Unit, a professional services firm, came to us mid-incident. Two staff laptops were compromised through phishing, and their existing managed services provider couldn't isolate the lateral movement.
The brief
Stop the bleeding. Then design a layered defense that holds against the threat volume the firm now faced — driven by their visibility in their sector.
What we built
A layered defense across four control planes:
- Endpoint: enterprise-grade EDR replacing consumer antivirus, with behavioral detection and centralized rollback
- Email: advanced phishing protection, attachment sandboxing, and quarterly phishing simulations for staff
- Identity: SSO, MFA, conditional access policies tied to device posture and location
- Network: segmentation by user role, monitored east-west traffic, automatic isolation on suspicious behavior
Quarterly tabletop exercises
We run a tabletop with their leadership every quarter. Different scenario each time — ransomware, insider threat, vendor compromise. The team now has muscle memory for what to do in the first 15 minutes of an incident.
Outcomes
Security ticket volume dropped 87% in the first six months — the noisy false-positives of the old stack were replaced with high-signal alerts. Zero successful intrusions in the 18 months since cutover. Mean response time to genuine incidents under 15 minutes.
Insurance premium dropped 22% at renewal once the controls were documented and audited.