Quintet Private Bank drives trust and security across its customer base using Microsoft Sentinel and Microsoft 365 Defender (XDR)

“We finally have a cloud-native solution that we can use at scale for whatever security needs we have, now and in the future. A modern security operations center giving crucial peace of mind to us and all our customers.”

Thomas Chiché, Group Chief Information Security Officer at Quintet Private Bank, is discussing cybersecurity at his organization and the project that’s helping to guarantee it.

“At Quintet, our goal is clear: to be the most trusted fiduciary of family wealth in Luxembourg and beyond,” he says. “And we believe that data protection and cybersecurity are essential to making it happen.”

Over the past year, Quintet has been working to make this vision a reality. Supported by Microsoft and its partner NVISO, the company has embarked on a large-scale project aimed at strengthening its security posture and bringing in new layers of protection across Quintet’s operations. All powered by Microsoft Sentinel and Microsoft 365 Defender Extended Detection and Response (XDR).

“To be successful in a sector like the Financial Services Industry means earning the trust of your clients while staying compliant to regulations,” he says.

“That’s exactly what this project is giving us: a platform that we can rely on to protect and handle our clients’ assets in the safest way.”

Modernizing security to protect customers' sensitive data

One of Luxembourg’s most prominent Wealth Management Institutions, Quintet is a globally renowned private banking leader serving thousands of individuals, families, and organizations across 50 European cities.

From a threat management and data protection perspective, that means one thing: the stakes are very high. And the expectations even higher.

“Our clients naturally expect us to take all the necessary steps to protect their sensitive information and prevent data breaches,” says Thomas Chiché. “Failure to meet these could have terrible repercussions – from reputational damages to regulatory sanctions and more.

“On top of that, we operate in a highly strict, heavily regulated sector, which puts us under even more pressure to be watertight secure with our data and assets.”

Addressing these needs is something Thomas Chiché and his department have long been devoted to – and spent the past few months taking to the next level. “My team operates by one simple vision,” he explains. “To protect the bank’s assets and bank clients’ assets with an added-value spirit.

“Our core work is establishing mechanisms to anticipate, counter and recover from threat, but also to monitor our systems and be constantly aware of what’s happening.”

In recent years, it became clear that Quintet’s new strategy required a modern and future-proof approach. “We leveraged the opportunity of our contract with the previous service provider coming to an end to launch an elaborate RFP for Managed Security Services,” he says. “We clearly articulated our future-proof strategy and stressed the importance of a modern approach to both technology and service offering.

“NVISO and Microsoft put together a compelling story in which we recognized the elements of our strategy.”

The right technology and security partner for Quintet’s future-proof strategy

As they set out to find their perfect security provider and partner, Quintet knew exactly what they needed from their successful candidate.

“Back then, our monitoring efforts were mainly based on a security information event management (SIEM) solution which was no longer a good fit with our vision for the future and current threat landscape,” says Vincent Fougerouse, Senior Information Security Officer at Quintet Private Bank.

“At the same time, we were in the midst of evaluating a cloud-first strategy, so we needed a solution that would not stand in the way of these plans too.

“Lastly, it was important for us to extend our detection coverage under the MITRE ATT&CK global framework, which is crucial for anyone operating in cybersecurity.”

He says that European cyber security services company NVISO, which came in partnership with Microsoft, proved to have all of these requirements and more.

“Microsoft and NVISO proposed to us an early version of what we have now,” adds Thomas Chiché. “We were particularly happy when they proposed leveraging the Microsoft Defender Platform that we already had in place and then coupling with Microsoft Sentinel to cover a relevant part of the MITRE ATT&CK framework.

“That was exactly the type of plan that we were looking for.”

A new SOC built in 3 months to meet Quintet’s ambitions

Once the choice was made, the migration and implementation took just over three months to happen.

“In the space of three months, we were able to migrate our log sources to Microsoft Sentinel and build a fantastic, cloud-native solution that’s supporting us in our ambitions and journey,” says Vincent Fougerouse, stressing the importance of NVISO’s support making it happen.

“An element in which the Microsoft Security Platform largely excels is its ability to have one ecosystem bringing together different parts, from on-premise systems to Microsoft Sentinel, Microsoft 365 Defender (XDR), Azure ARC and Azure Log Analytics (Azure Monitor),” explains Erik van Buggenhout, co-founder and responsible for managed services at NVISO.

“That’s ultimately what we managed to deliver over the past few months – a solution that successfully combines endpoint protection, cloud protection and on-prem protection, while also being able to integrate it with network device detection and response.”

Particularly helpful, says Thomas Chiché, is the combined effort that the partners put in the realm of log analytics. “A challenge for us before this platform was finding a way to optimize the volume of logs we ingest,” he comments. “On top of that, we also needed support working on our control logs too.

“This is a particularly sensitive side of our SOC due to the regulation surrounding it. But NVISO and Microsoft were very good in understanding our needs and delivering what we asked.”

Echoing his words, Erik van Buggenhout adds: “From the very beginning, we at NVISO realized that we could use the XDR platform as baseline to cover the key grounds, and then build on top of it when needs arose.”

“By taking that approach, we made it much less heavy when it came to adjusting the volume of logs still needing to be added to the Sentinel platform. That gave us the opportunity to make the detection part very selective and also come with a very cost-effective approach.”

100% more detection, 50% less incidents, 240% more security coverage

The platform has been an instant success.

“Since the solution has been live, we started taking some KPIs and were very impressed with the results,” says Thomas Chiché.

“For example, our new solution was able to detect 100% more security events than previously. And while the number of security events has more than doubled, we now have 50% less false positives.”

This is particularly relevant for the first line of defense, which is down to a team based in the Luxembourg headquarter. “We receive twice fewer security incidents now, which means half as much work needing to be managed at a local level,” he continues. “From a MITRE Att&ck coverage perspective, that amounts to some 240% more than in our previous environment.”

Much of that, he says, is due to the Threat Intelligence Framework provided by NVISO and Machine Learning capabilities that come with the Microsoft products and the NVISO solution, and which help to increase the quality of the solution even more. “Automation is an essential item to any SOC,” he comments.

“Together with NVISO, we’re embracing it fully and using it to get greater understanding of what’s happening in our system, the types of incidents happening and how you can be better prepared for them.”

Setting new standards for the Quintet group and the wider Luxembourg financial sector

Quintet is already looking at the next steps of its widely successful initiative.

“We have already started working to extend our threat intelligence framework to data leakage as part of more prevention efforts,” explains Vincent Fougerouse. “Then, we’ll use the insights that we get from it as useful information on all our future projects of SOC expansion and improvements.”

The new features of Microsoft Security Copilot may point to interesting prospects for SOCs to be evaluated further down the line.

To stay even more on top of the solutions’ performance, Quintet is also increasingly organizing assessment reviews that aim at making sure that its security solutions are working as expected.

“This is a key part of our collaboration with NVISO and Microsoft,” says Thomas Chiché. “One of the challenges we faced as a bank with this project was making sure that we had the right expertise internally to manage the various parts of our SOC.

“So having a service provider that supports us on using Microsoft solutions is absolutely crucial.”

That, he concludes, is only further testament to the outstanding work that has been delivered. “Before, our work was fragmented, made complicated by the fact that we had two different service providers and a traditional SIEM,” he says.

“Now, we have a unified management solution that is largely simplifying things for us – allowing us to set an important, defining example to all the other entities in our group. And ultimately to provide secure, data-protecting services to all our customers around Europe.”