Eversheds, a law firm, uses Tietokeskus’ SOC (Security Operations Centre) service, which monitors security threats 24/7. Under the hood, the SOC runs Microsoft Sentinel and Defender. In addition to the Tietokeskus SOC team, the technology automatically analyses the client’s data and identifies whether alerts should be raised.
SOC goes far beyond traditional antivirus solutions. It covers everything from user identity and server log management to internet security.
“Eversheds is part of the international Eversheds Sutherland network. The SOC service we implemented also meets the security recommendations set by the global network,” says Mika Jääskelä, Head of IT, Eversheds Finland.
“24/7 monitoring is essential because our staff travel extensively, and security threats can arise at any time.”
The SOC service has improved the monitoring of security threats and reduced risks caused by key personnel being absent.
“With the SOC service, we’ve detected security anomalies that we wouldn’t have noticed on our own. For a small internal IT team, having continuous monitoring in the background is particularly important, especially when our staff are on vacation or sick leave.”
All of Eversheds’ platforms, servers, and endpoints are connected to the SOC service.
“We’ve been very satisfied with Tietokeskus’ service, and their security expertise is top-notch. During procurement, Tietokeskus’ references from energy-sector clients gave us confidence in their reliability as a partner.”
SOC ensures regulatory compliance
Beyond preventing threats, the SOC service helps ensure compliance with security requirements. For example, a properly functioning SOC supports reporting obligations under the NIS2 directive, which requires security incident reports within 48 hours to avoid penalties.
“The SOC service has also been valuable in our ISO 27001 certification project. The service covers the same areas required by the ISO 27001 standard.”
Core IT from another partner doesn’t prevent SOC adoption
IT support and SOC services don’t have to come from the same provider. Eversheds procures “basic IT security” elsewhere and is satisfied with this arrangement.
“Initially, implementation required effort to get the right people from both providers together at the same time. The process took time, and there were moments when it felt like one party was stepping on the other’s toes. Responsibility matrices, however, helped clarify the roles.”
After implementation, cooperation has become smoother, and a common way of working has been established.
“Now that the service is operational, alerts flow seamlessly from Tietokeskus to our partner’s helpdesk and our internal IT department.”
How the collaboration works
Collaboration between Eversheds and Tietokeskus experts primarily takes place via Teams meetings. In addition to forecasting and reacting to security incidents, Tietokeskus assists in developing overall cybersecurity: it participates in projects aimed at improving security and implements new features in security technologies as needed.
“In monthly meetings, we review security incidents together and consider any follow-up actions. Tietokeskus continuously investigates and analyses logs. They can also raise tickets if an alert appears in Defender. We’ve agreed on authorisations so that Tietokeskus can take action when security incidents occur.”
For Eversheds staff, the SOC is mostly invisible, but they are aware of its presence. They have been informed that Tietokeskus can contact them directly if something suspicious is detected. For example, in the case of a suspicious login or app usage, Tietokeskus may contact the user directly. The SOC service has increased staff awareness of security and enables quick responses to threats such as phishing attempts.
