1. Phase I – Clean Environment: Creating a clean virtual environment using free and available hardware without disturbing the existing investigation and forensics.
2. Phase II – Backup & Recovery: Veeam’s patented backup and solution helped restore critical VMs, apps, services, NAS, and local storage. Other areas could be restored using Commvault solutions focusing on disaster and file recovery.
3. Phase III – Reinstating Active Directory: Multiple AD services, including AD Domain, AD certificate, AD network policy and AD Connect Sync had to be restored from the ground up.
4. Phase IV – Security Hardening: Extended Detection & Response techniques (XDR) had to be implemented using stricter rules and fine-grained monitoring. We’ve used AI-supported Cortex XDR solutions to detect vulnerable devices and monitor incidents using an easy-to-use dashboard:

Check out our Success Story to see how Swiss IT Security AG prevented the spread to other sites and helped resume operations in a few days.

Secure and efficient exchange of SWIFT messages through Credit Suisse’s Private Swift Network (PsN) with Keyon’s true-Broker. Automatic dispatch, prompt data exchange, and customizable formats – without the need for SWIFT membership.

The most important facts:

• Leading Swiss telecommunications provider opts for Swiss IT Security AG for PKI.
• Implementation of the keyon true-Xtender solution for scalable and automated “Registration Authority”.
• Central hub for issuing and managing corporate certificates.
• Overcoming the challenges of manual certificate issuance.
• True-Xtender features: browser-based GUI, notifications of expiring certificates, full automation, role-based access model.
• Successful transition from Proof-of-Concept to “Go Live” within a few months.
• Significant results: 9,000 issued certificates for 1,200 active users; 37,000 certificates via Webservice-API.

A Swiss-based municipal transport service suffered a targeted „Ransomware-as-a-service“ attack in 2022. The first imperative: The authority put Swiss IT Security AG on the job and our experts were on-site in hours to isolate and restore operations. Critical steps included:

1. Damage Control and Mitigation: The malware was removed and all critical services, including virtual machines and file servers, were isolated from the ransomware encryption. The team reinstalled all essential systems from scratch or restored areas that were still salvageable.
2. Analysis: Exact damage analysis of all affected clients, servers, apps, services, and files.
3. Setting up Recovery Systems: Swiss IT Security AG implemented an emergency recovery infrastructure and rebuild all systems step by step.
4. Recovery: All files and apps were restored and put back into regular operations.
5. Security Hardening: Across all areas, Swiss IT Security went on to improve security by implementing a secure CISCO network infrastructure, cloud backup solutions based on crypto locker and georedundant backups as well as Fortigate network security solutions. Last but not least, ‘Security Awareness trainings’ trainings were next on the agenda.

Zero Trust is neither a product nor a service or a technology: It’s a philosophy that governs how all products, services, and technologies are set up in the first place and configured to communicate with each other. Based on the ‘Guilty until proven innocent’ principle, Zero Trust ensures that even company-owned laptops, smartphones, apps, services, and users are considered ‘safe’ only when they’ve clearly authenticated themselves as such. The three core princples are:

• Zero Trust Workplace: Ensures a secure connection between your IT endpoints, servers, IoT devices and IoCs (Industry Control Systems) among each other as well as your employees’ access to these areas.
• Zero Trust Workload: As apps and services have increasingly become targets for attacks, Zero Trust needs tob e extended to cover applications or services, including your software and hardware resources, the hybrid coud, LoB applications and virtual desktops.
• Zero Trust Workforce: Ensures clear security guidelines for all your employees working inside your network as well as remotely. It also covers guests, such as contractors and customers.