Retail

Elevated Security Operations for a Fashion Giant

Elevated Security Operations for a Fashion Giant
Location:
The United Kingdom
Team size:
From our side: 1 Information Security Engineer From Client's side: Head of InfoSec, Cloud Security Lead
Duration:
12+ months
Technologies:
AWS (Amazon Web Services)
AWS (Amazon Web Services)
Security Design
Defence in Depth Approach
Incident Response
Threat Intelligence
OSINT (Open Source Intelligence)
Vulnerability Management
Security Awareness
MDM (Mobile Device Management)
SOC (Security Operations Center)
CrowdStrike EDR (Endpoint Detection and Response)
CrowdStrike EDR (Endpoint Detection and Response)
Intruder IO (Dynamic Application Security Testing)
Intruder IO (Dynamic Application Security Testing)
AppCheck (Dynamic Application Security Testing)
OWASP (Open Web Application Security Project)
OWASP (Open Web Application Security Project)

Customer

Our customer is a fashion giant with a robust presence in both traditional retail and e-commerce. With an extensive 80-year history, they operate 250+ stores across the UK and Europe, managing the entire cycle from manufacturing and design to distribution through offline and online channels.

Challenge

Our client faced significant challenges with outdated security tools and processes that were not adequately protecting their systems and data. Critical threats were often missed by the legacy vulnerability scanning tools, exposing the client to potential breaches. They required an overhaul of their security operations to enhance protection against threats, improve incident response, and optimise vulnerability management.

Solution

To tackle these challenges, we devised a strategy focused on immediate remediation of vulnerabilities and the implementation of advanced security tools and practices for long-term protection. Our first step was addressing the immediate vulnerabilities and inefficiencies within the client’s existing security framework. We replaced their outdated Dynamic Application Security Testing (DAST) solution with Intruder IO, which provided superior performance, high-quality scans, better detection capabilities, and a user-friendly portal. We also initiated the deployment of CrowdStrike’s Endpoint Detection and Response (EDR) tool to boost the client’s ability to detect and respond to threats effectively.

Recognising the need for a comprehensive approach to security, we proposed building a robust DevSecOps process. This aimed at integrating security seamlessly into the client’s development workflows, ensuring that security is a fundamental part of the software development process from the outset.

As part of our approach, we provided ongoing support and guidance to the client’s internal engineering teams, including:

  • Implementing a Defence in Depth strategy to ensure layered security protection.
  • Enhancing Incident Response protocols to address and resolve security incidents more effectively.
  • Leveraging Threat Intelligence and Open Source Intelligence (OSINT) to stay ahead of emerging threats.
  • Utilising AWS services to enhance scalability and integration of security tools.
  • Overhauling the security incident management process and advising the Managed Detection and Response (MDR) provider on improving their data handling and ticketing approach.
  • Aligning security practices with OWASP standards to ensure best practices in web application security.

References

Elevated Security Operations for a Fashion Giant
Elevated Security Operations for a Fashion Giant
Engineering that reimagines tomorrow

Scale-ups, unicorns and modern enterprises around the globe trust our development teams to manage software from ideation to release and beyond. We enrich organisations with talent that boosts scalability, drives growth and brings disruptive ideas to life.

Contact us

Result

Our initiatives led to significant improvements in the client’s security posture. Here’s what we achieved, and what is still ongoing:

Finished:

  • We successfully replaced the client’s external vulnerability scanning tools with advanced technology, enhancing both web application and network security. This upgrade reduced undetected threats by 70%, significantly lowering the risk of security breaches.
  • Additionally, we improved the management of security incidents by clearing outdated tickets and advising on better data practices, which resulted in more effective incident resolution and response.

Ongoing:

  • The deployment of CrowdStrike EDR has made notable progress, including integration with the client’s existing systems and initial configuration tailored to their environment. However, the process is still ongoing due to the need for thorough testing and fine-tuning to ensure optimal performance. Once fully deployed, it is expected to significantly improve endpoint protection and response capabilities.
  • The proposed DevSecOps process development, aimed at embedding security practices from the beginning of the development lifecycle to ensure a more secure and efficient workflow, is currently under consideration. This proposal is being evaluated to ensure it aligns with the client’s long-term strategic goals and resource allocation. Once approved, it is expected to further enhance the client’s overall security framework by integrating security seamlessly into their development processes.

Schedule your free consultation

What to Expect:
An expert will reach out after reviewing your requirements.
If required, we’ll sign an NDA to guarantee full confidentiality.
You’ll receive a detailed project proposal with estimates, timelines, CVs, and more.
Thank you for your interest!
<br> We will contact you shortly.
Thank you for your interest!

We will contact you shortly.
We use cookies

This website uses cookies to ensure proper functionality, enhance your experience, analyze traffic, and deliver personalized content and ads. You can manage your cookie preferences or accept all cookies.

Reject all
Accept all