top of page

STAMH Group resolving critical issues and improving its cybersecurity posture.

STAMH and Nuwey began their long-term collaboration with consulting services and Active Directory assessment. This initial engagement paved the way for strategic support services and guidance to drive sustained business success. Together, they focus on maintaining peak performance, enhancing security, and fostering innovation in the STAMH’s IT environment.

STAMH Group logo

STAMH sought a trusted and experienced partner to swiftly resolve critical on-premises and cloud issues and to conduct a comprehensive security assessment of their Active Directory infrastructure. They needed a provider known for short response times to ensure optimal performance and robust protection without delays.

STAMH is an international company that provides consulting, design, engineering, and implementation of complex automation and mechanised warehouses, including custom software solutions for warehouse management. The company is operating in Southeast and Central Europe, with more than 23 years of experience and 14,000 successful projects in 22 countries around the world, including Romania, Serbia, Greece, Croatia, Bulgaria, North Macedonia, Bosnia and Herzegovina, Albania and Montenegro.

Business Case & Main Challenges

The IT department is tasked with maintaining a centralised on-premises Active Directory infrastructure integrated with Microsoft Cloud services (Azure, Entra ID and M365), ensuring uninterrupted and secure business operations. Recently, the company faced several issues related to Active Directory, Microsoft Exchange, and M365, which posed risks and challenges towards identifying the root causes.

In response to these challenges and by recognising the persistent and evolving threat of cyberattacks, STAMH engaged the Nuwey team to help resolving the critical issues impacting their IT operations and also to identify AD vulnerabilities, categorise risks, and provide guidance for implementing robust countermeasures. Thus, STAMH is on track of its permanent goals - the safeguard of digital assets, reduced operational costs and fostering a culture of cybersecurity awareness.

Nuwey is a company with proven expertise and reputation. We aim to secure a long-term support services agreement with them!

– IVAN TSANKOV: IT Manager, STAMH Group

​The engagement focused on diagnosing and rectifying security vulnerabilities and configuration gaps, ultimately leading to improved operational efficiency and business continuity, as well as defining a strategy for security and configuration improvements.
 

Critical issues addressed:

  • Remediate vulnerabilities within the email system to prevent identified data leakage.

  • Address issues with the single sign-on experience on Windows 10/11 endpoints with SharePoint, OneDrive, and Teams.​

  • Review the Microsoft Entra Connect configuration.

  • Fix Windows update issues with domain controllers.

  • Assess and propose a strategy to optimise the Exchange on-premises infrastructure.

Weak Active Directory areas identified:

  • Configuration of legacy systems. Old Active Directory systems with outdated configuration contain vulnerabilities.

  • Access control and permissions.

  • Shadow IT and unmanaged accounts. Identifying unmanaged, unprivileged, or shadow accounts can be challenging but is essential to reduce the risk of unauthorised access.

  • Credential management. Weak password policies, unencrypted credentials, and improper credential management can pose significant security risks.

  • Group Policy enhancements.

Strategic Alignment

To address these challenges, the consulting team was relying on the following frameworks and best practices:

  • MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a comprehensive framework for understanding and categorising the behaviours and techniques used by cyber adversaries.

  • Nuwey Root Cause Analysis: Leveraging the Information Technology Infrastructure Library (ITIL) for root cause analysis and operational efficiency.

Service Delivery

The delivered consulting services led to a strengthened security posture for STAMH Group. Nuwey's expertise in identifying and addressing the root cause of the issues resulted in an optimised and more secure IT environment for the client.

Nuwey's root cause analysis process

The collaboration between STAMH Group and Nuwey showcases the importance of thorough assessments and expert consulting services in maintaining a secure and efficient IT infrastructure. It also laid foundation for a long-term collaboration and managed services.

If you need help with a similar scenario do not hesitate to contact us today. You can also check out our Cybersecurity page which outlines the capabilities we offer in the security space.

bottom of page