Case Study Inside

Case Studies

SharkStriker’s Managed SIEM Services Helps a Leading Waterfront Maintenance
Service Provider Achieve Effective Network and Event Monitoring

The client is a North-American waterfront maintenance provider offering services, such as container crane repairs, offload and commissioning, and ship repair services. To secure its sensitive data, the company had implemented multiple security solutions like DarkTrace and AlienVault. However, the solutions were giving several false positives as they were from different vendors. The client gradually ignored the false positives due to a lack of in-house skills and resources. SharkStriker was able to replace these multiple solutions with a single unified SIEM. The comprehensive solution provided centralized visibility, thereby reducing the number of false positives. Additionally, all the anomalous behavior and alerts were monitored and analyzed by the 24/7 SOC team that came as an added advantage with the SIEM services.

Fill out the form below to find out how the waterfront maintenance service provider could achieve centralized visibility and 24/7 monitoring with SharkStriker’s Managed SIEM services.

The Challenge

The asset management company was looking to gain more complete security visibility and obtain additional resources to supplement its in-house team and enable it to focus on critical security investigations.

The company recognised the significant damage a data breach could pose to its reputation and its client relationships and wanted to minimise the potential risks. Mindful of its compliance responsibilities, the company also wanted to ensure that it was meeting the requirements of the Financial Conduct Authority and other regulatory bodies.

While it had always taken cyber security very seriously, the company had no dedicated security team and was struggling to gain a full picture of security events across its environments. The company wanted to enhance its security capability in order to detect and respond to the latest threats but could not achieve this with the resources it had in-house.

The company had previously trialled a number of Security Information and Event Management (SIEM) and Endpoint Detection & Response (EDR) platforms from different providers, but couldn’t achieve the outcomes it needed from them. This was because the team had to view alerts across multiple disparate systems, meaning there was no cohesive or centralised view. The tools were generating what turned out to be mostly false positives and only retained logs of what was going in the company’s environment for a short period, which meant the in-house team struggled to investigate historical events and trends or conduct threat hunting.

The Solution

Following unsatisfactory results after trialling various SIEM and EDR tools, the company decided that it needed the support of a specialist provider of Managed Detection and Response. A proof of concept gave it the opportunity to confirm that Redscan’s ThreatDetect™ service was the best solution for its needs and would supply the required security outcomes.

ThreatDetect provides the network and endpoint technologies, expertise and outcome-focused approach that the company needed. Redscan’s Security Operations Centre (SOC) team investigate and triage alerts 24/7/365 and provide actionable remediation advice to enable the company’s team to respond quickly and effectively to incidents.

CyberOps™, Redscan’s threat management platform – included as part of ThreatDetect – has helped the company to centralise visibility as it now receives all threat notifications via one platform, rather than having to pivot across multiple technologies. Because ThreatDetect provides genuine incident notifications, the in-house team now only has to investigate incident alerts that have been validated as requiring attention, rather than waste time investigating potential false positives.

The company’s IT Director said:

“Prior to engaging with Redscan, we only had part of the security picture. Redscan demonstrated that they could join up the dots to help us achieve better security visibility – more so than any other provider we spoke to.”

“Our partnership with Redscan frees up our time and gives us the reassurance that our infrastructure and assets are being proactively monitored. We’re very pleased with the service we receive. Across the whole service, whether it’s the SOC or the technical account management team, Redscan looks after us very well.”

The Benefits

Unified visibility

By choosing our MDR service, the company has been able to achieve more comprehensive and centralised visibility across its environments. Without the service, the company’s IT team would not have the time to check whether all the security alerts it receives are genuine. Redscan’s CyberOps threat management platform enables the company to comprehensively monitor its environments to identify and manage security incidents and deliver the security outcomes it needs, through one unified solution.

The latest threat intelligence

The company values the weekly Threat Intelligence updates Redscan provides to its clients as it helps them to obtain a clearer overview of the security landscape and vulnerabilities they need to priorities.

Secure cloud migration

Redscan supported the company in its goal to transition safely from private to public cloud and ensure continuity of service, as well as enabling it to monitor on-premises infrastructure and services in the cloud. This includes proactive monitoring of Microsoft 365.

Historical overview

While the company’s previous threat detection tool didn’t retain a long history of security events captured across its environment, Redscan stores and analyses security logs and data for 12 months, to help enhance threat detection and observe trends over a longer period.

Improved situational awareness

As well as security insights provided through CyberOps, the team receives monthly service reports and weekly threat intelligence updates. These help to enhance situational awareness and ensure that security risks are communicated to key stakeholders across the business.. The team also benefits from regular service reviews with a dedicated Technical Account Manager..

Enhanced security capability

Before working with Redscan, the company’s small IT team did not have the capacity to respond to and assess all of the security alerts generated by the detection technologies it was trialling. The support provided by Redscan’s SOC team now provides peace of mind that important security events aren’t missed and that incidents are responded to swiftly and effectively, 24/7/365.

More Casestudy

How to Design an Effective Cybersecurity Awareness Training Program for SMB Employees
Read more >
How to Design an Effective Cybersecurity Awareness Training Program for SMB Employees
Read more >
How to Design an Effective Cybersecurity Awareness Training Program for SMB Employees
Read more >