Dito, a Google SecOps Service Delivery partner, was contracted by a statewide Information Technology Center serving the state’s public school system, to provide professional services for the configuration and migration to a new instance of Google Security Operations (previously known as “Chronicle” Security Operations).

The previous setup, which was licensed and operated by a large Managed Security Service Provider (MSSP), focused solely on SIEM (Security Information and Event Management) capabilities. However, the organization was seeking to take full control of its SecOps environment, including the addition of Security Orchestration, Automation, and Response (SOAR) functionalities.

Challenge

Unsatisfied with the limitations of its MSSP-managed SIEM solution and the desire to have more control of its security operations, the organization partnered with Dito to chart a path forward. Dito leveraged its deep expertise in the Google SecOps platform to guide the implementation of the new SIEM tenant, configure the SOAR capabilities, and provide strategic guidance to optimize their overall SecOps practices.

Solution

Dito’s security team collaborated closely with the customer to fully understand the organization’s current security operations setup and future goals.

Through a series of technical sessions, Dito configured the new Google SecOps environment, including integrating single sign-on (SSO), setting up log ingestion, and applying risk scores to detection rules to enhance the triage process and optimize alert management.

Additionally, Dito expanded the customer’s decision trees and response playbooks, automating security responses to aid the organization in independently managing the SIEM/SOAR environment long-term. This collaborative approach ensured that they could seamlessly transition to self-sufficiently operating and enhancing its SecOps capabilities.

Results

Dito’s tailored implementation and knowledge-sharing enabled the organization to achieve its goal of independently managing its own Google Security Operations environment. The addition of risk scores to detection rules resulted in fewer false positives, while the automated triage and response playbooks optimized their overall IT operations.

After several weeks of close collaboration and a structured implementation cadence, the customer successfully transitioned to self-managing its Google SecOps instance. This milestone not only strengthened the organization’s security posture but also empowered its team to continually evolve and enhance its security operations strategy.

Ready to Transform

Securing & Accelerating Your Cloud Journey