Back to case studies
    How We Secured a Growing AEC Firm's Network Before Attackers Found the Gap
    Architecture, Engineering & Construction50-100 staff

    How We Secured a Growing AEC Firm's Network Before Attackers Found the Gap

    Turning an invisible threat into a measurable defence with Intrusion Detection and Prevention

    2,400+

    Threats blocked in first 30 days

    <5 min

    Mean time to detect and block

    <2%

    False positive rate after tuning

    100%

    Reduction in unmonitored traffic

    About the Business

    Our client is a multidisciplinary Architecture, Engineering, and Construction firm based in London, delivering complex projects for both public and private sector clients. With a team of around 70 people and a growing reliance on cloud platforms and remote collaboration tools, the volume of sensitive data moving through their systems had outpaced the security measures protecting it. Design files, client briefs, tender documents and financial records were all flowing across a network that, until we got involved, had very little oversight.

    The Challenge

    On the surface, the firm's security setup looked solid. They had enterprise-grade firewalls, up-to-date endpoint protection, and a competent internal IT lead managing day-to-day operations. But when we carried out an initial network assessment, it became clear there was a significant blind spot. No one was watching what was actually happening inside the network. There was no mechanism to detect unusual traffic patterns, no alerting for suspicious behaviour, and no way to block a threat in real time once it bypassed the perimeter. If an attacker slipped through, whether via a phishing email, a compromised remote session, or a vulnerable application, they could move laterally across the network without triggering a single alarm. The firm's leadership understood the risk. They had seen industry peers hit by ransomware and knew their current posture would not hold up under a targeted attack. But their IT lead was already stretched thin, and any new solution needed to deliver strong protection without creating another full-time management burden.

    Our Solution

    24/7 Network Traffic Monitoring

    We deployed sensors across the firm's core network segments to continuously analyse all inbound and outbound traffic. Every packet was compared against established baselines and known threat signatures, giving us full visibility into what was normal and what was not.

    Real-Time Threat Detection and Blocking

    The IDPS was configured to automatically detect and block suspicious activity the moment it appeared. Port scans, command-and-control callbacks, brute-force login attempts and data exfiltration patterns were all caught and stopped before they could escalate.

    Seamless Integration with Existing Infrastructure

    Rather than ripping out what was already in place, we embedded the solution into the firm's existing firewall and endpoint ecosystem. This meant protection was layered across every part of the network without requiring disruptive overhauls or downtime.

    Custom Policy Alignment

    We tailored the security rules to reflect how the teams actually worked. AEC firms rely heavily on file sharing, remote collaboration and large data transfers, so the policies were tuned to allow legitimate workflows while flagging anything that fell outside expected patterns.

    Actionable Monthly Reporting

    Each month, the firm received a clear, non-technical summary of threats blocked, vulnerabilities identified, and recommended next steps. This gave leadership a tangible view of their security posture and made it simple to communicate risk to clients and insurers.

    The Outcome

    Within the first 30 days, the IDPS identified and blocked over 2,400 malicious events across the firm's network, including several command-and-control callbacks that would have gone completely unnoticed under their previous setup. The IT lead no longer operates in the dark. Every suspicious event is logged, traced back to its source, and available for review. When a phishing attempt targets a staff member, the system catches the callback before any data leaves the network. When an unauthorised device connects, it is flagged and isolated automatically. More importantly, the firm now has documented evidence of active defence. Their cyber insurance renewal was smoother, their responses to client security questionnaires are backed by real data, and their board has confidence that the business is protected by more than assumptions. The firm went from hoping nothing would get through to knowing exactly what is hitting their network and stopping it in real time. That is the difference between reactive IT and a genuine security partnership.

    Services Provided

    Cyber SecurityThreat DetectionNetwork Security

    Ready to See Similar Results?

    Book a free IT review and find out where your business stands. No obligation, no jargon, just honest advice.