Case Study ยท Finance

Cybersecurity Overhaul for a
Regional Investment Firm

How GBWise hardened a 60-user financial services network against modern threats โ€” passing a third-party security audit within 8 weeks of engagement.
Industry
Finance & Investment
Organisation size
50โ€“70 staff
Geography
UK
Engagement type
Cybersecurity hardening + ongoing managed security
Timeline
8 weeks
0
Critical findings post-hardening
8wks
Audit-ready timeline
100%
MFA coverage achieved
24/7
Threat monitoring active
๐Ÿ”’Client details anonymised at their request. Industry, size, geography and outcomes are accurate. Available to qualified prospects under NDA.

A pending regulatory audit with no security baseline in place

A UK-based investment firm managing assets for private clients faced a mandatory third-party security audit as part of its FCA compliance obligations. An internal review revealed significant gaps โ€” no MFA policy, unpatched systems across the estate, weak network segmentation, and no centralised logging. The firm had 8 weeks before the external auditor arrived.

  • No MFA enforced on any system โ€” email, VPN, or internal applications
  • 37 unpatched endpoints, including 4 running end-of-support Windows versions
  • Flat network with no segmentation between client data systems and general office traffic
  • No SIEM or centralised logging โ€” no way to detect or prove breach attempts
  • Sensitive client financial data accessible from personal devices with no MDM controls

The firm's previous IT provider had managed day-to-day helpdesk but had no security specialism. GBWise was brought in with a hard deadline and a clear mandate: pass the audit.

Risk-prioritised hardening against CIS Controls framework

GBWise conducted an initial security gap assessment mapped against CIS Controls v8, producing a prioritised remediation plan. Work was sequenced by risk severity and audit impact โ€” highest-risk items addressed first.

1

MFA rollout across all systems

Enforced MFA on Microsoft 365, VPN, and all internal applications within week one. Conditional Access policies configured to block non-compliant devices.

2

Endpoint patching and EOL remediation

All 37 endpoints patched; 4 EOL machines upgraded to Windows 11 with hardened baselines applied using CIS-benchmarked GPOs.

3

Network segmentation

VLAN architecture implemented separating client data systems, general office traffic, and guest networks. pfSense firewall rules enforced least-privilege inter-VLAN routing.

4

SIEM deployment and logging

Centralised logging via Wazuh SIEM deployed, ingesting Windows Event logs, firewall logs, and Microsoft 365 audit logs. 90-day log retention configured to satisfy audit requirements.

5

MDM and device policy

Microsoft Intune deployed for device management. Personal device access to client data blocked; compliant corporate devices enrolled with encryption enforced.

Stack

Microsoft 365 DefenderMicrosoft IntuneConditional AccessWazuh SIEMpfSenseWindows 11 + CIS GPOsBitLockerEntra ID (Azure AD)UniFi Networking
"We had eight weeks and a list of problems we hadn't fully understood the scale of. GBWise prioritised everything correctly, moved fast, and we passed the audit with zero critical findings. That outcome was not guaranteed when they started."
Chief Operating Officer, UK Investment Firm
(Name withheld at client request)

Outcomes at audit and 60 days post-engagement

0
Critical audit findings
Third-party auditor returned zero critical or high-severity findings on the scheduled audit date.
100%
MFA coverage
Every user, every system. Enforced via Conditional Access with zero exceptions.
8wks
Audit-ready
Full remediation completed inside the deadline with one week to spare for final review.
24/7
Ongoing monitoring
Wazuh SIEM now feeds GBWise's NOC for continuous threat monitoring under managed security contract.

Facing a security audit or compliance deadline?

We offer a free security gap assessment for qualified prospects.

Book a free assessment โ†’