Indigo has been offering engineering services to digital infrastructure operators and owners since 1998, spanning over 90 countries. They design, deploy, and support digital infrastructure to enhance value in fixed line, subsea data centres, and wireless networks. Known for their reliability, Indigo is a trusted partner for some of the world's largest companies. Their focus on value and innovation has bolstered their reputation, providing clients with both local and global support through a single point of contact.
The Challenge
As a telecommunications systems integrator specialising in multi-vendor networking service solutions, Indigo is required to handle sensitive information for their customers. Indigo takes this responsibility seriously and are committed to implementing and maintaining systems to protect information and data, assess security risks and threats, and ensure effective business continuity processes.
In 2021, Indigo began working with Consortium of Hyper Scaler’s within their subsea networks. While Indigo already had a large number of customers worldwide, this new partnership increased the scale of their international operations significantly. Wanting to maintain a high level of security for the clients, Indigo was subsequently looking to drive a number of security improvements across their business. Specifically, they wanted to increase the maturity of their SOC, validate these improvements with regular penetration testing, and ensure continued compliance with US and UK regulations.
Given this broad range of security goals, Indigo would require a diverse array of cyber security services. Ultimately, they were looking for a provider that had all of these services ‘under one roof’ and could deliver them all simultaneously as part of a single, holistic service. Indigo were aware that such an approach would benefit them more than having each service delivered separately, allowing their chosen cyber security partner to bring together security insights into a single, cohesive service.
“Bridewell’s delivery model very much aligns with our own, with a strong focus on building true partnerships that provide long-term value to the customer. Like Bridewell, we work closely with our clients and continually collaborate to address their needs and overcome their challenges via a unified service. We recognised this synergistic approach would benefit our security operations more than working with multiple security vendors, and made Bridewell a clear choice.”
The Solution
To address their various requirements, Indigo works with a broad range of Bridewell’s different service areas, ranging from cloud consultancy to SOC services and penetration testing.
From our SOC, Bridewell delivers Managed Detection and Response (MDR), Cyber Threat Intelligence (CTI), and Vulnerability Management Services (VMS). These services are directed towards building Indigo a threat-informed defence strategy. More than simply enhancing Indigo’s detection and telemetry capabilities, these services allow Indigo to inform their security operations with near real-time information on real threat actors and their tradecraft. This is driven by Bridewell’s CTI team, who perform extensive research into the threat actors most relevant to Indigo and their corresponding tools, tactics, and procedures (TTPs). With this insight, Bridewell’s MDR service is then able to ensure that Indigo has the right detection and response capabilities to identify and defend against these threat actors.
“Bridewell’s Cyber Threat Intelligence and MDR service has enabled us to build a real understanding of which threats pose a risk to our business, assess our preparedness, and drive improvements in the right areas to ensure we remain secure.”
These SOC services work in tandem with Bridewell’s penetration testing team, specifically via purple team assessments. Using the CTI research, Bridewell’s pen testing team can emulate the TTPs of these threat actors to provide a realistic simulation of how Indigo would respond to an attack from them. These simulations are performed by Bridewell’s red team, while Bridewell’s blue team observe Indigo’s security operations. Any identified vulnerabilities or potential improvements can then be addressed. Outside the SOC, the penetration testing team also provide monthly phishing assessments to help promote a culture of security awareness across Indigo.
Additionally, Bridewell’s cyber security consulting team also deliver consulting services, cyber security leadership, security architecture and a vCISO. These services are focused on building up Indigo’s people and processes and helping them achieve compliance with ISO 27001. In addition to this, Bridewell’s cloud security team delivered a Cloud Security Posture Assessment that help prioritise areas for improvement across their cloud estate.
The Results
Through these services, Indigo has now met their security goals. Bridewell acts as their third-party SOC, monitoring their telemetry and alerting to ensure they have 24/7 detection and response capabilities. Elsewhere, they have matured their overall security posture via a threat informed defence strategy, with cyber threat intelligence being continually used to drive improvements and stay ahead of innovations in the cyber threat landscape.
Indigo also perform regular penetration testing and work on findings from their purple team assessments. Through their monthly phishing assessments and cyber security leadership from Bridewell, Indigo have promoted a security aware culture. This can be measured via their employees’ improved results in phishing simulations. In their most recent 6-month review, Indigo achieved a 61% decrease in users compromised and a 57% increase in users correctly reporting phishing emails.
