Service: Executing projects
Sector: Other
Area of expertise: Cyber security
THE SITUATION
Denmark’s largest railway company needed visibility into its network as well as the opportunity to respond to malicious activity. The decision fell on the implementation of a selection of tools including Managed detection and response (MDR), Endpoint detection and response (EDR), and Security information & event management (SIEM). Specifically, the client wanted to implement the full stack of tools and services from FireEye/Mandiant.
WHAT WE DID
Kopenhagen Konsulting led the RFP for an MDR, EDR, and SIEM solution. Each desktop, laptop and server is a possible entry for a breach, leaving the client’s data, customer information and intellectual property at risk. Endpoint Security essentially protects an organization with intelligence led protection, detection and response. Having successfully selected a vendor and procured the requested technology, Kopenhagen Konsulting was responsible for the coordination and implementation activities. Multiple versions of the software were deployed to ensure high propagation throughout the network, which was tested and correlated with specific host sets to ensure minimal performance impact and high flexibility for security policies. To protect against advanced threats, the client needed to integrate their security and apply the right expertise and processes. FireEye Helix is a cloud-hosted security operations platform that allows organizations to take control of any incident from alert to fix. This meant that logs were collected and processed in the associated SIEM solution and operationalized through the MDR solution and an internal Security Analytics Center.
THE OUTCOME
All tools and services were purchased and implemented resulting in improved detection and response capabilities which raised the overall maturation of the client’s IT security significantly. This in turn contributed to the overall programme objective of meeting the NIS-directive voted-in by the EU.
