Looking back at five years Wortell MxDR

In this blog post, Jeroen Niesen, Lead MxDR at Wortell, invites you on a journey through the dynamic landscape of cybersecurity. From pioneering Microsoft security solutions to scaling services and embracing evolving threats, Jeroen shares insights gained from five years of dedication and innovation. Get ready to delve into the challenges, milestones, and transformative experiences that have shaped Wortell's approach to cybersecurity.

Last week, while flying back from the RSA Conference in San Francisco after winning the MSSP Partner of the Year award, I found myself reflecting on my last five years at Wortell. Looking out the airplane window, I reflected on how our initial goals have transformed into real achievements.

The vision: becoming the best Microsoft security provider

From the very start, the vision was bold yet simple: to be the best Microsoft security provider in the world. The road from vision to reality however isn’t anything but simple. It was filled with challenges that pushed me to be persistent, innovative, and let me learn a lot of new skills.

5 years ago, Microsoft's security products were less common in the cyber security world. Traditional security services mainly consisted of a on-premises SIEM system with numerous connected tools, mainly focused on network security. We believed however in the Microsoft story and build our service around them. We worked hard to persuade our customers to adopt this innovative approach, showing them the full benefits of Microsoft's portfolio. Over time, numerous Gartner reports have supported this strategy as a industry standard. If I look back, I can safely say the Microsoft products have proven to be very effective, accurate and reliable.

Onboarding the first customer: a crucial milestone

After developing the minimum viable product for our MxDR service, we reached a significant milestone by onboarding our first customer. This was a crucial step as it opened valuable channels of feedback. We began receiving insights both internally, concerning our procedures, and externally from our customer. These feedback streams are vital, continuously driving improvements in our service.

Dealing with multiple customers required us to scale up. Scaling up our services presented its own set of challenges. We had to invest ahead of our current needs, balancing on a thin line between growth and sustainability. At the same time, my role evolved from being involved with almost every decision in our division to learning how to delegate effectively. Learning to delegate was like stepping off a cliff and trusting I’d learn to fly on the way down. It was uncomfortable, watching others take the reins while still mastering their roles, but it was necessary.

Adapting to the changing threat landscape

As our services evolved, so did the volume of alerts—each one a potential threat. Early on, we decided the quality of our services should be high. This meant that we had to focus on every aspect of the cyber security kill chain. As a result of this, we face a high volume of alerts related to identities (unfamiliar sign-ins, unfamiliar sign-in locations etc.) and other early-stage tactics. Automating became our mantra, not just for efficiency but for survival. The discipline of standardizing services, though challenging, streamlined our operations and made room for innovative exceptions that satisfied our clients without compromising security.

Having a cyber security service means we must constantly adjust our service to stay aligned with the changing environment. The threat landscape is continuously evolving, and new features and tools are getting available at a fast pace. For us, this involves significant effort in updating our processes and enhancing Vidara, the SOAR framework we've developed to scale our MxDR service. Additionally, it's crucial to ensure that our team's skills are current and that they are equipped with the latest knowledge. While these updates might seem routine, the pace of change in cybersecurity is exceptionally rapid, which adds an extra layer of complexity to our work. To stay ahead we are even integrating new capabilities such as artificial intelligence (AI) into our development and security teams.

The evolution of Microsoft's cybersecurity landscape

Talking about technology, witnessing the evolution of Microsoft's cybersecurity landscape has been truly inspiring. Notable developments include the introduction of Copilot, which has revolutionized how we manage and respond to security threats; the rise of Microsoft Sentinel, now a cornerstone in our security operations; and the strategic unification of Microsoft Sentinel with Microsoft XDR, enhancing our capabilities with a more integrated and powerful defense platform. I am honored to work closely with the various product teams on these products. You are the best!

Gratitude for collaboration and team excellence

Reflecting on this journey, my heart is full of gratitude for every moment of collaboration (with our customers, the internal teams and Microsoft), every challenge that pushed us further, and every individual who has been part of this adventure. I can say I work with the most passionate and finest cyber security professionals in the world! The award is not just for Wortell; it's for all of my team mates who believe in making the digital world a safer place.

As I look to the future, I'm excited about the innovations and challenges ahead. But more than anything, I am committed to continuing this journey of growth, learning, and excellence!

Thank you to everyone at Wortell, Microsoft, our partners, and our customers. Your trust and support mean the world.