Mews enhances platform security using Microsoft Sentinel and Azure OpenAI for rapid threat response

Mews is a cloud-based hospitality platform designed to streamline hotel operations, enhance guest experiences, and simplify financial management. Founded in 2012 with the vision of modernizing hotel technology, Mews has evolved from powering a single hotel in Prague to serving over 12,500 properties worldwide.

Sensitive data, constant threats

At its core, Mews functions as both a hospitality management system and a financial technology platform, handling everything from guest check-ins and digital concierge services to payment processing and invoicing. The system automates time-consuming workflows—such as room assignments, housekeeping coordination, and billing—freeing up staff to focus on guest experience. “We develop software for hotels and property managers to organize their workflows, so that everything within their business can run through Mews,” explains Miroslav Horáček, Senior Product Security Engineer at Mews. Its direct booking engine allows hotels to manage reservations in-house while still integrating with external providers and online booking platforms.

The company balances robust security with its open integration model, which enables customers to connect Mews with over 1,000 third-party solutions. “Being open to integrations introduces additional risk,” Horáček adds. The company continuously monitors these connections to prevent vulnerabilities.

Expanding beyond internal protection

Originally, Mews used a third-party solution for internal security, helping filter traffic and block malicious activity across its IT infrastructure and employee environments. However, it had limited logging capabilities and lacked real-time monitoring and automated threat response, making it difficult to quickly detect security incidents. “It became clear that we needed a more sophisticated security solution that could provide centralized visibility, automate detection, and improve response times. So, we reached out to Microsoft partner Noibit for help with the implementation,” shares Matias Busco Zimmermann, Staff Security Engineer at Mews.

As a longtime Microsoft Azure user, Mews selected Microsoft Sentinel, a cloud-based security information and event management (SIEM) system. “We knew we needed something that worked almost out of the box and Sentinel was the answer,” Horáček adds. Sentinel enables the company to collect, analyze, and correlate security events in real time, improving its ability to detect and respond to threats across internal infrastructure, IT systems, and employee environments. To strengthen internal defenses, Mews also expanded its use of Microsoft Defender for Cloud as part of a broader extended detection and response (XDR) approach.

As the platform grew, Mews expanded Sentinel beyond internal protection to actively monitor and further secure its core product and customers. “Security is shifting from just protecting internal systems to securing customer-facing platforms. As digital ecosystems grow, we’re not just protecting a company—we’re safeguarding its entire network of customers and end-users,” shares Tomas Krasnican, Senior Cybersecurity Consultant at Noibit. This transformation turned Sentinel into a full product security operations center (SOC). Sentinel monitors security events in real time, detecting threats such as fraud, account takeovers, and credential phishing attacks. When suspicious activity is identified—such as unusual login attempts or anomalies in booking and payment behaviors—automated workflows trigger immediate countermeasures.

More intelligent threat detection

To cut down on security noise and improve detection accuracy, Mews integrated Azure OpenAI Service, Logic Apps, and Azure Functions with Sentinel. Azure OpenAI filters false positives, prioritizing real threats and suppressing low-risk notifications. “We’ve integrated multiple data sources to enrich our security decisions, and the system learns from every case, optimizing itself,” shares Zimmerman.

Meanwhile, Azure Logic Apps orchestrate security processes and manage data movement between Sentinel and other platforms, while Azure Functions establish data connections between Sentinel and external services, ensuring seamless integration. The company is also building an internal knowledge base of safe patterns, which helps further reduce false positives.

The partnership with Noibit has played a crucial role in Mews' security transformation. “Noibit support has been excellent—from helping with natural language processing (NLP) implementations for internal services to assisting with our Sentinel deployment,” Horáček highlights. “Our collaboration with Noibit has ensured that we integrate security solutions effectively—two months faster than we originally thought.”

Less noise, faster threat response

“The biggest improvement has been reducing alert noise,” shares Zimmerman. Previously, the team was bogged down with security alerts, sometimes having to deal with false positives in the middle of the night. “Now, Azure OpenAI filters out 50% of false alerts. It’s a night-and-day difference,” he adds. Krasnican gives due credit to the technology, emphasizing its transformative power, “AI and automation are transforming threat detection and response—cutting reaction times, improving accuracy, and helping teams focus their resources where it matters most.”