Challenge

One of the largest taxpayers in the Republic of Kosovo has a number of companies under rapid expansion. One of the risks identified by third parties was that of the cyberspace. Because their businesses heavily revolve around high-availability IT infrastructure and data mining, it’s very important for them that they are protected from cyber threats. They have been looking to secure the following companies:

• Large Retail Chain of 20+ Markets
• Consumer Goods Distribution Company
• Pharmaceutical Company
• Tobacco Factory & Distribution

The aforementioned organization has no Information Security or IT security teams in-house and has been looking for contractors offering Managed Security Services. Specifically, the organization wanted to establish and have a managed Security Operations Center along with Managed Detection and Response. Sentry has been contacted as a potential partner in this regard.

Solution

We have worked with the organization to establish a fully functional 18/6 Cyber Security Operations Center with full Managed Detection and Response capabilities. The contract has given us the freedom of choosing a security stack appropriate for the companies that we manage, and as a result we have been able to optimize and synchronize all security products across the infrastructure. In order to provide a full security service, the following technologies have been implemented:

• Carbon Black – NGAV + EDR Platform (Official Partners)
• Open Threat Exchange (OTX) – Threat Intelligence Platform
• Splunk – Log Aggregation Infrastructure
• Sentry Intelligence Gateway – Third Party Management/Monitoring System
• Labyrinth – Deceptive Technology
• Backup Shadow Servers – Silent & Stealthy backup services across network nodes
• Quad9/Cloudflare – Secure DNS Service

Apart from the SOC and MDR services, Sentry has drafted and implemented the following policies in the organization:

• Information Security Policy
• Third Party Management Policy
• Technology Procurement (Security Policy)
• Disaster Recovery Plan and Policy
• Onboarding / Offboarding Process
• GDPR Regulation (ongoing)

As part of the MSSP package we have also performed the following service to all of the companies:

• Web Application Penetration Testing
• Internal / External Network Penetration Testing
• Social Engineering Testing
• Endpoint Threat Hunting

Success

We have had our client for more than a year and have had zero high impact incidents regarding business operations. Our security services have ensured that our client can expand with ease knowing that all of their cyber fronts are covered. As a result we have been referred to other companies for our managed security services. The cost and talent acquirement through our training programs has allowed us to scale quickly and offer competitive prices in the market utilizing some of the most advanced technology stacks in the field.