that demands immediate responsiveness. Train conductors and drivers might use multiple devices. Replacing the hand signals and whistles of the past, conductors at most stations use smartphones and smartwatches to communicate with train drivers, signaling that all doors are closed and it’s safe to depart, for example. Drivers use lightweight tablet devices to stay on top of the most recent procedures and safety measures. 

The company easily manages more than 21,000 devices with Microsoft Intune. “Intune is a huge success story for SNCB,” says Stijns. His team fully containerizes SNCB applications on smartphones so that the company can’t access employees’ personal apps and data. He also appreciates that compliance with the General Data Protection Regulation (GDPR) is built into Microsoft solutions and the Microsoft licensing model, which optimizes the IT budget in an industry that allocates resources to passenger experience rather than IT expenditure. “Our Microsoft license offers an extensive set of security solutions that optimizes budget and reduces the number of vendors we need to coordinate with,” he explains.

The company covers about 12,000 endpoints throughout its environment with Microsoft Defender for Endpoint. “We gained greater control over our endpoints, and we continue to expand that more granular management,” says Stijns. The resulting interoperability with the company’s other Microsoft solutions—Microsoft 365 and its on-premises identities in Windows Server Active Directory, in addition to Intune—illuminated the advantages of using a coordinated tool set. “Because we use Microsoft Sentinel connected with Defender, we’re ready to respond quickly in case of a security event,” adds Standaert.

Gliding into a more connected future

Just as SNCB trains are always running, the company’s IT team never rests. It’s well into its digital transformation roadmap and is now laying the groundwork for an upcoming enterprise resource planning system rollout, which will coordinate data with Microsoft Security solutions.

Although Stijns and Standaert are occupied with the behind-the-scenes complexities of running a vast IT landscape, they never forget the people who depend on the company’s services. “SNCB is part of Belgium’s critical infrastructure. Making sure that our passengers can depend on constant service availability and enjoy their experience is always our priority,” reiterates Stijns. “We trust Microsoft technologies as our tools for building cybersecurity resilience.”