Cryogenic chamber under lock and key: a case for implementing an EDR system for a manufacturer of technical gases

About the customer

The project's client is the division of an international company formerly operating in Russia specializing in the production of cryogenic equipment and industrial gases.

About the performer

ICL Services is a Russian IT service company (part of the ICL group of companies) operating in the domestic and international markets. The company has more than 2,000 employees and a portfolio of projects for more than 80 clients from around the world. The company provides expert services on migration and support of IT infrastructures, software development, integration and testing, information security audit, application development and support, implementation of AI-based solutions, and develops its own IT products.

Preconditions of the project

The client required a restructuring of the system's information security functionality, selection of domestic replacements for existing solutions, and migration of the device pool to the chosen systems.

 A broad spectrum of the client's employees, ranging from analysts and 1C developers to the finance department in two locations (Moscow and Zelenograd), utilized the system's devices, workstations, servers, and applications. Particular focus was required on debugging and configuring security policies, web control, etc., as the client was uncertain about their specifications.

To resolve this issue, ICL Services, which has extensive experience in working with information security systems, got involved.

Project on the way

The team launched the project on January 9, 2023. Among the applicable, effective defense systems, the decision was made to go with an EDR system that significantly enhances the antivirus application's functionality, enabling the collection of detailed data on attempted hacker attacks. By using the EDR system, the client's information security analysts will have access to logs detailing attack origins (IP addresses and locations), affected devices, etc. ICL Services was engaged to address this issue.

 Following consultations on selecting a solution, the ICL Services team commenced development by designing the EDR system, taking the capabilities and specificities of the client's IT infrastructure into account. Upon completing the system design and coming to an agreement with the client on the solution architecture, highlighting its risks and advantages, ICL Services specialists:

—  having gained access to the corporate servers, set up security policies for advanced antivirus protection and web control,

—  and, after successfully testing some pilot groups, embarked on a full-scale device migration.

The migration occurred in several stages: after configuring the server, the ICL team exercised their experience, Information‐Security best practices, and insights from previous projects to tailor policies in line with stringent cybersecurity requirements. The format and content of reports on Information Security processes using the EDR system were also agreed upon with the client.

After deploying the protection suite in the test loop, risks were identified and analyzed, and the necessary steps for to proceed with migration were outlined. This included determining which devices would require rebooting and which would not, and coordinating the timing of the work to prevent disruption to the client's business operations.As part of our commercial proposal, we implemented round-the-clock threat monitoring and system failure reports, including cyberattack attempts. Consequently, we expanded our team of specialists to not only provide technical support for the system but also to ensure a swift and efficient response to security incidents and potential threats 24/7.

During the final phase, acceptance tests were conducted where the client verified adherence to the SLA requirements and verified that the EDR system had comprehensive coverage of the servers and workstations.

The results

In just 3 months, the team migrated 800+ devices across two locations successfully and without any system failures. At the same time, immediately after the project transitioned to a service model, specialists continued to monitor various cyber threats and information security incidents, recording ongoing attempts at hacker attacks on the customer and promptly responding to them.

The output of the project is complete coverage of all client infrastructure devices with the selected information security solution and timely updating of signatures on them.