Case study

Optimum Energy

With an outdated intrusion detection system, Optimum Energy relied on their IT team to review security alerts manually.

Optimum Energy—an energy efficiency company founded in 2005—has grown to service multi-national Fortune 100 companies, government agencies, and large university campuses.

In 2016, Optimum realized the need to evolve their cybersecurity processes. With an older intrusion detection system, they were relying on their IT team to review security alerts manually. The team was spending too much time chasing false-positive alerts which distracted from other tasks. Optimum Energy also needed to become SSAE 16 compliant.

“Gradually over time, we paid attention less to the alerts because there were so many false positives,” says Daniel Kratz, Optimum’s Information Systems Manager. “You just lost confidence, when you're chasing a rabbit down a hole, and there wasn’t anything there. We wanted to get ahead of the problem and find a solution.”

We realized the high value of having an IDS and a team monitoring our network, but also the high risk if we didn’t put one in. Daniel Kratz, Information Systems Manager

Critical Insight solved the problem

After listening to what Optimum Energy was looking for, CI Security built a plan for them to achieve their goals and provide the audit artifacts they needed to support the plan.

SSAE compliance and attestation were crucial, as threat actors will often try to manipulate third-party vendors like Optimum to get access to their ultimate goal.

CI supported the efforts for passing the SSAE 16 SOC 2 Type 1 audit. Optimum continued to lower its risk of a breach by working with CI Security’s penetration testers on a regular basis, but Optimum still needed a reliable intrusion detection system. They chose CI’s Critical Insight™ Managed Detection and Response service to manage threat detection and to partner on incident response.

CI Security now services Optimum with Critical Insight MDR and penetration testing.

Optimum’s IT team now has the time to provide continuous internal security training and help with sales. Optimum can also easily answer the tough security questions it gets from potential customers.