We have increased the security and efficiency of the IT infrastructure at SATUM

SATUM is a leading Czech insurance brokerage company founded in 1997 in Ostrava. SATUM specializes in corporate insurance. Teams of professionals provide comprehensive insurance services in the sectors of transport, healthcare, industry, municipalities, agriculture and services. SATUM employs 160 people and managed premiums of CZK 1.37 billion in 2023. The company places great emphasis on all protection of its clients' data, including personal information, and ensuring a high level of security and reliability of its services. SATUMs clients include Kofola, TON, Vincentka, OKsystem, PPL CZ and Charles University.

Due to the growing cyber threats and the need to better protect the data of its clients and employees, SATUM decided to approach us in 2019 to propose an upgrade of their IT infrastructure and subsequent comprehensive service.

In the insurance industry, protecting sensitive client data is crucial as customers entrust the company with their personal and financial information. Therefore, SATUM decided to upgrade their infrastructure to improve the security, efficiency and reliability of their network and server systems. The project focused on replacing all network layers, deploying an integrated management tool and optimizing network processes.

The main objective was to ensure the security of the network and server infrastructure efficiently, in the shortest possible time, but with an emphasis on quality. The implementation of security measures had to minimize the risk of cyber attacks and ensure continuous protection of sensitive data.

The customer came to us because of our successful projects and the trust we have earned through quality workmanship. Our extensive experience allowed us to design and implement a customized solution that fully met their needs and expectations.We analyzed their existing infrastructure and based on this analysis, we designed a new server solution, including a WAF. We then made modifications and customized our Security Operations Center (SOC) to effectively protect their network and server infrastructure, completing their efforts to maximize security.

We have designed the implementation of an Advanced Security Oversight Service (SOC) and a Security Information and Event Management System (SIEM). The SOC provides continuous monitoring and analysis of security events, enabling rapid identification and elimination of threats. SIEM, on the other hand, provides advanced analytical capabilities and detailed records necessary to meet compliance and regulatory requirements. We designed this combined solution to efficiently and effectively secure our customer's network and server infrastructure, responding quickly to incidents while providing proactive security measures and increasing customer confidence.

The implementation took place in two phases. During the first month, we deployed and configured the AlienVault USM SIEM system, which enabled immediate monitoring and analysis of security events. This phase included installation of the necessary hardware and software, configuration of the monitored systems and other important tasks. The customer was very helpful in installing the agents, setting up the monitored elements and other important tasks such as implementing MFA and linking EDR/XDR to the SIEM, which greatly accelerated the entire process.

In the second phase in 2022, we migrated to a more advanced SOC 2.0 system with the SIEM tool WAZUH. This step enabled even better integration of security features and provided advanced analytical capabilities to identify and mitigate potential threats. The WAZUH system provides detailed visibility into network activity and enables centralized management of security policies. The implementation included transferring data and settings from AlienVault USM to the new system, thorough functional testing of all components, and subsequent adjustments to achieve optimal performance.

Security is a never-ending process that requires constant updating and adaptation to new threats and requirements, so once the initial phase is complete, system modifications and tuning continue. This approach ensured that the implementation was not only fast and efficient, but also able to maintain a high level of security over the long term.

The implementation of SOC and SIEM not only increased the level of security of SATUM's IT infrastructure, but also improved the efficiency and reliability of their network and server systems. Centralized visibility of network activity and automated alerts enable faster and more effective responses to security incidents, minimizing the risk of potential threats. This comprehensive approach to upgrading and securing IT infrastructure has helped SATUM protect their clients' sensitive data and strengthen customer confidence in the security of their services.