Canadian Supplier of Propane Products and Services

Managed cyber security services significantly reduces company’s risk.

This client is a leading distributor of propane products to consumer, commercial, industrial and agricultural clients across Canada. With more than 1,400 employees and thousands of consumer touchpoints across the country, the client’s complex supply chain causes significant cyber security risk exposure. They opted to resolve this growing challenge by optimizing their infrastructure within a “managed service” information security environment.

After investigating their options, the client selected MNP to undertake the work in 2016. Their decision was based on an existing relationship with MNP and our ability to demonstrate the best process, track-record and commitment to customer service to meet their needs.

The Challenge

The primary challenge of this engagement was the scope of work required to mitigate the client’s significant and growing list of cyber security risks. There is no one-size-fits-all solution.

This first required a thorough investigation of the entire business to reveal where the client was most vulnerable to threats. A comprehensive strategy and vendor management plan was necessary to ensure the right solutions and the greatest protection at the best value.

MNP’s threat assessment process revealed four key areas that would need to be addressed:

  • Email Protection: To protect against spoofing, executive fraud, malware, and phishing schemes
  • Malware via Web Browsing: To block malicious website requests and protect internet access across networks, locations and users
  • Internal Threats: To detect breaches, viruses and malicious activity within the network itself
  • Endpoint Security: To continuously monitor the network entry points for hidden threats, locate root causes of cyber threats and prevent threats from spreading

The Approach

The client contracted MNP to deliver a 24 / 7 Managed Security Operation with a virtual chief information security officer (vCISO). Based on three pillars – infrastructure, strategy, and ongoing support – this service provides the client with a centralized suite of cyber security services, along with a full-time cyber security administrator and round-the-clock helpdesk support.

Rather than one overarching solution, MNP designed and implemented an ecosystem of services and vendor management assistance, including:

Service Setup – Beginning with a Maturity Threat Assessment and risk charter, MNP evaluated the client’s cyber security vulnerabilities to identify where an attack would be most likely to occur and cause the greatest harm. After identifying the four critical vectors above, MNP contracted the appropriate vendors and products and customized each solution to meet the client’s immediate and long-term needs. We then built and tested the architecture to ensure it would effectively serve the required purpose.

Maintenance – As a managed service provider, MNP is responsible for all maintenance tasks required to ensure the client’s new cyber security architecture is fully functional, up-to-date, and prepared to handle the latest threats.

24 / 7 Monitoring and Event Response – An MNP representative is available 24 hours per day, 365 days per year to review all network activity through the client’s cyber security architecture. That person is constantly keeping an eye for any suspicious behaviour on the network and prepared to respond to a breach or attack. In the event of a network compromise, MNP can immediately pinpoint the source of the issue – contain, resolve, and investigate it.

24 / 7 Helpdesk and Technical Support – An MNP representative is on call and available 24 hours per day, 365 days per year to assist with any systems issues the client’s personnel may have with the new architecture – from systems failures to troubleshooting.

Change Management – MNP worked collaboratively with the client’s IT and leadership teams to ensure a seamless transition to the new cyber security architecture. This ranged from ensuring the new products dovetailed with the client’s existing network and information architecture to training staff on the new systems and teaching them how to be more cyber threat-aware.

Vulnerability Management – The client has a dynamic business model and a growing roster of staff and roles. With new threats emerging daily, MNP is constantly re-evaluating their cyber security profile to ensure the existing managed services model provides adequate protection for the business and key information assets. Constant adjustments – big and small – ensure the optimization of the client’s defenses.

Reporting – MNP provides a range of granular and high-level cyber security reporting to the client informing them on a range of topics, developments, and potential concerns, including helpdesk tickets, solution-specific insights, risk exposures, and a vCISO report for C-suite executives.

The Result

Following a one-year implementation process, the client’s Managed Security Operation is now fully operational. The client says they’ve recently “tested [their] resilience utilizing a third-party risk rating service.” And that they were “pleased to demonstrate the material improvements obtained as a result of the MNP program”. Moreover, they’ve also expressed they’re “very pleased with their managed service and would recommend MNP as a trusted and reliable partner in any cyber security initiative that may be required.”