The project's client is a large international company specializing in the development and delivery of industrial chemistry, water treatment, and sanitation solutions for companies across various industries.
The company operates globally and has a distributed infrastructure, including offices, production sites, and remote employees.Due to geopolitical changes in 2022, the Russian office of one of the world's leading manufacturing organizations separated from its parent company. As part of building its own IT infrastructure, the company decided to create an independent information security system and implement a workstation and server protection system.
Previously, some services and security tools were provided centrally by the parent company, so after the separation, the client needed to quickly deploy its own security system and ensure control over all devices.
Additionally, the distributed infrastructure and the presence of employees working outside the corporate network posed a challenge. The client turned to its technology partner, ICL Services, for these tasks.Key Challenges
- Build an endpoint security management infrastructure
- Implement antivirus protection for workstations and servers
- Provide centralized management and updating of security policies
- Organize protection for devices operating outside the corporate network
- Improve detection of complex threats by implementing EDR functionality
- Configure monitoring and prompt response to security incidents
The project was implemented in three key stages.
1. Implementation of the endpoint protection system
During the first stage, specialists developed the solution architecture and deployed a security management infrastructure based on Kaspersky Security Center.
The project included the implementation of Kaspersky Security Center—a centralized security management system, Kaspersky Endpoint Security for Windows. for protecting user workstations, and Kaspersky Endpoint Security for Linux, for protecting the server infrastructure.
The engineers completed the following:
— Deployment of a management server with an MS SQL database,
— Configuring security and update policies,
— Pilot implementation on a test group of devices,
— Subsequent scaling of the solution across the entire infrastructure.After implementation, approximately 500 devices were covered by the protection system.
2. Organizing protection for remote devices
During operation, an issue was identified: some employees were working remotely and were not always able to connect to the corporate network. Because of this, devices were not receiving updates and security policies regularly.
To protect employees working outside the corporate network, a Kaspersky Security Center connection gateway was deployed in the DMZ segment.
This allowed to ensure secure device connections from the internet, to centrally manage devices without a permanent VPN, and to guarantee the receipt of updates and security policies.
3. EDR Implementation
The next step involved implementing the Kaspersky EDR system, which enables the detection of complex threats and incident investigation.
The project specialists:
— activated EDR components on all devices;
— configured the web console and monitoring dashboards;
— implemented a system for alerting about suspicious activity;
— developed response scenarios (playbooks) for various types of incidents;
— organized 24/7 security monitoring.To ensure prompt response, the following work model was created:
1. The monitoring team monitors security events.
2. When incidents are detected, a preliminary analysis is performed.
3. On-duty security engineers are called in to investigate and respond.
Results
- Implemented a centralized device security management system for 500 workstations and servers.
- Ensured the security of devices outside the corporate network.
- Implemented an EDR system for advanced threat detection.
- Established 24/7 monitoring of security incidents.
- Accelerated incident investigation by approximately 35% thanks to EDR analytics and telemetry.
- Resolved a number of network and infrastructure issues affecting device security and manageability.