Client
SPIE Switzerland Ltd., with around 600 employees, is a subsidiary of the French SPIE Group, a listed technical service provider in the fields of energy, buildings, plants, infrastructures and communications. The business unit SPIE ICS AG (Information Communication Services) is one of the leading ICT service providers in Switzerland and offers a complete portfolio of integrated ICT services. At a total of 6 locations throughout Switzerland, solutions for business processes and business applications are developed in addition to IT consulting, integration and maintenance.
Challenge
In order to protect itself from long downtimes, reputational damage and high follow-up costs due to a possible successful cyber attack, SPIE ICS AG was looking for a way to also secure those components within its IT network that could not be protected by agent-based security solutions - for example, IoT devices. In addition, the IT managers recognized that pure protection tools are no longer sufficient for comprehensive protection of the IT infrastructure in view of the current IT security situation. Many established security measures such as AV solutions, firewalls and endpoint protection are no longer a real obstacle for cybercriminals.
What's more: Once an attacker has successfully penetrated the network, it still takes an average of six months before the compromise is identified. Ample time for attackers to spread, leak mission-critical data or otherwise manipulate it. That's why SPIE ICS sought a proactive threat-hunting solution capable of detecting attackers early, minimizing the time-critical gap between "protection" and "response."
Solution
When researching suitable solutions, the IT managers at SPIE ICS quickly came across Allgeier secion's Active Cyber Defense (ACD) service. Even in the first presentation, the "Managed Detection and Response Service" (MDR) from the Hamburg IT security experts was able to convince them with its effective functionality. ACD is installed completely "on premise" and involves the monitoring of all systems in a network, regardless of their operating system, device type or logging capabilities. This also applies to IoT, ICS, OT, BYOD or third-party devices. Potential attackers are detected, regardless of specific malware or signatures. It is checked at the network level whether, for example, communication is taking place with command & control servers and these are therefore compromised.
Allgeier secion's security analysts monitor the IT infrastructure around the clock and provide immediate information if action is required. Suspected cases are identified immediately after the system has been compromised and incident response measures can be initiated in a targeted and timely manner - before any damage is done. ACD is available at an attractive monthly service fee, and customers do not need to maintain their own personnel resources for permanent monitoring and incident detection.
Result
With the introduction of ACD, SPIE ICS AG was able to achieve the highest level of network security. The implementation, including all preliminary work on the customer's side, was straightforward and was completed within a few days. With the Managed Security Service from Allgeier secion, SPIE ICS was able to implement all the planned optimizations in the area of IT security: ACD protects IoT devices and all other components in the corporate network that cannot be monitored by agent-based security solutions.
By using the 24/7 threat hunting tool for proactive early attack detection, the corporate network is now permanently secured and the internal IT team is simultaneously relieved. Those responsible at SPIE ICS were quick to recognize the advantages of Allgeier secion's "Managed Detection and Response Service" (MDR) - and were so convinced as a customer that they are now themselves sales partners for ACD in Switzerland.
Effective IT security solutions today must also include early attack detection. ACD is the link between protection and response that we were missing. We decided very quickly in favor of the solution because we were convinced by the functionality of the tool and we noticed already during the first contact, how much experience and competence Allgeier secion has in the area of Incident Detection and Threat Hunting. There is no comparable product on the market and setting up such a solution ourselves would be an unmanageable mammoth task for SPIE in terms of costs and personnel. ACD is an effective and innovative solution with an excellent price/performance ratio. This is exactly the promise that we also make to our customers.
David Mantock Chief Information Security Officer (CISO) at SPIE Switzerland Ltd.