Back to Success Stories

A Polish Manufacturing Company with a Distributed IT Infrastructure Supporting Operations in Multiple Countries Simultaneously.

The client is a large Polish manufacturing company with a long-standing presence in international markets. It distributes its products through an extensive network of commercial partners in many countries, which translates into a complex IT environment supporting logistics, sales, and production operations simultaneously. The scale of operations and the criticality of its operating systems mean that business continuity and data security are of strategic importance to this company.

Services Used:

magnetic.com

Client:

Polish Manufacturing Company

Industry:

Manufacturing

Technologies:

Microsoft Sentinel
Microsoft Defender for Endpoint
Azure Monitor
Azure Backup

Challenges

Growing Scale of Operations Without an Adequate Level of Security

The company’s dynamic growth, an extensive distribution network in over 50 countries, and several hundred active endpoints in its IT environment created a gap between the scale of operations and the level of protection against cyber threats. We identified four main challenges:

Lack of Central Security Monitoring

The environment of 500 endpoints operated without a unified system for detecting and correlating security events. Potential incidents remained invisible or were detected with delays, by which time the damage was already difficult to reverse.

Non-Compliance With the NIS2 Directive

As an entity of economic importance, the company is subject to NIS2 requirements. There was a lack of documented security policies, incident management procedures, and formal reporting mechanisms, which exposed the management board to legal liability.

Lack of Data Protection and Business Continuity Strategy

The production environment lacked a consistent backup policy or a tested disaster recovery plan. A critical system failure could mean a multi-hour disruption to logistics and distribution operations.

Concentration of Infrastructure Knowledge

Responsibility for IT security rested with a small group of internal specialists, without external support capable of responding outside business hours.

NIS2 Implementation Delegated Without Organizational Engagement

Management assigned full NIS2 compliance documentation to a single person without involving operational teams, risking the creation of procedures disconnected from actual processes.

Before working with Tenesys, IT security was an area that worked until it didn’t. Today we have full visibility into what’s happening in our infrastructure, documented processes, and confidence that we meet NIS2 requirements. It’s no longer something that keeps us up at night.

Board Member

Polish Manufacturing Company
Our role

From Audit to Full Protection

The project began with a security audit, which allowed us to map the actual state of the environment and determine action priorities. The implementation was carried out in four steps:

Step 1: Audit and risk analysis
We conducted a full analysis of the IT environment, identifying critical security gaps, missing policies, and areas non-compliant with NIS2 requirements. Based on this, an action plan approved by the client’s management board was developed.

Step 2: Implementation of NIS2 policies and security procedures
We developed and implemented the documentation required by NIS2 based on interviews with individual departments. Incident management policies, reporting procedures, access policies, and data classification were created in collaboration with operational teams, ensuring their alignment with actual processes. This allowed management to see progress, while the organization understood and accepted the changes. We avoided the risk of dead documentation and ensured that procedures are known and applied by key employees, whom we trained on the new standards.

Step 3: Implementation of backups and disaster recovery plan
We designed and implemented a backup strategy based on Azure Backup with automatic consistency verification. We developed and tested a disaster recovery plan with defined RTO and RPO values.

Step 4: Implementation of Microsoft Sentinel
We built a SIEM environment from scratch based on Microsoft Sentinel, integrating all key log sources. Each of the 500 endpoints was covered by real-time monitoring with automatic event correlation and alerting.

magnetic.com
Results

Transformation: Full NIS2 Compliance in Six Months

The implementation of security policies, backup strategies, and central monitoring for 500 endpoints is a project that transformed the company’s approach to cybersecurity. From a reactive, firefighting model, the client transitioned to fully proactive protection with clearly documented NIS2 compliance and a 24/7 SOC.

Key Results:

  • 24/7 monitoring of all 500 endpoints within a unified SIEM environment based on Microsoft Sentinel.
  • Reduced the time to detect a potential security incident from days to minutes thanks to automatic event correlation.
  • Achieved compliance with key NIS2 directive requirements, eliminating the risk of sanctions and management liability.
  • Implemented a backup policy with automatic verification and a tested recovery plan, reducing RTO to 4 hours.
  • Made IT security independent of the internal team’s availability by transferring responsibility to Tenesys SOC.

endpoints

covered by 24/7 monitoring in Microsoft Sentinel

months

from audit to full NIS2 compliance

Security as the Foundation for Global Expansion

Today, the company can pursue its growth and expansion strategy into new markets with confidence that its IT infrastructure is monitored, protected, and compliant with legal requirements. The management board has documented grounds to demonstrate NIS2 compliance, and the operational team works with the awareness that a dedicated 24/7 SOC is responsible for the environment’s security.