Information security and ICT case study with AEB Security Service

AEB Sicherheitsdienst GmbH is a leading regional company from Winterthur, Zurich, which offers innovative and competent guard and security services.

We would like to thank AEB Sicherheitsdienst for the trusting and successful collaboration over the past few years. It is a pleasure for us to support the company in the field of ICT services with a focus on information security and to achieve sustainable improvements together

Endpoint Detection and Response (EDR) and system hardening

In the area of security, we ensured that AEB Sicherheitsdienst's systems were better protected against threats through the use of modern technologies on all clients and servers in their heterogeneous environment. Another focus was system hardening in accordance with the prescribed standards on Windows, Linux and other systems. This helped to minimize potential vulnerabilities and significantly reduce the risk of attacks on the company's systems.

In addition, we deployed an advanced Mobile Device Management (MDM) solution to ensure a consistent security configuration for all endpoints. Using Configuration Profiles and Group Policy Objects (GPOs), based on the Center for Internet Security (CIS) best practices and other security baselines, we ensured that all endpoints met the highest security standards. These measures contributed significantly to reducing the attack surface and increased the security of the entire IT infrastructure and data.

Identity and Access Management (IAM)

For the Identity and Access Management (IAM) of AEB Sicherheitsdienst, we implemented a hybrid IAM solution that enables single sign-on (SSO) for on-prem and cloud applications. This included the implementation of Conditional Access Policies, Privileged Identity Management and Identity Protection. These measures provided a robust authentication and authorization layer that made access to cloud and on-prem resources more secure. This not only ensured a seamless user experience, but also centralized and secure management of identities and access rights.

Together with the customer, we have also set up a public key infrastructure (PKI) to enable the smart card and other phishing-resistant authentications implemented by us. In combination, the identities in the cloud and locally are protected and monitored in the best possible way.

Statement Management AEB Security Service

"As part of the revised IT strategy with a focus on data and ICT security in combination with the use of individual cloud solutions as technology enablers, we were looking for a competent partner who is able to look at security as a whole, understand our increased security and data protection requirements (especially in connection with the cloud) and also take the lead in renewing the IT infrastructure in our own data center. With Cyberopex, we have a partner who is optimally familiar with security in the cloud and on prem and can also implement it. The range of services includes concepts, system engineering and the implementation of new technologies. The collaboration with the internal IT department was always cooperative, open and uncomplicated. We would like to express our sincere thanks for the pleasant collaboration. "

Cloud security (XDR and CSPM)

In the area of cloud security, we introduced cloud security solutions for AEB Sicherheitsdienst in order to better protect the cloud infrastructure. To this end, we established a solution for extended detection and response (XDR) and incident response in order to manage security incidents in the cloud quickly and effectively.

The introduction of a threat intelligence system helped to detect and assess threats at an early stage, while vulnerability management ensured that potential weaknesses in the cloud environment were quickly identified and remedied.

We also used Cloud Security Posture Management (CSPM) to continuously monitor and improve the security status of the cloud. This solution made it possible to detect and automatically respond to threats in cloud environments. We configured the solutions to identify security risks and enforce security policies that were specifically tailored to the needs of AEB Security Service.

System Engineering

We undertook a complete overhaul and expansion of the IT infrastructure for the AEB security service in order to meet the company's growing requirements. One of the main tasks was the introduction of new core infrastructure operating in cluster mode to ensure high availability (HA) and load balancing. This enabled the company to improve the resilience and scalability of its virtual machines.

In addition, we hardened the existing database servers, including the encryption of data in transit (Encryption Data in Transit) and the encryption of data at rest (Encryption Data at Rest) by activating TDE encryption (Transparent Data Encryption). This significantly improves data security, especially in areas with sensitive information.

Another important step was the introduction of new file servers that are operated via the Distributed File System (DFS) and with encryption. This measure not only ensured greater redundancy and load distribution, but also secure and centralized management of company and customer data.

To back up the data, we introduced a backup solution that integrates tape backups as well as a NAS and external S3 storage. The implementation of a strategically well thought-out backup strategy gave the company the ability to back up data reliably and restore it quickly in an emergency.

CONCLUSION

Our comprehensive system and security measures have enabled AEB Sicherheitsdienst to build a modern, secure and scalable IT infrastructure. By introducing cloud security solutions, hardening the systems and using state-of-the-art authentication methods, the company was able to raise its IT security to a new level. At the same time, they benefited from a robust backup strategy and optimized identity management, which significantly increased both efficiency and security.

The combination of state-of-the-art IT infrastructure, effective security solutions and a well-thought-out cloud and IAM strategy has enabled the company to minimize risks, increase operational security and arm itself against future threats.