Getting Ahead of Threats - Establishing Detection and Response


A global engineering company had cybersecurity concerns, with legacy-based infrastructure, ad hoc detection and response processes, and underinvestment in a scalable IT setup, despite expanding through acquisitions and becoming more reliant on technology. We helped them find solutions to improve their cybersecurity posture, streamline processes, and invest in a scalable IT setup.


The CISO, Head of Detection and Response, and Kopenhagen Konsulting collaborated to improve detection and response capabilities and establish a Security Operations Center. The project involved identifying requirements, market analysis, vendor selection, planning and execution of implementation, creating new processes, and supporting project planning. Kopenhagen Konsulting managed project artifacts and provided procurement support. The SOC was established using Microsoft Defender for Endpoint, Managed Defense by Mandiant, Splunk, and Service Now SIR module. The project also created a target organization for 2022 and completed handover activities.


The EDR and SIEM technologies implemented have increased the client's visibility into their IT environment, helping with incident response. A SIEM logging guideline was published to inform the company on logging requirements. MDR provided a quick security posture increase, funneling data to Mandiant for analysis. Service Now (SIR module) was used for automation to manage and respond to incidents. A MISIR plan was created for cases where normal response does not suffice. The client now has better visibility and can act on incidents effectively and efficiently.