Cyber Security Case Studies

Enhancing Security Visibility for a Leading Asset Management Firm

Navigation List
Navigation List
Navigation List

A UK-based asset management company wanted to enhance security visibility across its hybrid infrastructure and free up its in-house IT team to focus on remediating rather than detecting threats.

It sought a proactive monitoring service that could provide centralized visibility across its on-premises networks, endpoints and cloud environments.

By choosing Kroll Responder, Kroll’s award-winning managed detection and response (MDR) service, the business now benefits from an extended monitoring capability and additional expertise to identify and respond to security incidents faster and more effectively, 24/7/365.

Overview

 

Industry
  • Finance
 
Challenges
  • No dedicated in-house security team
  • A range of compliance requirements
  • Past security investments not delivering value

 

 

Kroll Services
  • Kroll Responder MDR
 
Impact
  • Centralized visibility
  • Greater security ROI
  • Secure cloud migration

The Challenge

The asset management company was looking to gain more complete security visibility and obtain additional resources to supplement its in-house team and enable it to focus on critical security investigations.

The company recognized the significant damage a data breach could pose to its reputation and its client relationships, and it wanted to minimise the potential risks. Mindful of its compliance responsibilities, the company wanted to ensure that it was meeting the requirements of the Financial Conduct Authority and other regulatory bodies.

While it had always taken cyber security very seriously, the company had no dedicated security team and was struggling to gain a full picture of security events across its environments. The company wanted to enhance its security capability to detect and respond to the latest threats but could not achieve this with the resources it had in-house.

The company had previously trialled a number of security information and event management (SIEM) and endpoint detection and response (EDR) platforms from different providers, but it couldn’t achieve the outcomes it needed from them. This was because the team had to view alerts across multiple disparate systems, meaning there was no cohesive or centralised view. The tools were generating what turned out to be mostly false positives and retained logs of activity in the company’s environment for only a short period, which meant the in-house team struggled to investigate historical events and trends or conduct threat hunting. The company’s IT Director comments, “We’re very pleased with the service we receive. Across the whole service, whether it’s the global security operations centers or the technical account management team, Kroll looks after us very well.”

Kroll's Solution

Following unsatisfactory results after trialling various SIEM and EDR tools, the company decided that it needed the support of a specialist MDR provider. A proof of concept gave it the opportunity to confirm that Kroll Responder was the best solution for its needs and would supply the required security outcomes.

Kroll Responder provides the network and endpoint technologies, expertise, and outcome-focused approach that the company needed. Kroll’s global security operations centre (SOC) teams investigate and triage alerts 24/7/365 and provide actionable remediation advice to enable the company’s team to respond quickly and effectively to incidents.

Redscan, Kroll’s threat management platform—included as part of Kroll Responder—has helped the company to centralise visibility: It now receives all threat notifications via one platform, rather than having to pivot across multiple technologies. Because Kroll Responder provides genuine incident notifications, the in-house team now has to investigate only incident alerts that have been validated as requiring attention, rather than waste time investigating potential false positives.

The company’s IT Director said:

 

“Prior to engaging with Kroll, we only had part of the security picture. Kroll demonstrated that they could join up the dots to help us achieve better security visibility—more so than any other provider we spoke to.”

 

“Our partnership with Kroll frees up our time and gives us the reassurance that our infrastructure and assets are being proactively monitored. We’re very pleased with the service we receive. Across the whole service, whether it’s the global security operations center (SOCs) team or the program management team, Kroll looks after us very well.”

 

The Impact

Unified Visibility

By choosing Kroll Responder, the company has been able to achieve more comprehensive and centralized visibility across its environments. Without Kroll Responder, the company’s IT team would not have the time to check whether all the security alerts it receives are genuine. Kroll’s Redscan threat management platform enables the company to comprehensively monitor its environments to identify and manage security incidents and deliver the security outcomes it needs, through one unified solution.

Enhanced Security Capability

Before working with Kroll, the company’s small IT team did not have the capacity to respond to and assess all of the security alerts generated by the detection technologies it was trialling. The support provided by Kroll’s global SOC teams now provides peace of mind that important security events aren’t missed and that incidents are responded to swiftly and effectively, 24/7/365.

Greater Return from Security Tools

The company had previously invested in a number of security technologies but wasn’t gaining the value it needed from them. Working with Kroll has enabled it to achieve the best outcomes and a better return on investment.

Historical Overview

Although the company’s previous threat detection tool didn’t retain a long history of security events captured across its environment, Kroll stores and analyses security logs and data for 12 months to help enhance threat detection and observe trends over a longer period.

Secure Cloud Migration

Kroll supported the company in its goal to transition safely from private to public cloud and ensure continuity of service, as well as enabling it to monitor on-premises infrastructure and services in the cloud. This includes proactive monitoring of Microsoft 365.

The Latest Threat Intelligence

The company values the weekly Threat Intelligence updates Kroll provides to its clients, as the updates help the team to obtain a clearer overview of the security landscape and vulnerabilities they need to prioritize.

Learn more about Kroll Responder, our Managed Detection and Response solution.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Service Link

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

Service Link

Cyber Risk Assessments

Kroll's cyber risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available.

Service Link

Ransomware Preparedness Assessment

Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.

Service Link

Kroll is headquartered in New York with offices around the world.

55 East 52nd Street 17 Fl
New York NY 10055
+1 212 593 1000
Sign up to receive periodic news, reports, and invitations from Kroll. Our privacy policy describes how your data will be processed.

More About Kroll

More About Kroll
© 2024 Kroll, LLC. All rights reserved. Kroll is not affiliated with Kroll Bond Rating Agency, Kroll OnTrack Inc. or their affiliated businesses. Read more.
Return to top