Success StoriesSuccess Stories
About Us | Success Stories |
Success Stories
Our Rising Values Inspired and Motivated

Flokser Success Story

Abstract of the Project

Flokser prefers to monitor and manage its IT infrastructure with BBS Managed Security Services.

Aim of the Project

It is to provide information security software and hardware needs by Bilgi Birikim Sistemleri with the business model “Take Service That Includes Product Instead of Product”.
It is to provide the Penetration Test service once a year within the scope of BBS Managed Security Services, to manage the Firewall, EndPoint Security, DLP, SIEM, and Mail Security Gateway security products, to monitor 7×24 SIEM, and to reduce the risks of cyber threats with intervention when necessary.

Conclusion of the Project

The project started with identifying the security risks in the Flokser IT infrastructure by the BBS Penetration Test team, which has the TSE A Type Penetration Test Company Certificate. The installation and configuration of McAfee EndPoint Security and DLP follow determining log resources to ensure a safe structure, transfer of logs to SIEM, writing of correlations, monitoring of SIEM by 7×24 BBS SOC team, extracting of false positives, and management of the system and improvements throughout the process.
Flokser IT and the BBS SOC team increased the security level of Flokser's evolving structure far above the level at the beginning of the project against constantly changing internal and external security threats. With its Managed Security Services, BBS continues its efforts at full speed to further increase its security level.
Hakan Cem Topal, Flokser Digital Transformation Manager, shared his views on the importance of cyber security today and this successful project as follows:
In today's world, information systems technology is being renewed and developed day by day. The use of this technology provides benefits and convenience in every field, on the other hand, it brings security problems that reach dangerous dimensions for individuals, institutions, and governments. Every day, millions of cyber events take place, and sometimes cyber-attacks that influence worldwide occur.
Information technology risk is not just a risk involving the information technology department. The risks that may arise concern all departments, therefore the entire business. Therefore, it is our first duty to create awareness by sharing the risk policies to be created within the organization. The approach we use to measure, manage, and balance these risks is called Information Technologies Risk Management.
Information Systems Risk Management is an action-taking process to identify, evaluate, and reduce risk to an acceptable level. The most obvious threat sources in businesses today are natural disasters, organizational deficiencies, technical errors, and planned cyber-attacks. Some of these threats are caused entirely by external factors.
As a result, you can take precautions against all risks with the best software and hardware and the best team. But conscious or unconscious mistakes made by the end-user can pose enormous risks for your systems. Today, 95% of information leakages are caused by end-users.
As a result of the cyber-attacks, there may be events that will cause serious harm to the institution as follows;
  • Stolen or leaked of valuable and confidential data,
  • Encryption of corporate computers or servers,
  • Abuse of institutional resources (digital money mining or their use as a cyber-attack tool),
  • The loss of reputation of the company,
  • Production losses,
  • Failure to meet financial requirements.
In addition, these events can happen every day, every hour, not only during office hours.
If you play the best center-forward in the world in the castle, he will probably fail and will concede a lot of goals. Or, in case that the world's best ophthalmologist is expected to make a kidney transplant, the result may not be good for the patient. Information technologies are made up of many subdivisions, just like in football or a doctor. The system specialist cannot be expected to develop software or provide ERP consultancy from someone who provides end-user support. I think it is not a manageable process for all areas of expertise to keep the relevant people permanently within the enterprise. Just as the coach of a football team or the chief physician of the hospital is in the direct management layer without being in the operation, we CIOs who manage the information technology teams are in that position. Employing experts of every area in your team increases costs and prevents you from creating a manageable structure. That's why we have to outsource today. Although outsourcing seems to be primarily costly, it costs businesses less at the end of the day and enables us to receive much better service by distributing risks.
Within this scope, it has been decided to provide SIEM/DLP service to Flokser by BBS teams against the dangers that may occur within the company.
Necessary institutions have been completed as of October 2019 in order to monitor Flokser systems by BBS Cyber Security Center. Since November, 24/7 monitoring has been started, and monitored violations are shared with Flokser Information Technologies Directorate in detailed reports.
The details of the service we receive are as follows.
  • To actively monitor and take action against any conscious or unconscious cyber-attacks from within the organization,
  • To Notify BBS security response teams in the cyber security cases that occur and ensure interfering immediate, and to end the danger,
  • To prepare reports on cyber security cases that occur, and to determine the necessary actions so that the case does not recur, to take/be taken actions that can be taken within BBS.