Complete IT Renewal with Security by Design
Comprehensive IT modernization with a focus on ransomware resilience, Zero Trust, and Modern Workplace.
1x Solution Architect 1x Security Engineer 1x System Engineer
ongoing since January 2025
Our Impact
Immutable Backups
Protective layer against backup manipulation and ransomware through immutable backups and micro-segmentation
Passwordless (FIDO2)
Phishing-resistant, passwordless login with FIDO2/YubiKeys – drastically reduced risk of account takeover
EDR + SIEM
Central detection and response through EDR and SIEM for continuous security monitoring
The Challenge
Our client faced a comprehensive renewal of their IT – with the clear goal of increasing resilience against ransomware, consistently implementing security standards, and simultaneously establishing a modern, centrally managed device and identity strategy.
The Solution
Immutable Veeam Backup as an additional protective layer against backup manipulation and ransomware attacks. Network segregation of critical systems using micro-segmentation, including definition of necessary ports/communication paths ("Least Privilege" at the network level). Modern Workplace with Microsoft Intune: MDM rollout and device standardization, Autopilot for automated provisioning of new devices, Company Portal for software deployment and self-service. CIS Benchmark Hardening: Level 1 for Servers & Clients as a comprehensive baseline, Level 2 for critical systems with increased protection needs. Introduction of passwordless authentication (FIDO2) with YubiKeys to significantly reduce password-based risks. Implementation of CrowdStrike Complete for Managed EDR, Microsoft Defender for Identity (MDI) to detect AD attacks, and Wazuh as a SIEM solution.
The implemented measures significantly increased resilience against ransomware - in particular through immutable backups and consistent segmentation. A uniform, auditable security standard was established through the widespread application of the CIS Benchmarks. Endpoint management was modernized and enables automated provisioning. Passwordless login via FIDO2/YubiKeys substantially increases identity security. With the central security database (SIEM) as well as EDR and MDI, end-to-end detection and response capabilities are available.
Ready for your Success Story?
Let's make your next project a success together. Contact us for a non-binding initial consultation.