[Case Study] Cambridge Biotech
An early-stage biotech company in Cambridge, MA was planning for growth and preparing for a move to a new location. The transition allowed them to stop and think about their security posture and how it could be improved.
The IT Director on staff was managing too much: network configuration and maintenance, investigations, and handling of all issues and symptoms. He was left to solve and manage at every level.
When searching for a security partner, the goals were to not only take some of the weight off of the IT Director but also to:
- Proactively maintain network equipment
- Ensure proper security configuration of the network
- Actively monitor for signs of a security incident
- Put an incident response plan in place
Once the Technium team got a thorough understanding of their security posture and goals, we were able to guide them through obtaining the correct equipment for their next phase and future growth. We then collaborated to put a proven, systematic approach in place to manage security and improve it over time. Now, the Cambridge Biotech and Technium meet regularly to review reporting and discuss actionable items to keep security well maintained and relevant to how the biotech is operating.
Results of the Partnership
- Maintain all network equipment, actively monitor for vulnerabilities and perform patch/upgrade as required
- Configure firewall and all network hardware based on best practices
- Monitor internal network, endpoints, AWS, and Office365 for abnormalities
- Set up rules and exceptions are set up to avoid false positives
- Alerts are managed and remediated
- Emergency access via cellular out-of-band device in case external network access is down
Deciding between keeping IT security tasks in-house or relying on a partner with specialized expertise, can be compared to managing home improvement projects. There are many things you can try to repair using the Do-It-Yourself approach. If everything goes just right, you might save yourself some money, and hopefully, you’ve got time left over to relax. But what if everything goes wrong?
Take a moment and think about your company’s network as your home. In our houses, we go to great length to secure ourselves—doorknob locks, deadbolts, smart locks. Now look at your corporate network, how do you feel about the front door of your network? Does it give you the same sense of security that the front door of your home does? This is why we need network security.
Once ransomware is resident on a system, it can be a simple money collection exercise or a means to an end to capture intellectual property. Lost intellectual property may allow an organization in another country to leap forward and deliver your discoveries.