top of page

Subra Pharmacies is improving its cybersecurity posture through comprehensive security assessment and remediation.

Nuwey and Subra Pharmacies executed the project as an endeavour dedicated to fortifying digital defences.

Subra Pharmacies needed trusted partner with experience in cybersecurity who could offer capabilities for evaluation of the company’s security posture. Success criteria included assessing critical services and defining a roadmap for remediation as well as providing reliable support during execution. All of that had to be aligned with the company’s vision and journey towards Microsoft 365 cloud and the ambition of obtaining ISO 27001 certification.

Cybersecurity threats continue to evolve, and organisations face increasing risks to their digital assets, sensitive data, and reputation. A robust security assessment and remediation strategy is essential to protect against these threats and Subra Pharmacies decided to invest in it. The company chose Nuwey, a technology partner with expertise in cybersecurity, covering both cloud technologies like Microsoft 365 and also on-premises business critical services like Active Directory, Exchange, and SQL.


Nuwey helped not only with the assessment of their current security posture and remediation strategies, but also with the launch of a resilient framework for future security challenges.

Client Background

Subra Pharmacies is a company based out of Bulgaria, with its head office in Sofia. The company operates in the drugs and druggists' sundries merchant wholesalers industry. Subra Pharmacies is a developed commercial chain with many years of experience with over 70 pharmacies located in key locations in Bulgaria. The concept of SUBRA is based on qualified service, rich portfolio, innovation in the construction of objects, personal approach, and established style of market presence.

The IT department of the company is responsible for the pharmacy chain and is relying on a centralised on-premises Active Directory infrastructure. Not long ago, the company also started planning the move of workloads to the cloud which generated new types of security risks. As part of the efforts to respond to the new IT reality where cyberattacks are a persistent and evolving threat, they started drafting a holistic security assessment of the organisation's digital infrastructure, key services, and practices with the goal of identifying weaknesses and attack vectors for threat actors.

With Nuwey’s expertise, Subra Pharmacies managed to identify vulnerabilities, categorise risks, and start implementing robust countermeasures, thus not only safeguarding digital assets, and reducing the operational costs but also fostering a culture of cybersecurity awareness.

We selected Nuwey because of their proven expertise, reputation, tailored approach, and customer care.

– IVAN TSANKOV: IT Manager, Subra Pharmacies EAD

Project Challenges

Key challenges addressed with this project:

  • Active Directory security posture:
    •    Legacy systems with outdated configurations contain vulnerabilities that are challenging to identify and remediate.
    •    Access control and permissions.
    •    Shadow IT and unmanaged accounts. Identifying unmanaged, unprivileged, or shadow accounts can be challenging but is essential to reduce the risk of unauthorised access.
    •    Credential management. Weak password policies, unencrypted credentials, and improper credential management can pose significant security risks.
    •    Group policy challenges.
    •    Lack of documentation and alignment with MITRE maturity model for AD.
    •    Lack of strategy for continuous security posture management.

  • Messaging infrastructure security posture:
    •    Multiple ongoing issues with Microsoft Exchange impacting the business.
    •    Lack of documentation and configuration tracking.
    •    Configuration aligned with best practices.
    •    Lack of continuous security assessment and remediation strategy.
    •    Challenges with ongoing migration to Microsoft 365.

  • Database security posture: Lack of continuous vulnerability assessment strategy.

Project Planning & Execution

In a remarkable display of efficiency, the security assessment project was successfully completed in just three weeks. This fast-paced initiative encompassed a thorough evaluation of the Subra Pharmacies’ security posture, including:

  • vulnerability assessment

  • risk categorisation

  • remediation guidance

  • roadmap for remediation of “quick wins” findings

  • strategy for reaching highest maturity levels within technologies in scope: Active Directory, Microsoft Exchange, TrendMicro, and Microsoft SQL

Some of the identified vulnerabilities were swiftly remediated during the assessment, bolstering the organisation's security defences. The final assessment report and remediation strategy were promptly delivered to stakeholders, providing invaluable insights into the organisation's security landscape, and laying the ground for rapid and effective security enhancements.

"Nuwey’s dedication, expertise and customer-centric focus during delivery were evident in the depth of insights shared,” said Ivan Tsankov, IT Manager. “These insights have not only helped us fortify our defences but also equipped us with the knowledge needed to proactively manage our security.”

“This project has been instrumental in enhancing our resilience against emerging threats, and we highly commend the team for their exceptional work," added Ivo Vasilev, SysAdmin. “We hope that this is just the start of a long-lasting cooperation with Nuwey in our digital transformation journey to the cloud."

bottom of page