Multilayer security against advanced threats
A security stack expanded with WithSecure solutions improved Teosto's visibility and response speed.
Case study: Teosto
Changes in its IT infrastructure and environment prompted Teosto to look for capabilities against more sophisticated threats. The company now has a full-range, unified cloud-based security solution with detection and response, vulnerability management and endpoint protection capabilities.
Striving for real-time situational awareness
Founded in 1928, Teosto is a music copyright organization in Finland. Teosto collects royalties from music license users, such as concert planners and radio stations, and pays those royalties to composers, arrangers, lyricists, and publishers. Teosto works to ensure that music creators can focus on what really matters to them: making new music.
Teosto’s operational model mirrors private banking services, as it handles and manages artists’ copyrights. Because the software systems it needs are difficult to find out-of-the-box on the market, Teosto has developed most of its operational software in-house. Protecting the sensitive personal and financial customer information handled by these systems is crucial. Many of Teosto’s customers are celebrities and other public figures.
Over the past few years, Teosto’s IT infrastructure has undergone major changes. Technological developments such as increasing use of cloud services have added complexities to the IT environment. Growing numbers of vulnerabilities and threats combined with amplified complexities have increased the workload for Teosto's IT and Security Manager Harri Ahokas and his “one-man SOC” (security operations center): "In today’s world you have to do more – and do it faster. You can’t fix this simply by doing more manually, you need to be able to use automation in different ways.”
"Our objectives were good vulnerability management processes with continuous situational awareness and real-time understanding of the environment."
- Harri Ahokas, IT and Security Manager
As the IT environment grew more complex, Teosto needed to gain a better understanding of its infrastructure, architecture, and attack surface, ideally without added workload. According to Ahokas, not knowing what was happening in the company environment was a significant risk.
“Things happen fast. Without an extensive understanding of the infrastructure and attack surface, and without fine-tuned vulnerability management processes, the risk level would be too high for us,” he says. "Our objectives were good vulnerability management processes with continuous situational awareness and real-time understanding of the IT environment.”
New capabilities from a long-time cyber security partner
Teosto already had an on-premises endpoint protection solution, Business Suite from WithSecure. Ahokas was happy with the solution, cooperation, and support services. Convinced by his past experiences, he decided to test endpoint detection and response (EDR) and vulnerability management (VM) solutions from the same vendor.
Teosto didn’t have behavioral analytics or the means to detect advanced attacks. After testing WithSecure Elements Endpoint Detection and Response, Ahokas says Teosto decided to purchase the solution for its capability to detect behavioral anomalies and respond to advanced attacks. WithSecure Elements EDR's efficient user interface also offered Ahokas a streamlined way to drill down to events.
"WithSecure Elements EDR has a good user interface, and it provides a streamlined way to drill down events."
- Harri Ahokas, IT and Security Manager
Teosto had previously arranged for vulnerability scanning to be done annually as a service, which Ahokas says is no longer sufficient. With the world of threats and vulnerabilities fast evolving, situational understanding and a current snapshot of the environment are needed daily, he asserts. Continuous vulnerability management, high performance, cost efficiency, and cloud-native architecture were deciding factors for Teosto.
"It is important to get a frequently updated snapshot and understanding of the situation every day, not only once per year. The world is changing fast when it comes to threats and vulnerabilities."
- Harri Ahokas, IT and Security Manager
As Teosto added new security layers, the company also updated its on-premises endpoint security solution, WithSecure Business Suite, to the cloud-based WithSecure Elements Endpoint Protection. The new endpoint protection solution bolstered Teosto’s behavior-based threat prevention. The transition to the new endpoint protection solution was smooth and straightforward, taking less than a day to implement to Teosto's environment of a hundred endpoints.
Ahokas says the deployment of Teosto’s new stack of security solutions was quick and painless overall.
Teosto’s requirements and selection criteria:
- Situational awareness of IT environment and attack surface
- Behavioral threat analysis
- Continuous vulnerability management
- Architecturally unified cloud-based solution
- Smooth cooperation and solid partnership with the vendor
Warding off threats with multiple security layers
According to Ahokas, in today's complex threat landscape, a versatile cyber security solution stack containing multiple protection layers is important. More controls in place to slow down the attacker means more time to notice anomalies, increasing the chance of detecting the attacker, he says.
With its new WithSecure solution stack, Teosto has enjoyed significant cyber risk management benefits. For example, vulnerability reports can be produced whenever needed. Ahokas says WithSecure Elements Vulnerability Management has added flexibility, speed and cost efficiency to Teosto's operations.
"WithSecure Elements Vulnerability Management has added flexibility, speed and cost-efficiency to our operations."
- Harri Ahokas, IT and Security Manager
With WithSecure Elements Endpoint Detection and Response, Teosto now has a better understanding of what is going on at its endpoints. The solution produces useful data and presents it in a clear format that makes monitoring complex chains of events efficient. Ahokas praises the solution for its ease of use, especially compared to many other solutions that require considerable expertise to use effectively.
“WithSecure Elements EDR has been designed to be as convenient and easy to use as possible," he says.
According to Ahokas, no number of technological solutions alone will guarantee success in the cyber security battle, as the most challenging attack vector is still people. User trainings and regular communications about cyber security are high priorities at Teosto.
Ahokas emphasizes the importance of security knowledge and expertise to gain an understanding of security goals and problems to be solved. “Cyber security isn’t just the technologies. You need expertise – whether in-house or outsourced from a partner,” he says.
Teosto’s cyber security architecture is now well-aligned and unified. All its endpoint protection solutions are cloud-based and acquired from a single vendor, making maintenance effortless and efficient. With Teosto’s latest investments in IT architecture and cyber security, there are no imminent changes in sight, says Ahokas, “We are now focused on maintenance and responding to changes if needed."
Benefits:
- Real-time situational awareness
- Flexibility, speed and cost-efficiency
- Protection against advanced threats
- Fortified protection with multiple security layers
- Continuity to a long-lasting partnership
"Several controls slow down the attacker and increase your chances of detection. There’s more time to notice anomalies."
- Harri Ahokas, IT and Security Manager
Related products
WithSecure™ Elements Endpoint Detection and Response
Monitor your IT environment status and security, detect targeted attacks swiftly, and respond with contextual visibility and automation.
Learn more about the solutionWithSecure™ Elements Vulnerability Management
Easy-to-deploy scanner for your whole network and all its assets. WithSecure Elements Vulnerability Management scans the deep web, fights brand exploit and reduces your total costs.
Learn more about the solutionSpeak to the team
Manage your cyber security through a single pane of glass..