Case Studies

Real-world — anonymised — examples of completed engagements. Initial situation, actions taken, measurable outcomes.

For confidentiality reasons, the identifying details of the organisations have been anonymised. Operational data, timelines and outcomes are real.

Incident Response DFIR Ransomware
Manufacturing — Northern Italy — 450 employees
Ransomware on production line: recovery in 72 hours
Manufacturing company hit by LockBit 3.0 ransomware on a Friday evening. ERP systems, file servers and workstations encrypted. Production line halted. Backups partially compromised. Management discovered the attack at 23:30 and called our 24/7 emergency line.
Results
  • Containment completed within 3 hours of the call
  • Entry vector identified (VPN with stolen credentials)
  • Critical systems restored within 72 hours
  • Production resumed after 4 working days
  • No ransom paid — recovery from selective backups
  • CSIRT-IT notification submitted within 24 hours (NIS2 obligation)
NIS2 Compliance Gap Assessment
Utilities — Central Italy — 1,200 employees
Full NIS2 compliance achieved in 6 months for an essential entity
Energy sector company classified as an essential NIS2 entity. Initial assessment: 68 gaps across 219 measures. No formalised incident reporting procedures. CSIRT contact point not appointed. Compliance deadline imminent.
Results
  • Gap assessment completed in 3 weeks
  • 68 gaps reduced to 7 (residual risks formally accepted)
  • CSIRT contact point appointed and operational within 30 days
  • Full documentation package delivered: policies, procedures, IRP
  • Formal compliance achieved before the deadline
  • Awareness training delivered to 250 employees
Digital Forensics Data Breach Insider Threat
Professional Services — Milan — 80 employees
Confidential data exfiltration by a former employee
Professional firm that suspected exfiltration of client data by a departing employee. No documented evidence. Legal counsel required forensic evidence to support legal proceedings.
Results
  • Forensic acquisition of the company laptop with chain of custody
  • Complete exfiltration timeline reconstructed (USB + cloud)
  • 3,400 confidential documents identified as copied
  • Technical expert report delivered to lawyers within 5 days
  • Evidence admitted in civil proceedings
  • GDPR notification to the Data Protection Authority supported
Penetration Test SOCaaS Cloud
Fintech — Rome — 60 employees
Pentest on financial SaaS platform and managed SOC activation
Scale-up fintech startup with a SaaS platform handling financial data for thousands of clients. An enterprise customer required pentest evidence as a contractual condition. The IT team had no visibility into production access.
Results
  • Web application pentest completed in 10 days
  • 2 critical vulnerabilities identified (IDOR + JWT misconfiguration)
  • Remediation completed and positive retest in 3 weeks
  • Report provided to enterprise client — contract signed
  • SOCaaS Spectre Essential activated post-pentest
  • First threat detected (credential stuffing) in week 2

Tell us about your situation

Every organisation is different. Contact us for an analysis of your specific situation and a tailored proposal.