Home > Case studies

Case Study

SOC Analyst & Security Engineering as part of daily business

SOC Analyst writing a report

Client

 

dekabank_logo

 

Industry
  • Banking & Finance
  • Founded in 1956
  • Specialized in security
  • Forms the German central provider of asset management and capital market solutions
  • Profit 2023: €970 million, managing approximately €400 billion in fund assets across 5.5 million securities accounts in 2024
  • Affiliated with savings banks and public law institutions as well as subsidiary companies
  • +5500 total employees in Germany and Luxembourg

Challenges

Public sector with lengthy implementation paths and low technical standards in anti-spam & phishing:

  • Current state and target state were compared.
  • Employee training was established.
  • Proposals and ideas were developed (templates).
  • Implementations were presented to management.

Solutions

  • Regular reporting of important technical tool metrics.
  • Monitoring and process development.
  • Creation and adaptation of Standard Operating Procedures and use case development for new threat scenarios.

Methodology

Direct integration into daily business with direct training, active engagement, and feedback discussions.

Technologies

  • Microsoft
  • Cisco IronPort
  • BMC Remedy
  • Elastic Stack & log sources
  • Filter rule adjustment under the MITRE ATT&CK framework
  • Radar services use case implementations
  • FireEye ETP & FireEye Agent

Results and customer experience

  • As the client wanted to strengthen their team, which was still working with relatively small department numbers, they needed time to establish new processes and train new personnel, which is why external consulting was brought in to support daily operations.
  • The added value delivered supports daily business, allowing the client enough time to advance their own projects, actively accompany technical migrations of deployed tools, and manage security incidents.
  • The client is culturally liberal, preferred to stick to their own proposals, and through support in daily operations was able to gain time to establish holistic IT security solutions. Appropriate strengthening of technical understanding was achieved, and the client subsequently became sufficiently independent.