top of page

Customer Success Story

Asset 1_4x.png


Responding to a Breach

Our customer, a global leader in the construction and manufacturing sector, noticed a breach of its systems.

  • IT detected unauthorised lateral movement in its systems.

  • The company had just signed a contract with Performanta for a global managed security service including incident response, but the service was not yet live and the customer was not yet onboarded.

  • Performanta took a call at 22:30 from the customer seeking assistance. Despite the fact that the service was not yet live Performanta jumped into action and an Incident Response Lead was on a call with the global customer IT Team to direct the immediate mitigation measures within 15 minutes.

  • Performanta worked through triage with the client to contain the breach.

  • We rapidly scanned the estate using our SAFE Platform (Encore) to identify vulnerabilities, cyber security tooling gaps and to prioritise the protection of vital assets.

  • Our quick actions interrupted the breach and allowed the customer to continue operating globally while vulnerable devices were updated. In parallel, a forensics investigation was completed to identify the route cause of the breach.

Asset 1_4x.png

Steps to stop the breach

  • The client shut down 'crown jewels' systems to safeguard them.

  • Performanta and our incident response partner stepped in at a moment's notice.

  • The client, IR team and Performanta worked quickly to contain the breach.

  • Using Performanta’s SAFE Platform (Encore), we scanned the client's systems for security problems.

  • We deployed Performanta's enhanced SAFE XDR service within 24 hours and aggressively increased coverage of the estate in the following weeks.

  • We started bringing critical services back online and restoring data backups.

  • Performanta continued to enrol the client in our managed security services.

  • Using the audit data, the client upgraded and hardened security, especially for legacy systems.

The Situation

Our client, a global construction and manufacturing organisation, had completed a successful RFP to improve their security. They were in the process of onboarding Performanta’s Managed Security Services when they detected an active attack and lateral movement by unknown parties. Even though they were not yet an active Performanta client,

our client contacted us for help. We jumped into action: within minutes, we began working with the client to triage the breach. Concurrently, we brought our Incident Response partners onboard to help contain the breach and help restore the client’s operations.

Performanta’s difference

Incident Response (IR) is a specialised discipline within cybersecurity. Most companies and even security providers don’t have an IR capability. In contrast, Performanta can scale resources quickly to close the gap; we augment our own IR capability by enlisting the help of IR specialists who work closely with our teams. Together we helped our client to step up their responses and reinforce their defences. Performanta also used our SAFE Platform (Encore) to scan the client’s global footprint, identify breach damage, while highlighting security problems and legacy issues. Within 24 hours we onboarded the client to our managed security services, which thwarted a later breach attempt by the same attacker.


The client contained the breach and stopped severe damage to their systems.

The client could recover damaged data and applications, and stop the attack’s spread.

Working with Performanta, the client executed a recovery roadmap.

Performanta’s SAFE platform (Encore), helped the client identify systems to strengthen or modernise.

Performanta completed client enrollment to our managed security services.

The attackers returned, but the hardened environment prevented their lateral movement.

Asset 2_4x.png

“It takes a village to stop a cyber incident.”

“We got the call at 10:30pm. Within 15 mins we were on a call with the customer directing emergency measures.”
“Performanta and its partners contained the breach and implemented a pragmatic roadmap to get operations running again.”
bottom of page