Enterprise Cybersecurity Programme
Financial Services Group Dubai
Project Overview
A Dubai-based financial services group managing AED 2B+ in client assets was facing escalating cyber threats and an upcoming regulatory audit that required ISO 27001 certification. Their existing security posture was fragmented: no centralised monitoring, outdated firewall rules, inconsistent endpoint protection, and no formal incident response process. A breach would have been catastrophic — both financially and reputationally.
We designed and implemented a comprehensive cybersecurity programme that addressed people, processes, and technology. On the technology front, we deployed a Fortinet security fabric (next-gen firewalls, FortiSIEM, FortiEDR), implemented zero-trust network access with micro-segmentation, and established a 24/7 Security Operations Centre with automated threat detection and response playbooks. Every endpoint, server, and network device now feeds logs into the SIEM for real-time correlation and alerting.
On the governance side, we developed the complete Information Security Management System (ISMS) documentation required for ISO 27001, conducted risk assessments, implemented access controls, and trained all 350 employees through simulated phishing campaigns and security awareness workshops. The group achieved ISO 27001 certification on the first audit attempt and now operates with a security maturity score that exceeds CBUAE requirements.
Project Details
- Client
- Financial Services Group Dubai
- Category
- Cybersecurity
- Industry
- Finance
- Year
- 2024
- Technologies
- FortinetFortiSIEMFortiEDRCrowdStrikePalo Alto
The Challenge
No centralised security monitoring, fragmented endpoint protection, zero formal incident response capability, and an upcoming regulatory audit requiring ISO 27001 certification — with client assets of AED 2B+ at risk.
Our Solution
We implemented a Fortinet security fabric with 24/7 SOC, deployed zero-trust architecture, built the complete ISO 27001 ISMS, and conducted company-wide security awareness training with phishing simulations.
Key Features
24/7 Security Operations Centre with SIEM monitoring
Zero-trust network access with micro-segmentation
Next-gen firewall deployment and management
Endpoint Detection and Response (EDR) across all devices
ISO 27001 ISMS development and certification support
Security awareness training with phishing simulations
Technologies Used
Fortinet
FortiSIEM
FortiEDR
CrowdStrike
Palo Alto
Results & Impact
ISO 27001 certification achieved on first audit attempt
Mean time to detect threats reduced from days to 8 minutes
Phishing click rate dropped from 32% to 3% after training
Zero security breaches since programme implementation
“Nastrum transformed our security from a checkbox exercise into a genuine competitive advantage. Achieving ISO 27001 on the first attempt gave our clients confidence, and the 24/7 SOC means we sleep well at night knowing our assets are protected.”
Nadia Sayed
CISO, Financial Services Group Dubai
Related Projects
Core Banking Cloud Migration
Mid-Size Commercial Bank UAE
A phased cloud migration of core banking workloads to a CBUAE-compliant hybrid cloud architecture, reducing infrastructure costs by 45%.
View Case StudyCorporate Campus Network & Data Centre
Regional Conglomerate HQ Dubai
Design and deployment of a 3-building campus network and Tier III data centre for a regional conglomerate's new Dubai headquarters.
View Case StudyWant Results Like These?
Let's discuss your project and show you how we can deliver measurable business outcomes for your organisation.