Case studies
STABILO: Professional backup for your IT security
STABILO places its trust in the Cyber Security Center by Skaylink – a managed security solution for reliable 24/7 protection of its cloud infrastructure.
Companies are attractive targets for cybercriminals. And they’re getting better and better at what they do. STABILO International GmbH was well aware of this when it took a proactive approach to its IT security. With over 1,000 employees all over Europe, the company had reached a size that its IT department could no longer handle on its own. The goal was a Security Operations Center (SOC) that external security experts monitor around the clock. Through its Cyber Security Center (CSC), Skaylink is one of the few service providers in Germany that provides this with top-tier service. With the support of expert teams based in Munich, STABILO is upgrading to a new level of security.
170 years old – and forever young: STABILO brings color to the world with its products. The company is a lifelong companion – from your first crayons to professional pens for artists and ergonomic digital solutions. The wide range of products from Nuremberg is now available in 180 countries worldwide. Creativity and innovation are part of the company’s DNA, which is a part of the Schwan-STABILO Group.
STABILO takes a modern approach to its in-house digital infrastructure: State-of-the-art standards and efficient, high-quality solutions are a given. And IT security is no exception. “Security is definitely a key priority for us,” says Stefan Hügele, Security and Infrastructure Architect at STABILO. The company is aware of the possible threats and the speed at which attackers’ capabilities are evolving. With this in mind, STABILO analyzed the risks and its IT personnel resources and compared them with the requirements of cybersecurity insurance. The bottom line: It was no longer feasible for the company to handle security for its more than 1,000 employees across Europe on its own.
What to do? STABILO chose Managed SOC, in other words, an externally Managed Security Operations Center. The question of which technology to use was soon answered: STABILO uses Microsoft software as a strategic pillar. Instead of introducing a third-party solution with many interfaces at this point, they decided to use solutions that are already available in the Microsoft portfolio and can be integrated easily. Microsoft Sentinel, a cloud-based Security Information and Event Management (SIEM) platform, was chosen as the technological foundation. Now the only thing missing were the security experts to implement the Managed SOC concept.
Microsoft Defender as a game changer for the security architecture
Microsoft recommended Skaylink as a partner: Specializing in cloud infrastructure and IT security, Skaylink offers comprehensive 24/7 support with in-depth analysis through its Cyber Security Center. This was exactly what STABILO had in mind for its Managed SOC. STABILO immediately felt that Skaylink treated them as equals and understood their needs. The approach proposed by the Munich-based specialists was transparent and pragmatic. And just like that, a close collaboration was born.
STABILO had already laid the groundwork with its Microsoft 365 E5 licenses. Now, with Skaylink’s help, they explored what they could do with it. The security experts helped identify funding opportunities and synergies to make the project as cost-effective as possible. Several security workshops were held, such as those on FastTrack. The project team identified what was already available, how it could be used more efficiently, and what additional resources were needed for effective SOC operations. STABILO and the Skaylink team of experts systematically worked their way down the kill chain. They started with potential risk scenarios and the question of how to address them proactively. This led to a clear road map based especially on Microsoft Defender products.
The endpoints are the first point of entry for attacks. Without protection, criminals can easily gain access to a network. Intelligent endpoint solutions turn these vulnerabilities into bottlenecks for unauthorized access by providing the entire security infrastructure with initial, critical telemetry data on risks and attacks. Without endpoint security, all other components of a security architecture are effectively blind in one eye. STABILO’s IT department is therefore replacing the existing endpoint security solution with Microsoft Defender for Endpoint on approximately 1,000 devices. The Skaylink team advised STABILO on the preparations for this transition. This provided an important cornerstone for introducing a Managed SOC.
The project at a glance
The challenge:
The company’s IT department lacked the resources to handle a modern, responsive security system with 24/7 service for its operations throughout Europe. STABILO therefore decided to implement a Managed Security Operations Center, which would be monitored by an external service provider.
Skaylink had a straightforward solution:
Several security workshops were held to determine which solutions were already available. A subsequent kill chain analysis identified existing security vulnerabilities. As a result, the decision was made to implement Microsoft Defender products, which promised to add significant value to the overall security architecture. Once these were in place, the Managed SOC was able to begin operations and was connected to Skaylink’s Cyber Security Center, which provides 24/7 support.
Solutions used:
Microsoft Defender for Endpoint, Defender for Identity, Defender for Office 365, Entra ID Identity Protection, Microsoft Sentinel, Cyber Security Center (CSC) as a service
“I sleep a lot better now.”
The IT partner’s security specialists use Sentinel to analyze, filter, and assess the risk level of all alerts from the security systems. Only security risks that the company’s IT department needs to address are forwarded by the CSC. STABILO continues to manage the security systems itself. According to Stefan Hügele, there have been only a handful of incidents since the launch in September 2025. Everything is much more relaxed.
If there are clear signs of an attack, the CSC can take emergency measures and shut down parts of the infrastructure. And there’s an additional advantage: In contrast to the company’s IT department, the CSC is staffed 24 hours a day. “I sleep a lot better now,” Stefan Hügele tells us.
In addition to monitoring and filtering functions, Skaylink’s range of services also includes reporting and benchmarking. Updates on the solutions in use, identified security vulnerabilities, and the causes of false alarms are discussed in regular meetings. The CSC finds out that certain warnings are caused by the specific STABILO infrastructure and makes the necessary adjustments. At STABILO, there is a growing awareness of unintentionally risky behavior, which can be specifically addressed and changed using the CSC recommendations.
“It’s working exactly as we intended.”
Alongside 24/7 service, the CSC plays a crucial role for STABILO on two additional points. On the one hand, Skaylink is Microsoft-centric, but it is also open to third-party solutions, which could also be monitored by the CSC if necessary. On the other hand, the ability to flexibly select exactly what is needed from a range of standardized services and service packages was a major selling point.
STABILO’s verdict after the project and the first phase of Managed SOC operations is very positive: Open discussions built trust right from the start. All steps in the process were always completely transparent. The contact persons know each other and can rely on one another. It is a significant advantage when pre-implementation consulting, infrastructure monitoring, and the operation of the Security Operations Center are all provided by a single source.
“We would definitely do it all over again with Skaylink.”
More successful projects
Professional backup for your IT security
The StWN Group focuses on users: That’s what modern work is all about!
