Concerned about potential targeted attacks, advanced persistent threats and the growing number of distributed denial of services attacks, the global finance and investment company ICG subscribed to Redscan’s ThreatDetect™ service. The business now has far greater confidence in its information security and – if the worst should happen – it can respond quickly to reduce financial and reputational risk.
ICG already had several state-of-the-art security systems and hardware solutions focused on the perimeter of its network. It also conducted annual penetration tests and employed an external consultancy to perform quarterly information security reviews. However, IT Director Lee Lambard knew that all this still wasn’t enough: ICG had to improve its vigilance. “New threats appear multiple times a day, so it’s an ever-changing landscape,” he explains. “We needed to be able to watch our systems and assess the risks all the time, so that we could detect malicious activity and act quickly to protect the business.”
At the time, ICG was receiving lots of alerts from its anti-virus and perimeter security products, but it wasn’t always easy for the IT team to distinguish between what was important and what wasn’t. “It’s not just about having products that can issue security alerts; you have to be able to filter and understand the information that is being fed to you by these systems,” says Lambard. “We were hearing a lot of ‘noise’ but couldn’t separate the wheat from the chaff. We realised that we needed a team of cyber-security experts who could monitor our systems 24/7 and act appropriately to the alerts, but setting up this kind of specialist operation in-house was an expensive proposition. It wasn’t really an option for a business of our size.”
After being introduced to Redscan by one of its partners, PTS Consulting Group, ICG subscribed to Redscan’s ThreatDetect™, a proactive network monitoring service that combines technology, processes, security expertise and threat intelligence to help companies proactively reduce the risk of cyber breaches. Qualified security experts from Redscan now screen ICG’s business applications and act upon security alerts, twenty four hours a day, every day. This comprehensive advanced threat detection service gives ICG immediate insight into potential threats, helping it to protect its 300 global employees, client data, confidential information and critical business systems, including an extranet platform accessed by clients.
Alongside the ThreatDetect service, Redscan has provided additional value for ICG by delivering security consultancy and writing new employee security policies for the business. “We have received great information and advice from Redscan on product selections and investments,” says Lambard. “This has given us added confidence in our security and increased our speed of implementation.”
Thanks to Redscan’s ThreatDetect service, ICG is now able to be much more vigilant. It has the assurance that its network and systems are constantly being monitored for potential security threats that might impact the business. “If attacks occur, we will know about them much sooner, so will be able to respond more quickly to minimise the risk,” Lambard says.
ICG also has access to a large team of security experts, with all of the latest skills, technologies and knowledge. The business isn’t just reliant on one internal employee who might only be available during working hours or might not have the latest training. “I can offer a higher level of assurance at board level about our information security now,” Lambard says. “Redscan gives us a broader lens on a complex and changing environment.”
ICG recognises that it is significantly cheaper and more convenient to leverage Redscan’s subscription-based ThreatDetect service than try to build a similar facility in-house. It estimates that, if it were to create an internal security operations team to monitor alerts and threats, it would need to employ at least two new members of staff, and more if it wanted to get the 24/7 support provided by Redscan. Plus, as Lambard says, “people with expert security skills demand the highest salaries making them expensive to attract.”
Increased internal confidence
From the outset, ICG had confidence in its relationship with Redscan. Lambard says, “We have empowered Redscan to lock down our systems and remediate if we come under attack and this reflects the level of trust that we have in Redscan.”
Increased customer confidence
ICG’s subscription to ThreatDetect plays an important role in helping the company to reassure its customers about information security. “Our existing and new clients habitually ask us to demonstrate that we have a genuine capability in this area,” Lambard explains. “ThreatDetect enables us to have much more confident, comfortable conversations about information security as part of our clients’ due diligence processes.”
As a global business, ICG has to adhere to the information security guidelines of multiple different regulators. Redscan is able to offer it up-to-date information about all of these different regulations and deliver transparent reporting to help it ensure its compliance. This trusted advice is one of many factors that leads Lambard to say, “Our partnership with Redscan has been one of the most successful that we have ever undertaken.”
ICG appreciates the reports generated by Redscan’s ThreatDetect service and integrates this data into its internal IT performance dashboard. The reporting information supplied by Redscan helps the IT department to educate employees about the importance of information security, improve management confidence and further reduce the level of vulnerability.
Recently, there have been a couple of incidents when employees have accessed untrustworthy sites from their office PCs and entered their personal credit card details. Lambard recalls: “Redscan alerted us within minutes, so we could inform the employees and advise them to cancel their credit cards immediately. There is a personal as well as corporate value from ThreatDetect.”
Finally, ICG has had a very positive experience of working with Redscan and greatly values the customer service that it receives. “Redscan’s differentiator is its staff,” Lambard says. “Its employees are clearly experts in their field and have a high level of expertise, but are also straightforward and great people to work with.”
What our customers say
"Redscan’s hands on approach identified security flaws that had previously been overlooked by other vendors"
Technical Operations Manager, Sporting Index
"Should I need any security testing again in the future, Redscan would be my first port of call!"
Project Analyst/Developer, STM Life
"Redscan's cost effective service gives us peace of mind that we are doing all we can to protect our clients, our business, our staff, our counterparties and other partners"
Head of IT Infrastructure, TT International
"Our partnership with Redscan has been one of the most successful that we have ever undertaken"
IT Director, ICG
"We have been very impressed by the quality of Redscan’s engagement, communication and reporting. We will not hesitate to use them for any future testing requirements."