Case Study

GWI

What we did for GWI

Wingman Managed Detection and Response (MDR)

Published: 22/01/2025

Project Overview

SEP2 partnered with GWI to enhance their security setup using Google SecOps. This case study delves into the initial challenges faced by GWI, the reasons behind choosing SEP2, and the significant improvements achieved through this collaboration.

GWI (Global Web Index) is a global consumer insights platform that provides instant access to data representative of the views, behaviours, and interests of 3 billion consumers across 50+ countries. GWI has become the go-to for agencies, brands and media companies that want to know what really drives their audience to action.

The Challenge

Vulnerability management in the cloud
No visibility of logs
Intrusive detection and prevention

The Solution

Security setup in Google Cloud Platform
Log aggregation and incident investigation
Integration with Google SecOps
Practical implementation
Continuous engagement and learning

The Challenge

When the Head of Information Security John Denham joined GWI, there was a need to build a security setup in Google Cloud Platform (GCP) as well as a need to enhance governance and security measures. Challenges included vulnerability management in the cloud, visibility of logs, and intrusion detection and prevention. Logging was disabled by default in GCP, and there was no log aggregation from their workspace to support incident investigation.

Since GWI is predominantly a Google House, Google SecOps was the logical solution. Integration with their existing tools aside, Google’s SIEM tool also has a relatively low cost for entry compared to other legacy solutions.

John engaged with Google and received a strong recommendation endorsing SEP2 as experts. Besides finding the best technical partner, another key factor was finding one that would fit with GWI’s culture. “If you know that you’re working with good people, they’re passionate about what they do and they speak in plain English when describing the concepts - that makes it a lot easier for people to come on board and understand what you’re trying to accomplish.”
The on-boarding process with SEP2 was remarkably simple and streamlined, with the set-up and integration with GCP almost instantaneous. Adding API rules and some troubleshooting issues were resolved within hours, making the process in John’s words “as painless as I could have ever hoped for.”

The Solution

As the manager of a small team, John was keen to ensure that their chosen solution would be easy to manage. Log fatigue was also a concern when looking at SIEM solutions. This guided his choice of Google SecOps, combining SIEM and SOAR capabilities, but was also helped by SEP2’s set up: “They’ve allowed us to actually implement it in a very practical way where we’re not overloaded with unnecessary information.”

Another benefit for John’s team has been the validation provided by SEP2. They’ve found that their IT and DevOps teams are becoming
a lot more proactive, because it’s “coming through an automated system, reinforced and triaged by a third party in SEP2. They’re taking it more seriously than us just saying, ‘Can you go and look at this thing that we found in the logs?’” As John says, “sometimes it’s nice to have a third party that just provides some validation that what you’ve done is appropriate for the business.”
As a practitioner, John is passionate about security, viewing it not just as a box-ticking exercise: “If we put a SIEM in, it’s not for the sake of telling our customers, ‘We’ve got a SIEM!’

It’s about having a functional tool that we can actually use.” Unfortunately, he hasn’t always found partners to be on the same page, with many treating him and his organisation as little more than a paycheque. “They just want to get the tool in, then they abandon us after deployment. In contrast, SEP2’s engagement has improved since the onboarding because they’re constantly learning from us, as well as us learning from them.”

Looking to the future

GWI’s collaboration with SEP2 has bolstered their cyber security, without overwhelming the team with unnecessary noise and information. Using Google SecOps, SEP2 ensured full coverage and smooth integration with existing tools, giving the GWI team peace of mind.

Looking ahead, John is confident that GWI’s relationship with SEP2 will continue and grow. “It is a pleasure working with good people and I definitely think it’s worth singing those praises.”

Client Testimonial

Finding a security partner with the same level of passion has been a welcome change. Reflecting on the SEP2 engineers assigned to GWI, John says:

“They are phenomenal: both personable and very knowledgeable. Our main contact is like a fountain of knowledge. If you ask him a question, he always comes back with ten answers – all the shades of grey, not just a ‘Yes’ or ‘No.’ To me that shows the level of passion he has, and that he really wants to do things properly.”

John Denham, Head of Infosec

Testimonials

Hear From Those We Protect

You’re vendor agnostic, which is key for growth, and your team are providing really good insights in terms of the alerts raised. They also provide meaningful context behind them, which is great for us as an organisation,”

When we hit the limits of our knowledge, it’s having SEP2 there to say, ‘Try these things first.’ That expertise on hand is really important to us.

To have people like that around our account that we can pick the phone up to and ask questions was refreshing. Ultimately, we trusted SEP2 and we trust you with our cyber security.

Often the term used is ‘you can’t see the wood for the trees’. Most organisations implement security tooling tools and you’ve got different dashboards. The idea is you put them into a single place, and leverage expert resource such as the SEP2 SOC that actually understands that data and work with it on a daily basis. They can assess it case-by-case and escalate it back to us at Funding Circle only when necessary. And that whole process has been really, really smooth.

They are phenomenal: both personable and very knowledgeable. Our main contact is like a fountain of knowledge. If you ask him a question, he always comes back with ten answers – all the shades of grey, not just a ‘Yes’ or ‘No.’ To me that shows the level of passion he has, and that he really wants to do things properly.

The original group of people who founded SEP2 were very deep in their knowledge of this type of technology, which can be complicated. It’s become the whole field of firewalls, intrusion prevention, antivirus, ransomware, etc. Cyber security as a whole has really ballooned, and there’s lots of dimensions to it, but you’ve managed to keep up.

During the evaluation process it was clear to me that SEP2 were the strongest candidate from a technical standpoint. During our first meeting, their ability to give immediate solutions to ongoing issues we were experiencing at the time was a breath of fresh air.

SEP2 are knowledgeable, motivated and switched on; they take ownership and they have a drive for resolution. They know their stuff! They are not merely a firewall partner, they are a cyber security partner. They take a strategic approach. They are approachable and offer additional value outside of their support contract. Working with SEP2 means we are no longer fire-fighting; rather we can now take a step back and proactively get things sorted. SEP2 say they are tech driven and people powered, and that’s exactly what they are! It all comes down to the people you are dealing with.

They live and breathe the technology. It comes from the top, however, everyone is an expert within SEP2, from sales through to the service desk. We don’t want to wait to be told what more we can get from vendors’ products. SEP2 are great in pro-actively helping us achieve value-add solutions. They aren’t about chasing revenues, they are about providing best possible value.