Les Ambassadeurs

Cyber Resilience and Hybrid Cloud

Premier London casino ensures cyber resilience and hybrid cloud infrastructure optimisation, with ITHQ strategic solutions

Illustration

Les Ambassadeurs is instantly recognisable as one of London’s most prestigious casinos.

Leopold de Rothschild’s library and artworks appeal to historians, while movie buffs know it as the place where a tuxedoed Sean Connery first said the immortal words, ‘Bond. James Bond,’ in Dr No.

Today, this venue is synonymous with opulence and high stakes: it dominates more than half of the London casino market alone. With turnover as high as client expectations, reputation is paramount and only the best will do.

For their cyber resilience and hybrid cloud infrastructure updates, Les Ambassadeurs partner with ITHQ.

Highlights

    Extremely sophisticated vulnerability management, threat detection and response with Rapid7
    Multiple secure networks maintained with zero tolerance for downtime
    Incident detection and prevention services
    Visibility of every device on the network through Network Access Control
    Flexible solutions that evolve in line with IT department and business needs, with spend forecast and controlled
    Multi-vendor next generation firewall including Fortinet

Carl van Eijk is Senior Infrastructure and Security Specialist at Les Ambassadeurs.

He talks us through his experience of working with ITHQ and why he believes it’s critical to view cyber resilience as a journey

ITHQ identified problems we didn’t know existed and devised solutions that worked in terms of functionality, practicality and cost.


Why ITHQ?

When we started, we didn’t know our cyber resilience and hybrid cloud improvement projects were going to be a journey.
We’ve worked with several companies over the years but never been 100 per cent satisfied. Working with ITHQ has been completely different. We have formed a very productive partnership where they help us to realise goals we want to achieve.

A typical day of attacks and defence

We experience over 20,000 attempted attacks every day from around 3,000 unique IP addresses. Attacks are highly targeted, including impersonations. 60% of blocked emails we receive are phishing or spear phishing attempts.
We have very robust data, security and privacy policies protecting all our staff and systems. We are also tightly governed by financial and gambling laws, so all our networks and systems must be secure, compliant and auditable.

Embarking on the journey

The first thing we learned was that it’s important to be open-minded about the kind of threats we’re facing and how they change almost daily.
Just because we’ve never had a serious breach doesn’t mean we should be complacent. The second is that there is an overlap between solving one challenge and identifying another.
Initially, we had around 2000 network ports, plus many wireless devices, 300 PCs and 300 iOS devices, in addition to our servers, peripherals and IoT devices. We have many more than that today.

ITHQ helped us implement an open source platform that gave us full visibility of our networks. This highlighted blind spots and vulnerabilities we had not foreseen. Data correlation highlighted a worrying number of devices, the origin and purpose of which couldn’t be immediately identified.
ITHQ helped us to integrate this platform with the segregated firewall at the core of our multiple networks. This requires a lot of planning and experience of working in highly segregated environments, to avoid any security compromise.
Together with improved threat detection and response, we were as resilient as possible before going ahead with other projects we now realised were necessary.

We will always be looking for new threats and new technology. ITHQ’s innovative solutions and excellent service are part of that journey.


How we moved into the acceleration phase

Network Access Control (NAC) was the second phase. This helped identify everything on our networks, including security cameras, and showed us how we could improve authentication of devices, network access and enrolment. It also showed how we could strengthen our infrastructure to better manage patches and other critical updates.
We rolled out Rapid7 InsightIDR and InsightVM to improve endpoint protection. Then, as other departments showed interest in the improvements ITHQ were making, we broadened our scope.
A major challenge is that our environment demands near zero downtime. For some services, outages of even a few seconds are unacceptable. Our new, more resilient networks allow us to take down small areas in isolation for critical updates without compromising security or uptime.


Further strengthening our resilience with more strategic projects

Zero trust, including one-time passwords and multi-factor authentication, is high on the list, together with server upgrades, infrastructure documentation and automation as we continue with our transformation. We’re also looking at replacing some more of our cloud services.

How ITHQ brings a combination of strategy, innovation and top service

Achieving transformation is not just about technology; it’s about strategy, processes and people. New challenges arise as a result of implementing a solution, exposing new vulnerabilities.
They are a highly innovative team. Some third-party systems needed technical interactions, for example, which were being done manually. ITHQ wrote some API calls for non-technical staff that simplified certain processes. This allowed quick resolution in a 24-hour environment, when skilled technicians were not instantly available.

ITHQ also built proprietary systems for device and firewall management to help our support team, and to help us verify third-party integrations on our intrusion detection system.
Our systems are very secure and resilient but the journey to perfection is continuous. We will always be looking for new threats and new technology. ITHQ’s innovative solutions and excellent service continue to be part of that journey. And resilience is absolutely a journey: in fact, it's the only realistic approach.