![adarma_logo_twgt-black[11615449]](https://adarma.com/wp-content/uploads/2022/10/adarma_logo_twgt-black11615449.png){kind=logo}
Introduction
A global FTSE 100 engineering firm with operations across EMEA, APAC, and the USA, faced repeated ransomware incidents that disrupted its operations and left its security team exhausted.
Seeking to enhance its cyber resilience and centralise security operations, the organisation turned to Adarma for expert incident response (IR) and long-term security transformation.
Adarma’s Rapid Deployment and Immediate Actions
Adarma deployed a dedicated team within 12 hours to assess and contain the security breach.
Key actions included 24×7 monitoring, threat analysis, and deploying a temporary Security Information and Event Management (SIEM) system to restore control and ensure ongoing threat detection.
Temporary SOC Support
Using our ‘Get Them Out, Keep Them Out’ (GTO-KTO) strategy, we quickly isolated attackers, eradicated threats, and reinforced defences, ensuring a smooth, collaborative recovery with both internal and external teams.
Restoring Detection with Temporary SIEM
Adarma deployed a temporary SIEM using the customer’s Splunk instance. This helped restore visibility, prioritise log collection, and integrate tools like Microsoft Defender and Tanium for comprehensive threat detection across cloud and on-premises environments.
Adapting to a Heightened Threat Landscape
During the incident, Adarma also responded to emerging threats from an international geopolitical event. We conducted industry-specific threat hunts, onboarded key detections into our 24×7 SOC, and delivered real-time intelligence briefings to the executive team, ensuring continuous protection.
Key Lessons Learned
Minimised Downtime: Rapid response enabled quicker business recovery
Enhanced Cybersecurity Maturity: Strengthened capabilities to handle future threats
Reduced Burnout: 24×7 coverage alleviated pressure on internal teams
Continuous Improvement is Essential: Ongoing assessments and training strengthen preparedness
Read the Full Case Study
Thanks to Adarma’s rapid intervention and expert guidance, the customer restored operations, avoided reputational damage, and strengthened its cybersecurity framework.
By combining advanced threat detection, real-time monitoring, and strategic partnership, Adarma delivered both immediate recovery and long-term value.
“Adarma’s Managed SOC service is the best I have ever seen. Adarma’s agility and the high context the team maintains sets it apart from the rest of the market… Adarma’s experience working with some of the world’s most prestigious companies and focus on SOC mean the teams have the knowledge and expertise to ensure security monitoring that is right for the client.”
– Director, FTSE 100 Luxury Goods Retailer
“The close collaboration and timely support provided by the Adarma team have been integral to the success of our working partnership. I appreciate their expertise and ability to explain things in layman’s terms; they understand our business challenges and support us with the optimal solution. They are always willing to get on a call to troubleshoot together and listen to our needs to improve their platform.”
– CISO, The Body Shop
“We consider Adarma a partner, not a supplier. Your mission to help customers, coupled with a passion for security, means we work together to address changing requirements and new challenges. Your flexible and agile operating model means you can customise reports or make changes to the service, as and when required, this was really important to us.” – Group Information Security Officer, Novamedia
