2024
E-Commerce
Scaling Security for a €2M/Year Online Retailer
A fast-growing e-commerce brand hit by recurring DDoS attacks and payment fraud attempts
A Belgian e-commerce merchant generating €2M annually was losing revenue to application-layer DDoS attacks and had no visibility into payment gateway security. Stripe dashboard showed unexplained API calls.
WAF Deployed
DDoS Mitigated
Stripe Audited
View full case study
↓
The Challenge
Layer 7 DDoS attacks were overwhelming the application server twice a week. The client had a generic Cloudflare setup with no custom WAF rules. Payment fraud attempts via Stripe were manually reviewed with no automated detection. PCI DSS compliance was at risk.
Our Approach
- Deployed a multi-layer WAF with custom rule sets tuned to their application traffic patterns
- Implemented rate limiting, bot detection, and IP reputation filtering at the edge
- Conducted a full Stripe Payment Protection audit — identified 3 misconfigured webhooks and 2 unauthorized API keys
- Set up AI Watchdog with <90-second alerting on anomalous payment patterns
The Result
Zero DDoS-related downtime since deployment. Stripe webhook attacks stopped at the edge. The client saved an estimated €18,000/year in fraud-related chargebacks. PCI compliance score went from failing to 100%.
2024
Healthcare
Hardening a Healthcare Portal Handling Sensitive Patient Data
A digital healthcare provider needed GDPR alignment and encryption upgrades
A Belgian healthcare portal managing patient records and appointment scheduling faced an audit flagging multiple vulnerabilities. Patient trust was at stake.
OS Hardened
Encryption Deployed
GDPR Aligned
View full case study
↓
The Challenge
An internal audit revealed that the healthcare portal's Ubuntu servers had SSH password authentication enabled, no firewall rules, and outdated kernel parameters. Patient data was transmitted without full encryption in transit. The organization faced potential GDPR fines of up to 4% of annual revenue.
Our Approach
- Full OS hardening audit — 23 critical findings identified and remediated
- Deployed UFW firewall with default deny policy and service-specific allow rules
- Configured full-disk encryption and TLS 1.3 exclusively
- Implemented Fail2ban with custom jails for the healthcare application
- Deployed AI Watchdog with weekly compliance reporting
The Result
Passed subsequent GDPR audit with zero findings. 100% of patient data now encrypted in transit and at rest. Server hardening score improved from 34% to 94%. The CEO reported a measurable increase in patient trust signals.
2024
FinTech
Zero Trust Architecture for an Early-Stage FinTech
A FinTech startup needed network segmentation and continuous monitoring before launch
A Brussels-based FinTech preparing for Series A needed a security architecture that would pass due diligence. Their flat network had no segmentation between development and production environments.
Zero Trust Implemented
IDS/IPS Deployed
Segmentation Complete
View full case study
↓
The Challenge
The startup had 50+ microservices running on a single flat network segment. A compromise of any service meant full lateral movement. No intrusion detection, no network monitoring. Investors flagged security architecture as a risk factor for the Series A round.
Our Approach
- Designed and implemented network segmentation with 4 isolated zones (public, private, data, management)
- Deployed Suricata IDS/IPS with custom rules for the FinTech application stack
- Installed RootCrak Internal Network Agents on every segment for continuous visibility
- Set up AI Watchdog with real-time alerting and weekly executive reports
The Result
Series A due diligence passed with no security objections. 100% lateral movement blocked by segmentation. The CTO reported having "better visibility into our network than any previous employer." Incident response time reduced from 4+ hours to under 90 seconds.
2023
Legal
Email Security Transformation for a 200-User Law Firm
A mid-size law firm was vulnerable to BEC attacks and had zero email authentication
A Brussels law firm with 200 employees was receiving spear-phishing emails impersonating partners. No SPF, DKIM, or DMARC records existed. Clients were being targeted in Business Email Compromise attacks.
SPF/DKIM/DMARC Deployed
Anti-Phishing Active
BEC Prevented
View full case study
↓
The Challenge
The law firm had zero email authentication configured. Anyone could spoof a partner's email address. Three BEC attempts in the prior quarter had resulted in one near-miss wire transfer of €240,000 that was caught manually. The managing partner described their email security as "a paper shield."
Our Approach
- Configured SPF, DKIM, and DMARC from the ground up with quarantine policy and monitoring
- Deployed anti-phishing training for all 200 employees with simulated campaigns
- Implemented DMARC reporting and analysis for continuous improvement
- Set up internal network monitoring to detect compromised workstations
The Result
Zero successful BEC attacks since deployment (12+ months). DMARC went from absent to enforcing (p=quarantine) with 99.97% legitimate email delivery. The firm's cyber insurance premium was reduced by 18% following the security improvements.
2023
Industrial
Securing Industrial Control Systems in a Manufacturing Plant
A manufacturing facility needed ICS security without disrupting production
A Belgian manufacturing plant with legacy ICS/SCADA systems was air-gapped from the IT network — but the gap was leaking. A penetration test revealed 4 paths from the corporate network to the factory floor.
Pen Test Complete
ICS Segregated
Zero-Day Researched
View full case study
↓
The Challenge
The manufacturing plant had been running the same SCADA setup for 12 years. IT and OT networks shared a physical switch in the server room. A single misconfigured firewall rule allowed RDP from the sales department to the PLC management interface. Production downtime cost €12,000 per hour.
Our Approach
- Conducted full penetration test of both IT and OT networks — identified 21 critical findings
- Designed and implemented true network air gap between IT and OT with one-way data diodes for monitoring
- Deployed ICS-specific monitoring agents (non-intrusive, read-only) on the OT network
- Conducted zero-day research on the SCADA platform — discovered and disclosed 2 vulnerabilities
The Result
Zero production interruptions during the entire engagement. All 4 IT-to-OT attack paths closed. The 2 zero-day vulnerabilities were patched by the vendor within 30 days. The plant's cyber insurance was renewed with no exclusions for OT systems.
2023
SaaS
AI Watchdog at Scale for a 50-Server SaaS Platform
A fast-growing SaaS company needed enterprise-grade security without enterprise headcount
A SaaS startup with 50 AWS servers and 10 microservices was relying on a single part-time DevOps engineer for security. They needed 24/7 monitoring without hiring a SOC team.
AI Watchdog Deployed
Real-Time Alerts
<90s Response
View full case study
↓
The Challenge
The SaaS platform was processing sensitive customer data across 50 EC2 instances, 10 microservices, and 3 AWS regions. Security monitoring consisted of "checking CloudWatch when something breaks." Multiple CVEs in their application stack went undetected for months. The CTO described their security posture as "hope-based."
Our Approach
- Deployed RootCrak Internal Network Agents on all 50 servers for continuous vulnerability scanning
- Implemented AI Watchdog with automated CVE correlation and priority scoring
- Set up weekly automated reports with executive summaries for the leadership team
- Integrated AWS CloudTrail and GuardDuty logs into the Watchdog for unified visibility
The Result
3,500+ CVEs identified and remediated in the first month. Mean time to detection dropped from weeks to under 90 seconds. The CTO reported that the AI Watchdog "caught things our DevOps team had missed for over a year." The platform maintained 100% uptime throughout.