VIDEO: Mazars Transforms Security Operations Through Managed Security Services

Mazars: Our challenge was that we needed to transform the internal security function. We had started to address this, then quickly realised that the growth of the firm was going to outstrip the capability of our internal resources. We didn’t have all the skillsets needed to keep up with regulatory requirements, and other audits and engagements.  

We reached out to different firms to see what they could offer us, and Bridewell came to the table with a really good offering. Their offering looked to mature and extend the capabilities we didn’t have, but also had that personal touch. We work with different clients and consultancies which requires building strong relationships; Bridewell had a really good understanding of that. 

Bridewell: When you take on an MSSP, there’s an element of building the relationship and building trust. How have you found that since you’ve taken Bridewell on board? 

Mazars: Bridewell gave us a high level of confidence early on due to the way they’re set up. Their client lead was very effective in learning the business and building a personal relationship, not only with myself and my staff, but for the business as a whole.  

That understanding [of our business] plays into the threat intelligence Bridewell provides, how security alerts come through and how things are processed. Bridewell was very clear on what we needed and how to start that journey to maturity. 

Bridewell: When you went out to market, there were a number of unknowns and you were looking at multiple parties. What were the differentiators that made Bridewell stand out? 

Mazars: It’s the structure Bridewell has through their client leads, customer success managers, SOC analysts, SOC managers, and cyber threat intelligence team. They all know our business and they all have that relationship with us. It was a really clear difference from the other competitors we looked at, who were very much numbers-based, alerts-based and tickets-based. Bridewell instead was asking, “what intelligence can we apply around these alerts?” and “how do we deliver the best service to Mazars that can keep pace with the way their business develops?” 

Bridewell: Six months into the relationship, what have Bridewell surprised you with? 

Mazars: It’s just the touch on things. When things go wrong, which they inevitably do in the security world, the reaction, the speed, and the calmness that Bridewell bring is invaluable. No matter what the incident is, the same structured approach is taken: the response, the quality of the playbooks, the calm that’s brought not only to myself and the technical level, but to higher management. There’s a high level of trust in the way Bridewell operate, the procedures that are taken, and how they’re managed. 

Bridewell: You came out to market looking for something that revolves around the Microsoft Security stack, why was that? 

Mazars: We’ve always been Microsoft first and we didn’t really utilise the stack in the best way. There were features we hadn’t used, and when we discussed this with Bridewell, just from the initial discussions we had, Bridewell were already suggesting elements that we could work on that would bring benefits within our current model and licensing which incurred no extra cost.  

Bridewell: Would you say Bridewell was able to help you to consolidate technology and increase return on investment.  

Mazars: Yes, the return on investment has been massive. The visibility we’ve had from products like Sentinel and Defender for Cloud, which we weren’t really utilising before, has paid dividends in all sorts of ways. We’ve been able to get rid of certain products which we weren’t looking at before, and to consolidate down into a pure Microsoft stack. 

Bridewell: Have you had any challenges bringing in third party tools into the service that aren’t Microsoft? 

Mazars: No, Bridewell was really helpful with that. There was a large amount of expertise brought to the table around the products we had. No product we had was too much of a challenge and, during implementation and onboarding. Bridewell met any challenges we faced with well-structured plans, architectural diagrams, documentation, implementation plans. Nothing was too much trouble. We got everything onboarded and have full visibility across our entire estate now. 

Bridewell: Bridewell prides itself on being an extension of our clients’ security teams. How well have Bridewell integrated with the Mazars security team? 

Mazars: The process we went through at the start, where we onboarded [our client lead] as staff meant they were embedded into everything: our systems, the chat groups, the email flows, the incident flow, the interaction between analyst to analyst, management to lead, and even higher up discussions with other areas of our business. The transition was extremely easy. It was almost like onboarding a whole new team that worked within our environment. The lines of communication being so clear and the speed of Bridewell’s response times makes that relationship so easy. It’s not ‘log a ticket and wait’. It’s ‘we have a problem, can you help?’. And Bridewell’s response is always ‘yes we can’. 

Bridewell: With that tight integration between the two working teams, how would you assess where you are in terms of your capabilities and where you think they can go moving forward? 

Mazars: Mazars is still on a journey and we operate quite a lean model, so having Bridewell as a bandwidth resource that are available to us all the time is very useful. We know that we can grow however much we want to have no problem with transformation at all, as Bridewell can scale with us. 

Bridewell: Since the MDR service has grown, what other benefits have you found in your working relationship with Bridewell? 

Mazars: One of the largest benefits we’ve found is the business relevant playbooks. During any incident, they give us an accurate model to follow and tasks to run through that are invaluable. They could be followed by anybody – whether it’s someone in my team or the wider IT team or someone from Bridewell. 

There’s also definitely a strong relationship of trust between Mazars and Bridewell. Bridewell gives us recommendations of things we’re not doing that we should be doing, that’s taken on board and always evaluated in the right way. 

Bridewell: As that trust has developed, how much more ownership have you given Bridewell in managing security incidents? 

Mazars: We’re always looking to enhance the relationship. Where we can, we are looking to push more responsibility to Bridewell by giving them the authority to act, so they can manage things end-to-end and cover our 24/7 security needs for all aspects of our network and security. 

Bridewell: Have you had Bridewell work with any external teams, in addition to your internal ones? 

Mazars: Yes. We have other third party suppliers who handle other elements of our business, and Bridewell have always been very willing to work with and adapt to what needs to be done with different suppliers.  

Bridewell: How have we helped with any of those relationships. Have those interactions been positive? 

Mazars: Yes, always positive. There’s been some very good input and procedures from Bridewell that have helped us build our relationships with those third parties as well. The standards we should hold them to and how they should be doing things from a security perspective, as well as some operational perspectives too. 

Bridewell: Earlier, you touched on the value of Bridewell’s relationships with the wider team. Can you elaborate on the benefits of those touchpoints? 

Mazars: It was established really quickly, that Bridewell don’t just hold one-to-one relationships; the client leads’ function is to maintain the relationship with Mazars as a whole. We’ve had examples where there have been incidents, be them minor or major, where the client lead has been available to liase with the analyst-level and middle-management level, and all the way up to the exec level. They’ve managed any tactical and strategic responses to incidents, which has been a great benefit. 

Bridewell: Are there other teams within Bridewell that you’ve engaged with directly? 

Mazars: Yes, so we found the CTI team were one of the really invaluable resources that we’ve engaged with. The quality of the output of their threat intelligence and the feeds they give us, help us focus on the right areas and understand what threats to look out for. This directly feeds into areas of Mazars like risk and quality. It also helps us prove the value of our security function by being proactive, highlighting that we’re always looking to defend the business from threats. 

Also, the customer success manager has been invaluable in terms of continual service improvement. The wheels are never spinning with Bridewell, we are always finding things we can improve on and things we can enhance through our relationship. 

It’s a stark comparison to other third party relationships we have, where they provide an account manager and a customer services manager that don’t really understand the business as well. They don’t know how things function or how things flow. The difference with the client lead is they have their hands in all of it and have a full understanding of everything. 

Bridewell: What have you received from Bridewell’s Threat Intelligence and how has that delivered value for Mazars? 

Mazars: The great thing about Bridewell threat intelligence is that it’s industry relevant and it’s always firm relevant. The client lead always informs the threat intelligence team how our business works, so they produce intelligence that is relevant to us and our industry (specifically tax and audit). In our industry, there’s always a lot of noise and things going on in the press, so anything that Bridewell gives us is always tailored to what we do and specifically things that we should focus on. This is true not just for ourselves but our clients that we deal with.