QC – Holding

CASE STUDY

QC Holdings

How a leading alternative financial services organization made the move to eSentire MDR to achieve improved threat detection and response and a single pane of glass view across their entire Microsoft environment.

 
DOWNLOAD NOW

The Organization

QC Holdings is a leading alternative financial services organization that provides short-term lending to small businesses and individuals. The firm offers financial services and products at 250 retail locations across the United States and Canada. With 30+ years in retail consumer finance, QC Holdings has built a reputation as a reliable short-term lender for underserved customers.

  • Cloud-native infrastructure built on Microsoft Azure
  • 1300+ endpoints
  • Cybersecurity program overseen by the Director of IT and two security professionals

Solutions and Results

The eSentire Managed Detection and Response (MDR) solution included:

  • MDR with Microsoft Sentinel to provide complete attack surface visibility and drive threat investigations with 24/7 log monitoring.
  • MDR with Microsoft Defender for Endpoint to hunt and isolate endpoint threats before they spread.
  • Managed Vulnerability Service (MVS) to identify, investigate, and remediate vulnerabilities under the guidance of eSentire experts.

Business and Security Outcomes

  • Around-the-clock security event monitoring with 24/7 threat detection, investigation, and response by a dedicated team.
  • Reduced Mean Time to Detect and Mean Time to Contain.
  • Moved from MDR competitor to get improved threat detection and response capabilities, powered by proprietary threat intelligence, runbooks, and AI/ML innovations created by the eSentire Threat Response Unit (TRU).
  • Maximized ROI on Microsoft investment.
  • Improved cyber risk profile and alignment with the CIS Framework.
  • Time to value with rapid service deployment and robust escalation processes to ensure complete response.
  •  

The Challenge

For financial services organizations, a cyberattack can compromise operational systems and expose clients’ sensitive financial data, leading to regulatory fines, lost revenue, and reputational damage. For this reason, continuous improvement of security posture has always been a priority for QC Holdings.

However, with only two in-house cybersecurity staff amidst a team of 30 IT staff, it was impossible for QC Holdings to scale and provide the 24/7 coverage in-house they needed to build a strong security posture. Moreover, budget constraints also meant their IT team would not be able to hire and train additional cybersecurity specialists so outsourcing to an external security provider was a no-brainer.

In addition, the security program at QC Holdings was in its early stages of maturity (i.e., relying on traditional use of firewalls for protection) so they made the decision to implement best practices and controls associated with a specific framework, eventually landing on the CIS Cybersecurity Framework.

“Strategically we knew that we needed to have an MDR provider simply based on the size of our team. The ability to staff a SOC was not in the cards internally coupled with the need to monitor, manage, and respond in real-time when incidents would occur,” says Bill Elvin, Chief Information Officer at QC Holdings. “We needed to get 24/7 coverage as part of our CIS alignment. That alignment required us to have a partner that would review all of the logs, identify problems, notify us, and step in to remediate issues in real-time.”

To bridge their existing security gaps and fulfill the requirements of aligning with the CIS Framework, QC Holdings initially outsourced 24/7 monitoring, detection, and response capabilities to another MDR provider initially.

However, QC Holdings was not satisfied with the quality of proactive 24/7 threat investigation and response capabilities: “We ran into some struggles, specifically around the feedback loop with the provider we’d chosen. It was taking too long to identify problems and they would not step in to remediate.”

In addition to missed alerts and lack of response, the previous MDR provider was not able to integrate with, and manage, the existing technology investments that QC Holdings had made with Microsoft.

“We have significant investment in Microsoft and having to spin up an additional SIEM or storage repository and sending that security data outside of my environment always worried me in our relationship with our previous MDR provider.”

After one year, it was clear to Bill and his team that the provider had not helped them achieve their goals, leading QC Holdings to switch MDR providers.

Given their lack of in-house security expertise, limited access to best-in-class security tools, and healthcare data compliance requirements, they were looking to outsource threat detection and response capabilities to an MDR provider that could offer an all-in-one service that was cost-effective and offered 24/7 SOC-as-a-Service.

Why QC Holdings Switched to eSentire As Their Proven MDR Partner

When the selection process began once again, Bill and his team knew exactly what they wanted from their new MDR provider:

  • 24/7 security monitoring
  • 24/7 threat detection, investigation, and complete response
  • Immediate live support from a SOC Cyber Analyst
  • Seamless integration with their existing Microsoft E5 technology stack
  • Expert-level support and guidance from a trusted partner

eSentire MDR fit their bill of requirements exactly: “One of the big things that we looked for when we chose eSentire was a partner that we could rely on to become an extension of our team.”

Strategically we knew that we needed to have an MDR provider simply based on the size of our team. The ability to staff a SOC was not in the cards internally coupled with the need to monitor, manage, and respond in real-time when incidents would occur.

Bill Elvin

Chief Information Officer, QC Holdings

As a result of partnering with eSentire, QC Holdings benefits from:

Plus, eSentire was able to leverage QC Holdings’ existing investment in Microsoft Office 365 E5, enabling them to consolidate their cybersecurity spend, be cost-effective, and achieve operational efficiencies. eSentire’s ability to manage their Microsoft tool stack internally meant that Bill’s team could worry about one less threat vector while getting more capabilities than they previously had.

“One of the primary capabilities that eSentire brought to the table was to work within our existing environment. eSentire works with the information that’s within the systems, from inside of your system. They’re leveraging our existing investment, and they have access to do what they need to do and keep us informed without additional infrastructure.”

QC Holdings was looking to execute a swift transition to eSentire as their new MDR provider. Rapid onboarding was essential not only to minimize the vulnerability window but also to accelerate the realization of enhanced threat detection and response capabilities.

eSentire facilitated a seamless onboarding process, quickly integrating endpoint and log data for full attack surface visibility and offering immediate time to value.

The onboarding process, as recounted by the team, was straightforward and simple: “Once we chose eSentire to onboarding was relatively straightforward and simple. We were up and getting feedback within a month.”

One key benefit QC Holdings experienced with eSentire was the ability to achieve centralized visibility into their entire environment with Microsoft. This enabled QC Holdings to have a “single pane of glass” view into the entire environment, simplifying the flow of information and improving the quality of threat detection and response.

Where QC Holdings previously struggled to get detailed and timely information about threats from the previous MDR provider, eSentire’s 24/7 SOC became a true extension of their security team, isolating, and remediating threats before they have a chance to disrupt the business.

“When there’s something scary happening within the environment, a single phone call starts the process. I usually get the feedback from our CSM within an hour of initiating the ticket and having analysts start evaluating the problem and resolving it very quickly.”

Lastly, it was crucial for QC Holdings to see the business value of their security investment. eSentire MDR not only leveraged the firm’s existing Microsoft tools but also helped reduce their cyber risk profile and improve their CIS security score, demonstrating a clear ROI.

“One of the things we had to establish early on is the cost-benefit of implementing MDR. We get quarterly business reviews that delve into the business value that eSentire brings to our organization, so it makes the sales job with the executives much easier every year.”

Ready to Get Started?

We’re here to help! Share your details, and we’ll be in touch to discuss how our innovative IT and cybersecurity solutions can drive your business forward.

KidsAbility

CASE STUDY

KidsAbility

A tech refresh offered this non-profit the opportunity to modernize with cost-effective endpoint protection, 24/7 hands-on SOC support, and seamlessly integrate into their existing technology stack.

DOWNLOAD NOW

The Business

KidsAbility is a non-profit organization based in the Kitchener-Waterloo region of Ontario, Canada. With five locations across Ontario, KidsAbility provides 10,000+ special needs children and youth with access to specialized therapy for speech, mobility, and autism.

  • Small team with 4 in-house IT staff and limited budget
  • 350+ therapists serving 10,000+ clients across five regional sites
  • Needed a strategic partner who could provide expert-level 24/7 threat detection and response at an affordable price so their team can focus on what really matters and do more with less

Solutions and Results

eSentire MDR provides 24/7 security event monitoring as well as threat detection, investigation, and response, enabling KidsAbility to:

  • Adhere to PHIPA compliance requirements and ensure their clients’ protected health information (PHI/ePHI) remains secure.
  • Get seamless integration with existing technology stack and easily deploy eSentire MDR for Endpoint solution across 400+ endpoints without service disruption.
  • Shift from a reactive to a proactive cybersecurity approach and stay ahead of the evolving threat landscape.
  • Implement enterprise-level cybersecurity protection to prevent ransomware attacks and reduce cyber risks at a fraction of the cost.

Business and Security Outcomes

  • 24/7 threat detection, investigation, and response capabilities by a team of SOC Cyber Analysts and Elite Threat Hunters
  • Achieve compliance with healthcare data regulations
  • Trusted expert-level guidance to analyze their security measures and rapidly deploy eSentire MDR services
  • Reduce cyber risk by ensuring complete visibility and a consistent security posture across environment

The Challenge

Given that patients’ medical records can elicit 50x more revenue compared to financial records on the Dark Web, it’s no surprise that healthcare delivery organizations (HDOs) have proven to be highly attractive targets for cybercriminals.

For a non-profit organization like KidsAbility, whose staff store, maintain, and transmit personally identifiable information (PII) and protected health information (PHI/ ePHI) of their clients, it’s of utmost importance that they be able to protect their sensitive data from threat actors.

KidsAbility’s primary challenge was to ensure that the PII and PHI/ePHI stored and transmitted through their environment remains secure and that the non-profit adhere with the PHIPA compliance regulations, as mandated by the Ontario government. However, PHIPA compliance was not their only concern.

With only four in-house IT staff, the KidsAbility team was stretched incredibly thin despite having engaged a Managed Security Provider (MSP) that only monitored their environment without offering real response capabilities.

Moreover, the MSP provided monthly reports that flagged critical alerts of suspicious activity related to admin and user behavior or password usage concerns, leaving the KidsAbility team to handle threat investigations and response on their own. Unfortunately, a 30-day delay in receiving these alerts also meant that KidsAbility was forced to take a reactive approach to their cybersecurity, making them a vulnerable target for cyberattacks.

Lastly, since KidsAbility is a non-profit organization with limited budget, they didn’t have the resources needed to hire and train a cybersecurity specialist in-house. Plus, having experienced a ransomware incident first-hand, Tom Szozda, Manager of Information Services at KidsAbility, wanted to engage a leading cybersecurity firm that could provide his team with peace of mind knowing they were protected from day one.

Given their lack of in-house security expertise, limited access to best-in-class security tools, and healthcare data compliance requirements, they were looking to outsource threat detection and response capabilities to an MDR provider that could offer an all-in-one service that was cost-effective and offered 24/7 SOC-as-a-Service.

Why KidsAbility Chose eSentire As Their Proven MDR Partner

After partnering with a new MSP, FoxNet Inc. in 2023, KidsAbility began their search for a trusted MDR partner who could offer the security expertise his team needed to reduce their cyber risks, achieve PHIPA compliance, and build a robust cyber strategy.

Moreover, being a non-profit meant that it was integral for KidsAbility to choose a security firm who could collaborate with FoxNet to deliver an all-encompassing, bundled cybersecurity package. Luckily, eSentire was able to do just that: “Being a non-profit center, cost is huge for us. We have limited funds, and we have to spend it very wisely,” Tom says. “When we heard from FoxNet that eSentire was one of their partners, I was excited. I knew of eSentire [from my previous role] and knew that they’re a world-renowned organization.”

As part of the selection process, KidsAbility also attended a Security Operations Center (SOC) Tour, during which they were impressed by the number of SOC Cyber Analysts present in one shift and the level of 24/7 support our SOC offers.

To help KidsAbility reduce their cyber risks and achieve PHIPA compliance, we delivered:

  • eSentire MDR for Endpoint provided KidsAbility with 24/7 threat detection, investigation, and response capabilities to safeguard against cyberattacks, best-of-breed CrowdStrike endpoint technology, and access to world-renowned threat intelligence expertise.

Throughout the partnership, eSentire has played an integral role in how we protect KidsAbility from security incidents, providing real-time alerts of suspicious behaviour and containing the incident before notifying the KidsAbility team.

“With the team that we have, we wear a lot of hats, but we don’t have expertise in cybersecurity,” Tom states. “With eSentire, we have an active agent on our infrastructure that’s being monitored 24/7 and if any incident occurs, we are notified immediately. We don’t have to be sitting there trying to figure out what we’re supposed to do.”

This has allowed their team to feel peace of mind knowing that they’re protected no matter what: “My team has their hands full – they don’t need to be looking through event logs, emails, or find out if we’ve been compromised. We’re counting on eSentire MDR for Endpoint with 24/7 monitoring to have our backs.”

Another significant concern for Tom was the ease of deployment and implementation of the eSentire MDR for Endpoint solution across 350+ endpoints without their therapists experiencing any service disruption.

“A big concern I had was how easy the implementation would be. It was key for us to deploy efficiently for our therapists since they’re not always on-site,” Tom says. “My team worked very well with eSentire’s SOC and the deployment through our 350+ staff was fairly easy. Within a month or two, everything was protected.”

Complicating matters further, KidsAbility had signed a three-year contract with another security firm for antivirus (AV) protection, security awareness training, and mobile device management. However, eSentire was able to seamlessly integrate with their existing technology stack to provide robust coverage across their entire environment.

We’ve been notified by eSentire sometimes weeks before we get the Cyber Security Ontario notifications of what’s happening [in the threat landscape]. So, they’re ahead of the game and knowing that gives us more peace of mind that we’re working with the right organization.

Tom Szozda

Manager of Information Services, KidsAbility

Conclusion

It should be of no surprise that healthcare organizations have proven to be high-value targets for cybercriminals and the financial cost associated with data breaches or ransomware attacks is astronomical. In fact, healthcare data breach costs have increased 53.3% since 2020 to an average of $10.93 million USD.

By outsourcing their security monitoring and threat detection, investigation, and response to our 24/7 SOC Cyber Analysts and Elite Threat Hunters, KidsAbility’s small but mighty in-house team can focus on their actual day-to-day role without being inundated with delayed alerts. Instead, they can trust that eSentire will act on their behalf to contain and remediate the threat before notifying them of the activity and work with them to determine if any other steps need to be taken.

As a result of switching to eSentire MDR, KidsAbility has benefitted from receiving enterprise-level cybersecurity protection with a cost-effective approach.

“Even our board was very pleased with the outcomes we’ve achieved, as were the senior leadership team,” Tom states. “They trust us to deliver the solution we need to protect our organization.”

Ready to Get Started?

We’re here to help! Share your details, and we’ll be in touch to discuss how our innovative IT and cybersecurity solutions can drive your business forward.

Hexagon

CASE STUDY

Hexagon

How Hexagon unified their fragmented security operations and consolidated their security stack with eSentire’s 24/7 SOC-as-a-Service to achieve 24/7 threat detection and response capabilities and improve visibility across their attack surface.

DOWNLOAD NOW

The Organization

Hexagon is a global leader in digital reality solutions, integrating sensor, software, and autonomous technologies to empower customers across various industries. They specialise in harnessing data to boost efficiency, productivity, quality, and safety in industrial, manufacturing, infrastructure, public sector, and mobility applications

  • Global presence with 26,000+ employees and limited security resources
  • Security operations spread across eight siloed business units with distinct security tooling and processes
  • Compliance requirements for 18 different global security certifications including the Essential Eight, Cyber Essentials, NIST, CMMC, DFARS 7012, ISO 27000, and more
  • Looking for expert-level guidance to identify and address gaps in their security program and leverage existing endpoint technology investments

Solutions and Results

Hexagon partnered with eSentire to consolidate and streamline their security operations, enhance visibility across their attack surface, and reduce threat detection gaps with 24/7 SOC-as-a-Service, including:

Business and Security Outcomes

  • 24/7 threat detection, investigation, and response capabilities with eSentire’s global SOC operations
  • Best-of-breed security tooling and standardised processes across Hexagon
  • Achieve seamless integration with existing Microsoft security tools
  • Maintain compliance with 18 global security certifications
  • Improved visibility and reduced threat detection gaps across the organisation
  • Alignment of cybersecurity strategy, business objectives and risk through a dedicated eSentire Cyber Risk Advisor

The Challenge

Over the past few years, devastating cyberattacks targeting the software supply chain have crippled business operations for thousands of organisations, costing them tens of millions in lost business revenue, cyber insurance, legal fines, loss of customer loyalty, and diminished brand reputation.

Hexagon’s journey towards consolidating their security operations began with significant hurdles. As a global enterprise with a presence in 60 countries, they operated through eight divisions, which sat on top of four different IT networks that operated in silos. Each IT network functioned like an independent enterprise, with their own CIOs, separate security teams, set of vendors, and independent processes.

This led to a fragmented and inefficient security environment with multiple and disparate endpoint, network detection and SIEM solutions. This lack of cohesion posed serious risks, as inconsistent security measures left gaps in threat detection and response. As a result, the organisation wanted to move towards a One Hexagon approach so they could be more efficient and optimise their overall processes.

Moving into the One Hexagon model also meant they would have to shift from a 20/5 coverage model to a 24/7 coverage model. Unfortunately, running a global Security Operations Center (SOC) is complex and requires 12-15 people, at minimum.

Steve Lorimer, Group Privacy & Information Security Officer at Hexagon, recognized the challenge of building an internal SOC team that could not only provide 24/7 coverage but had the expertise to stay on top of sophisticated cyber threats.

“Maintaining a team with high skills, and keeping that skill set current is very, very complicated if you’re going to do it in-house and build it from scratch,” Steve says. “eSentire can bring that service to us, and we can benefit from the shared and the collective knowledge of the team. We needed a company that could match us at a global scale.”

With so much at stake, limited in-house cybersecurity expertise, and the critical need to comply with 18 global security certifications and regulations, Hexagon wanted a trusted partner who could quickly and seamlessly integrate with their team to provide expert-level guidance and comprehensive security coverage.

In addition, Hexagon had already made significant investments in technology so they needed a partner who could leverage and maximise their existing investments in Microsoft E5 and Sentinel and help them consolidate their security tools.

Why Hexagon Chose eSentire As Their Proven MDR Partner

The search for a proven Managed Detection and Response (MDR) solution to complement their shift towards a global security approach led Hexagon to eSentire. The decisive moment came during a tour of eSentire’s SOC facility, which showcased our robust capabilities, deep breadth of expertise, and proactive approach to threat detection and response.

Steve Lorimer was impressed by the level of engagement and expertise at every level of interaction.

“We’ve always felt that at every level across the business, from the executives to the technical guys speaking with the SOC Analysts, there’s a one-to-one working relationship across the board. So, it is very much a partnership with multiple layers of communication all the way through.”

Steve Lorimer
Group Privacy & Information Security Officer, Hexagon

As a result of outsourcing security operations to eSentire, Hexagon also experienced another key benefit: complying with a set of 18 complex, global security frameworks, including NIST, CMMC, DFARS 7012, ISO 27000, Essential 8 in Australia, and Cyber Essentials in the UK.

“Having 24/7 fully monitored SOC alerting us when we have incidents meets many of the controls within those set of frameworks that we have to adhere to,” Steve adds.

Moreover, Hexagon’s priority has also been to standardise their technologies, support tools, and the processes they had in place. Their decision to choose eSentire MDR was further reinforced by eSentire’s ability to seamlessly integrate with their existing technology, providing a unified, robust security framework.

“eSentire is helping us drive down 24/7 monitoring, 24/7 alerting on our networks, and solidify our team,” Steve says. “It’s enabling us to really move our processes much closer to the technology so we can standardise them.”

By choosing a provider that can leverage existing tools, Hexagon was able to consolidate and reallocate their budget to support the global security operation, accelerating them towards One Hexagon.

“What we’re trying to do is not necessarily reduce the spend, but it’s optimise the spend and put better spend into places where we need it.”

Through daily stand-ups, biweekly syncs with Hexagon’s leadership team, and continuous communication, eSentire has become an integral part of Hexagon’s team, delivering consistent support and expertise.

Conclusion

Hexagon’s strategic partnership with eSentire enabled the company to shift away from a divisional security approach and towards the One Hexagon approach. In doing so, they were also able to transition from a reactive to a proactive security stance, ensuring robust protection across its global operations.

By centralising their security operations, and standardising tooling and processes, Hexagon has achieved enhanced visibility, improved threat detection and response capabilities, and a streamlined security posture. This partnership showcases the power of proven, expert-led, 24/7 security solutions in safeguarding complex, dynamic enterprise environments.

Steve Lorimer emphasises the transformative impact of eSentire’s 24/7 SOC-as-a-Service, “As threats and new attack patterns emerge, we’re being protected from the very start.”

Ready to Get Started?

We’re here to help! Share your details, and we’ll be in touch to discuss how our innovative IT and cybersecurity solutions can drive your business forward.