Case study

Global Architectural Design Firm Uses Managed Detection and Response Services to Protect its Most Valuable Assets

DOWNLOAD NOW

6 minutes read
Global Architectural Design Firm Uses Managed Detection and Response Services to Protect its Most Valuable Assets

The Business:

Global architectural design firm that provides services to a wide range of sectors, including: Government, Mission Critical, Health, Commercial, Civic and Cultural…and more:

Solution and Results:

The eSentire Managed Detection and Response (MDR) solution included:

The Business and Security Outcomes:

“Our strategy is to disrupt an attacker at every portion of the attack chain, and we know that detecting and responding as quickly as we can is critical—which is another reason why I love eSentire.”
“I’ve had good relationships with lots of companies, but I can’t think of anywhere the relationship is as good as it is with eSentire. If I found myself at another company, bringing in eSentire would be one of the first things I’d do.”

Background:

Customer is an architectural design firm of 1,000+ architects, interior designers, urban designers and other professionals distributed in dozens of offices around the globe. With a long history, the enterprise is an industry giant that designs facilities for a wide range of sectors. Data is the key to their business and protecting it is of paramount importance—and in some cases it’s even a matter of national security.

The Challenge:

Over many decades, this U.S.-based architectural design firm has grown into a truly global organization, with more than 1,000 employees spread around the world in dozens of offices and regional headquarters.

The company serves a wide array of industries, including Government, Mission Critical, Civic and Cultural, Health and Commercial. The nature of architectural services is such that data is fundamental. In the words of the Vice President Information Technology, “Aside from the company team itself, the only thing an architectural firm has is IP.”

Protecting this data is vital for a range of reasons, including client privacy, competitive advantage and—in many cases—national security, owing to the sensitive and critical facilities the company designs.

Over the years, as the company has expanded domestically within the United States and internationally, the information technology backbone has played a key enabling role. Today, the global organization relies upon a hybrid architecture mixing onpremises storage and services with a growing presence within the cloud.

There is a tremendous amount of collaboration between offices, which means data has to be accessible and shareable. Plus, the team also shares information and designs with customers, partners and vendors.

Keeping this 24/7 operation running is a relatively small IT team based in the United States. The team is well-versed in cybersecurity and follows the MITRE framework. The VP of IT recalls that, “We were probably doing 90 percent of the security hygiene things—a lot of the must-haves,” but he concedes the reality that, “we definitely performed better in the 8 to 5 workday, and cybersecurity activities were performed while team members were wearing a second or third hat.”

With intellectual property so crucial to the company’s business, and facing challenges that come with being a 24x7 global operation, the firm’s leaders understood that they needed to bolster the company’s cybersecurity capabilities beyond what was possible with the in-house IT team alone.

The Solution:

To find the best solution, the firm ran a tender process in which a number of managed security vendors were evaluated, including eSentire. One of the things that grabbed the leaders’ attention was that “The eSentire team did a terrific job of letting us know exactly what the solution was going to look like and what it was going to do, and relating those to the needs we had expressed. We looked at a well known company much larger than eSentire: it was far more expensive and their proposal was not nearly as wellcrafted in terms of how they presented themselves and how they would meet our needs.”

That clarity allowed the technical and business evaluators to see functionally how different services—MDR for Network, MDR for Endpoint and MDR for Log—filled particular gaps. Crucially, it also allowed them to understand how all the elements worked together as a cohesive solution that was bigger than the sum of its parts. This comprehensive, complete approach aligned perfectly with the company’s defensive strategy of disrupting the attack chain at every step.

After being selected, eSentire deployed very quickly despite the introduction period overlapping with winter holidays and the potential complications of conducting training in several international offices. In fact, the rollout even exceeded the customer’s high expectations, with the sponsoring executive relaying that, “It went a lot faster than I thought it would—just based on past experiences with other security vendors.”

The company already managed endpoint protection in-house, and eSentire introduced a complementary solution to increase coverage; later, eSentire seamlessly took on management of the existing solution.

A graphic showcasing the benefits of MDR compared to an in-house SOC.
A graphic showcasing the benefits of MDR compared to an in-house SOC.

The Results:

The company’s in-house team had already put in considerable effort to align with the MITRE framework; plus, the firm already had a dedicated and engaged Security Steering Committee consisting largely of C-level executives. Both of these initiatives demonstrate that cybersecurity is a top priority for the organization.

At regular meetings, the committee has very candid conversations about risks, different ways to mitigate those risks and the trade-offs involved with investing in managing the risk of one type of threat, like ransomware, versus another, like business email compromise or fraud. These frank discussions allow the committee to examine risk versus return (or prevented loss) in understandable business terms and to prioritize investments like the one made in eSentire.

The defensive strategy is to disrupt attackers at every link in the attack chain, either to dissuade would-be attackers or to buy enough time to contain and eradicate the threat; however, the company’s cybersecurity leaders is clear that, “We understand that if a nation state or some other extremely well-funded and sophisticated attacker is determined to get in, then they might succeed.”

This realistic and pragmatic attitude is one reason the organization values eSentire’s MDR services: “In that situation, we know that detecting and responding as quickly as we can is critical—which is another reason why I love eSentire.”

Another welcome result is that their business is safeguarded by capabilities and attention that go beyond the security hygiene activities the team was limited to in the past. In their own words, “Having eSentire to plug security gaps, and to do so effectively and efficiently, is very comforting. For instance, I know at 2am that someone in Cork is watching my Asian headquarters.”

The Security Committee regularly receives metrics about eSentire’s ongoing performance, including the number of signals, alerts, SOC investigations and responses. These are brought to life by anecdotal examples shared by the VP of IT, which show the efficacy of prior decisions made by the committee.

Ready to Get Started?

We’re here to help! Submit your information and an eSentire representative will be in touch to help you build a more resilient security operation today.