This is how quickly results can be achieved when IT security is a top priority

How regular appointments enable the findings to be processed quickly by an external service provider

If an employee's data ends up on the dark web, two things are crucial. First: checking the systems for indicators of compromise. Second: quickly resolving existing vulnerabilities to minimize the risk of compromise.

As managing director of Vogtmann-Herold+Co.GmbH, Mr. Cirener achieved both by commissioning us, in addition to a forensic analysis, to provide consulting for the efficient closure of vulnerabilities. In this success story we describe exactly how we did this and why Mr. Cirener was able to gain an important employee as a result.

Table of Contents

Vogtmann-Herold+Co.GmbH

Vogtmann-Herold+Co.GmbH is a company with 77 years of experience in mobility combined with emotionality and sustainability. The full-service provider to the automotive industry covers everything from workshops to leasing to vehicle construction.

fritz-cirener.1024x1024 copy

Fritz Cirener
Executive Partner

Mr. Cirener has been managing director of Vogtmann-Herold+Co.GmbH for over four years. What sets him apart is that he knows the importance of IT security in a modern company and uses his position to initiate and pragmatically implement optimizations in this area.

The challenges

The basis for this success story was a letter: Mr. Cirener received official information that an employee's data had emerged in a leak. The very acute question for us was: Can we find Indicators of Compromise (IoCs) in the network? Has the published data been exploited?

Continue reading?

The resulting second question was: How well are we generally protected from cyber attacks in such and other scenarios?

For the second question in particular, we were able to build on a pen test that we had previously carried out for Vogtmann-Herold+Co.GmbH. The company had previously processed the findings from this assessment independently. Due to the new explosiveness of the topic for the company, the desire arose to receive support in order to quickly minimize the risks.

One challenge was that Vogtmann-Herold+Co.GmbH had completely outsourced its IT to an external service provider at this point.

The credo of the assignment to us was: Find pragmatic solutions with us that we can implement quickly.

Our solutions

We first conducted a forensic analysis to thoroughly check all systems for indicators of compromise. We found no signs of compromise, so we were able to immediately start eliminating vulnerabilities.

In the solution strategy for risk minimization, we worked in parallel on two levels:

In regular meetings with the external service provider, we prioritized the findings and supported them in resolving them through knowledge transfer and project management.

In monthly status meetings with Mr. Cirener, we provided information about progress and blockages in order to facilitate communication between specialist service providers and management and, if necessary, to be able to obtain additional resources for IT in a timely manner.

The result

The regular deadline structure put a certain amount of pressure on the IT service provider in a positive sense, so that all the findings from the first pentest could be resolved within a year (including the independent processing time at the beginning).

Mr. Cirener commissioned a retest to validate the results and provide a basis for further optimization. For him, the topic of IT security is now an integral part of his corporate strategy.

Start your own success story!
What are your challenges in expanding your IT security?
Schedule a Personal Consultation

Bonus

The employee of the external IT service provider who was responsible for supporting Vogtmann-Herold+Co.GmbH is now permanently employed by the company. This means that projects can be implemented more efficiently and the company benefits more sustainably from the knowledge transfer through ProSec.

More success stories
3 building blocks for secure innovation

How do you combine innovation and digitalization with security? How do you create operational space for the efficient implementation of IT security projects?

Table of Contents