How a global asset management firm mitigated the risk of cyber threats with CNS Group's managed security services
The head of information security at a global asset management firm, backed by the senior management team, wanted to ensure the cybersecurity of their organisation evolved to meet with the increasing complexity of threats. Although the firm had an existing Security Operations Centre (SOC) service in place from another supplier, they needed a service that provided more assurance. This meant sourcing a SOC service that was not just viable for commercial entities but finding one that was accredited to monitor critical networks such as government & public sector networks. Having assessed a number of different cybersecurity companies, the CNS Group’s offering was the most compelling and comprehensive, as they were able to offer the level of security and monitoring required from their dedicated UK based Cyber Security Operation Centre (CSOC).
The client is a global investment management company that operates within a number of areas including equities, fixed income, property and private equity. Its product portfolio also includes a range of hedge funds. Operating within a highly regulated market as well as being a recognised global presence – managing more than £300 billion in assets – means they treat cybersecurity as a priority.
As such the company wanted to achieve the highest level of protection for their networks and assets, this meant investing in 24/7/365 Managed Security Services. Having looked at a number of different providers, they chose CNS Group to fulfil this role.
The client had an existing organisation in place providing Security Operation Centre services (SOC ), however, as time progressed the services they were receiving were not holistic or robust enough to cope with the increasing danger of cyber-attacks, as well as future demand the company was likely to experience upon growth. With increasing assets and a need for bespoke technology to meet the complex requirements of their environment, the client needed a new SOC service, however, they were resolute there could be no disruption when switching.
“There is always a concern when switching something as fundamental as our SOC services. This kind of upheaval can be detrimental to a company, particularly one such as ours. Working with CNS Group completely mitigated our concerns and the risk attached. Their pragmatic approach and in-depth knowledge meant they were able to scope the project correctly and meet our requirements, providing a SOC service that is government accredited, without disruption and in record time.” Head of information security, Europe
As with any project, there were several challenges, the major one was around swapping out the existing SOC service. The other was in relation to the size of the company & scale of the project, which ran across multiple departments. CNS Group also came in from a standing start, without ever having worked with the global investment management company before, this presented a challenge in that CNS had to very quickly understand the business. It was crucial that the scope of the project was right first time, as there was no room for error.
The project needed to:
- Redefine the SOC services that the company required
- Define the scope of the business now and in the future
- Provide a comprehensive SOC service covering the client’s fundamental assets
The project was complex and extensive in scope and with no existing relationship, the client & CNS Group had to work together quickly and efficiently.
Initially, CNS Group conducted a detailed audit and gap analysis to fully understand the company’s assets and their current security standing. This analysis enabled CNS Group to fully scope the project, understanding where the boundaries needed to be set to give the client a comprehensive SOC service
Once analysis had been conducted and the scope was defined, CNS Group put together a roadmap and practical plan that:
- Redefined the scope of the business requirements, providing the client with a holistic solution enabling them to meet current and future requirements as they evolve
- Addressed the maintenance & security of systems and applications
- Offered best of breed technology platforms, developing bespoke technology to meet the specific needs and requirements that client had.
Changes to the existing scope of the SOC and how it was managed, ensured that the client met all their security requirements. The government accredited Managed Security Service provided by CNS Group also ensures:
- Threat Monitoring & Management
- Vulnerability Management
- Investigation of threat alerts
- Incident response
- Protective Monitoring
Key Business Benefits
The benefit of implementing CNS Group’s Managed Security Services has meant de-risking the client’s environment from a potential hack. The environment is secure, with constant monitoring of networks and key assets. The benefit of implementing this level of Managed Services has meant de-risking their entire environment from a potential hack. The client’s environment is compliant and the risk of breach of data is hugely diminished.
Achieving this level of cybersecurity proves that this industry leading asset management firm has done everything they can to ensure the safety and security of their customers, mitigating much of the risk of potential vulnerabilities, reputational damage, brand damage and loss of customer confidence.
The environment is secure, with constant monitoring of networks and key assets. This allows the client to provide peace of mind to their shareholders, strengthening relationships and translating into a positive impact on profits.