Skip to main content

Endpoints unmanaged. Email and web unfiltered.
No proactive security.

The basics in order: every attack path covered

A large association, around 2,200 workplaces, with the personal data of its members to protect. The basics were not in order: endpoints unmanaged, email and web unfiltered. We covered every attack path, endpoint, email, web and cloud access, on a zero-trust architecture, and have managed it ever since.

Attack paths · coverageManaged
Endpointcovered
Emailcovered
Webcovered
Cloud accesscovered
Prevention · detection · responseManaged service
Sector
Large association
Scale
± 2,200 workplaces
Engagement
Ongoing, managed
Frameworks
Zero trust, GDPR
Attack paths
Covered
endpoint, email, web and cloud access, in one setup.
Security
Proactive
prevention, detection and response, instead of waiting.
Management
Owned
run as a managed service, with product ownership on our side.

The challenge

No proactive security. The doors stood open.

A large association, around 2,200 workplaces, with the personal data of its members to protect. The basics were not in order, while cloud, mobile and remote work expanded the attack surface and ransomware spread.

State of the basicsAttack paths
Secured
Unmanaged and unfiltered
Secured
Open
  • 01

    Endpoints unmanaged. Laptops, mobile and servers out of management, the attack surface unwatched.

  • 02

    Email and web unfiltered. The two most-used attack paths lay open: phishing and malware came in unhindered.

  • 03

    Nothing proactive. Security was reactive; there was no layer that prevented attacks or saw them early.

  • 04

    Privacy and compliance at stake. Member data had to be protected and regulation required demonstrable measures, which were not there.

It was not the advanced threat that posed the risk. It was the open doors no one was watching.

The approach

First the basics. One layer, no loose patches.

No separate tools side by side, but one architecture that covers every attack path. With zero trust as the principle and privacy by design from the drawing board.

Zero trustPrinciple
One integrated layerNo silos
Ready for the futureExtensible
01

Risk assessment and roadmap

The attack paths and the risk mapped, and set where the basics stand and where they need to go.

02

Architecture on zero-trust principles

Network and security functions brought together into one integrated cloud-security setup, instead of separate point solutions in silos. The move to a full SASE architecture and preventing data loss were prepared for future requirements. Privacy by design.

03

Every attack path covered

Endpoint, email, web and cloud access: prevention to stop attacks, plus detection and response to step in early.

04

Managed and owned

Run as a managed service, with monthly reporting and steering information, and ownership of security as a product, direction and prioritisation, on our side, at senior level.

The solution

Every door closed, and kept watched.

What stands now: one security layer across every attack path, proactive and continuously managed by us. A foundation ready for expansion, and one the later work built on.

Endpoint

Laptops, mobile and servers under management: attack surface reduced, attacks prevented and seen early.

Email

Inbound and outbound traffic filtered: antimalware, antispam, content filtering and encryption.

Web

Safe browsing via a secure web gateway: isolation, malware inspection and sandboxing.

Cloud access

Visibility and grip on cloud services: shadow IT in view and data protected.

“For the first time the doors are closed, and someone keeps watching them.”

Security & Privacy Officer · large association

The result

From open doors to a watched foundation.

Before
  • -Endpoints unmanaged, email and web unfiltered
  • -No proactive layer; reactive and exposed
  • -Member privacy and compliance insufficiently assured
  • -Separate tools, no coherent security
Now
  • Every attack path covered: endpoint, email, web and cloud access, in one setup.
  • Proactive: prevent and see early, instead of waiting.
  • Continuously managed, with product ownership on our side, and monthly steering information.
  • A foundation ready for expansion, and one the later work built on.

A similar challenge?

No pitch. One conversation.

One conversation in which we determine whether, and how, this works for your organisation too.

Schedule a conversation

30 minutes with a senior, no pitch.

Speak with an architectCall directly088 - 163 23 25