Oil and gas holding company

A large holding company reported a problem with regular phishing attempts targeting employees and suspicious connections to internal systems.

☑️ We conducted an audit of the network infrastructure and internal traffic.
☑️ We identified weak segmentation of the corporate network—users in the office area had access to technological segments.
☑️ We checked the relevance of software patches and found that some servers had not been updated for over a year.
☑️ Testing of the access control system revealed a lack of centralized control over access to certain production areas.

Based on our report, the client implemented additional measures to differentiate rights, strengthened incident monitoring, and updated the protection system. The number of successful unauthorized access attempts decreased by more than 60%, which prevented emergency shutdowns and financial losses.

Federal retail chain

The company was preparing for an inspection by the Federal Technical and Export Control Service (FSTEC) and feared fines for non-compliance with Federal Laws 187 and 152. The risks were estimated at up to 10 million rubles.

☑️ We checked the personal data processing infrastructure and found that some internal services weren't encrypted.
☑️ We conducted an access policy audit and discovered that former employees retained access to internal systems.
☑️ We identified vulnerabilities in the integration of the access control system with the server system — some of the logs were not recorded correctly.

We promptly proposed a plan to eliminate the violations, implemented solutions for data encryption and correct configuration of the access control system. The company passed the inspection without any comments and avoided a fine, preserving its reputation and customer trust.

Production plant (automated process control system)

The plant noticed regular attempts to connect to its technological systems and requested an audit.

☑️ We tested the automated control system and discovered incorrectly configured VPN connections that could be used to access internal networks.
☑️ We checked the server logs and found over 200 suspicious login attempts from external IP addresses.
☑️ We analyzed the monitoring system—some of the logs were simply not being saved due to incorrect configuration.

After correcting the settings, introducing two-factor authentication, and correctly configuring logging, the company was able to completely block potential channels for industrial espionage.
As a result of the checks, the security of critical infrastructure was improved, which was confirmed by an internal audit of the customer's security service.

Financial company

The organization was preparing for ISO/IEC 27001 international certification and requested a security audit.

☑️ We conducted a penetration test of the corporate network and identified three critical vulnerabilities that could allow access to customer data.
☑️ We reviewed access management policies and found that some employees had more privileges than necessary.
☑️ We analyzed database operations and found that backup copies were missing on certain segments.

We prepared a report detailing specific vulnerabilities and a plan
for addressing them. After implementing the measures, the company successfully passed international certification, which strengthened
its market position and increased trust among partners and customers.