Skip to main content

An attack was noticed only once something had already broken.
Outside office hours, no one was watching.

See attacks coming, around the clock

A large association, around 2,200 workplaces, with an IT landscape tied together by successive mergers. Detection only acted once something had already broken, and outside office hours no one was watching. We brought 24/7 co-managed detection and response, with senior expertise alongside their own team.

Detection coverage · 24/7After the engagement
24/7WAAKZAAMDetectietijdMinutenvan uren naar minuten
Source · co-managed SOCOpen XDR · proactive
Sector
Large association
Scale
± 2,200 workplaces
Engagement
Ongoing, co-managed
Frameworks
NIST CSF, MITRE ATT&CK
Coverage
24/7
around the clock, where monitoring used to stop outside office hours.
Detection
Proactive
seeing threats coming, instead of cleaning up only after a disruption.
Team
Reinforced
senior expertise added, scaled up and down to what the moment demands.

The challenge

An attack was noticed only once something had already broken.

A large association, around 2,200 workplaces, with an IT landscape tied together by successive mergers, full of technical and organisational debt. Detection existed, but the in-house team could not carry it, and they did not want to outsource to a black-box MSSP: that hands over control of exactly the environment that moves the most.

When anyone was watching24 hours
Office hours
Outside office hours, no one watching
Watched
Unwatched
  • 01

    Reactive, not proactive. Follow-up came only once something had really broken, and then it was about cleaning up.

  • 02

    No 24/7. Outside office hours no one was watching, exactly when attackers strike.

  • 03

    A landscape full of risk. Successive mergers left technical and organisational debt behind.

  • 04

    Too small a team, no black box. They lacked the knowledge and the hours, but did not want a provider lobbing alerts over the fence without context.

Grip begins with knowledge. It was too thin, so we brought it in, alongside the in-house team, to work down years of technical and organisational debt.

The approach

First see what is there. Then the knowledge alongside, around the clock.

No team placed over the top to take over control. We brought seniority and hours in alongside the in-house team, and chose a foundation that moves with it.

Alongside the team, not over itCo-managed
The expertise the job requiredMultidisciplinary
A foundation that moves with itOpen XDR
01

Diagnosis first

The tied-together landscape mapped: where the real risk sits, and what detection did and did not see.

02

Co-managed model with 24/7

Senior people alongside their team, around the clock. Not just SOC analysts, but the expertise the job required: engineers, detection and security architects, a vCISO, project and programme management. Scaled up and down to need.

03

Open XDR as foundation

Vendor-independent, it integrates the existing fragmented tooling and is maximally flexible, so detection moves with an environment that changes constantly.

04

From reactive to proactive

No longer waiting until something breaks, but seeing threats coming, with control staying with the client.

The solution

From cleaning up afterwards to seeing it coming.

What they lacked was not a tool, but the people and the hours to look ahead. What stands now is an ongoing co-managed capability that sees attacks coming, around the clock.

Now · before the disruptionBefore · after itDisruption
Reactive to proactive

Detection now fires before the disruption instead of after it: seeing it coming instead of cleaning up.

Analysts
Engineers
Architects
vCISO
The expertise the job required

A multidisciplinary senior team alongside the in-house team, scaled up and down to what the moment demands.

Open XDR foundation

Vendor-independent and flexible: it integrates the existing tooling and moves with it.

24/7, no black box

Covered around the clock, with control kept in-house.

“We no longer wait until something breaks to take action.”

Board Advisor · large association

The result

From cleaning up afterwards to looking ahead, around the clock.

Before
  • -Outside office hours, monitoring stood still
  • -Barely any proactive detection; action only once something had really broken
  • -Team too small, too little senior knowledge in-house
  • -A landscape tied together by mergers, full of debt
Now
  • 24/7 detection and response, covered around the clock.
  • Proactive: seeing threats coming instead of cleaning up afterwards.
  • Senior expertise added, scaled up and down to need, alongside the in-house team.
  • Control kept in-house, no black box, a team that looks ahead.

A similar challenge?

No pitch. One conversation.

One conversation in which we determine whether, and how, this works for your organisation too.

Schedule a conversation

30 minutes with a senior, no pitch.

Speak with an architectCall directly088 - 163 23 25