At a Glance
- Industry: B2B SaaS
- Engagement type: Continuous Managed Security Program with Quarterly VAPT
- Tech stack: AWS multi-account organization, Microsoft 365 E5, Microsoft Sentinel SIEM, CrowdStrike Falcon EDR, GitHub Enterprise, Okta SSO
- Outcome: All critical and high-severity findings remediated and re-tested with no critical issues remaining at close.
- Delivered by: ISO/IEC 27001:2022 certified consultants with OSCP, OSEP, CISA, CISM credentials.
Compliance Frameworks Satisfied
Client Overview
Industry: B2B SaaS
Product: Multi-tenant SaaS platform serving 1,200+ enterprise customers
Tech stack: AWS multi-account organization, Microsoft 365 E5, Microsoft Sentinel SIEM, CrowdStrike Falcon EDR, GitHub Enterprise, Okta SSO
The client is a 600-person Indian B2B SaaS company serving 1,200+ enterprise customers across India, the Middle East and Southeast Asia. Primary offices in Bengaluru and Chennai with hybrid workforce post-COVID.
Challenge
Three factors drove the urgency of this engagement:
- Peer ransomware impact. A peer SaaS in the same vertical had been hit with ransomware in late 2023, paying INR 4.2 crore and losing 3 enterprise customers
- Foundational security gaps. MFA enabled for admins only, IAM keys long-lived, logging not centralized, 7 high-severity pentest findings unresolved for 18 months
- Enterprise sales pressure. Major enterprise customers were demanding ISO 27001 certification and SOC 2 evidence as procurement prerequisites
Our Approach
Codesecure delivered a structured engagement combining automated coverage with deep manual testing focused on the specific risk areas for this client.
Scope of Testing
The engagement covered the following primary areas:
- Phase 1 (months 1-3): Foundation, MFA everywhere, EDR active prevention, AWS IAM hardening, SIEM deployment
- Phase 2 (months 4-9): 7 defense layers, identity, endpoint, email, network, detection, hunting, validation
- Quarterly web/mobile/API penetration testing with same-quarter remediation tracking
- Annual internal network penetration test and red team exercise
- Monthly proactive threat hunting against MITRE ATT&CK techniques relevant to SaaS
- 24x7 managed SOC monitoring with Indian-based analysts
- ISO/IEC 27001:2022 certification achieved in month 18
// Tooling Used
Reporting & Walkthrough
Executive summary delivered alongside a technical report containing reproducible PoC steps, CVSS v3.1 severity scoring and developer-actionable remediation guidance. Live walkthrough with the client team covered every critical finding with reproduction and recommended fix path.
Need a Similar Engagement?
Our ISO/IEC 27001:2022 certified consultants deliver fixed-price, named-consultant engagements with executive-ready outcomes. Free 30-minute scoping call, instant response, no delay.
Book a Free Scoping CallResults
Critical Findings
- Month 14 near-miss: phished credential reuse from a leaked third-party site enabled remote login attempt; detected and contained within 87 minutes
- Detected via anomalous sign-in (Layer 1) combined with RDP anomaly (Layer 4 and Layer 5 working together)
- User session terminated, endpoint isolated, all SSO sessions revoked, forensic capture preserved, no encryption or data exfiltration occurred
High & Medium Severity
Mean time to detect (MTTD) under 30 minutes for high-severity incidents; zero ransomware incidents, zero material data breaches, zero DPDP notifications across 24 months; successful ISO/IEC 27001:2022 certification supporting enterprise sales; total annual security spend roughly 0.8% of revenue (vs. industry-average breach cost of 4-7% of revenue).
Before vs. After
Before Engagement
- MFA only on admins
- Long-lived AWS IAM keys
- Logging not centralized
- 7 high findings open for 18 months
- No 24x7 monitoring
- Enterprise sales blocked by no ISO 27001
After Remediation
- MFA universal, FIDO2 keys for privileged users
- SSO + role-based access, no long-lived keys
- Centralized SIEM, 24x7 monitoring
- All findings remediated within SLA
- Managed SOC with named analysts
- ISO 27001:2022 certified, enterprise sales unblocked
"Codesecure detected and contained a real account compromise in 87 minutes before any damage. The peer company that didn't have this program paid INR 4 crore in ransom. The math on our security investment writes itself."
Anonymous, CISO, 600-person Indian SaaS company
Key Lessons
What Other Teams Can Take Away
- Defense in depth works because layers fail at different times. The near-miss defeated three of seven layers, the fourth caught it. No single control is enough.
- Security is a program, not a project. 24-month engagement with monthly leadership review, quarterly pentests and annual red team beats one-time hardening.
- Total cost is 0.8% of revenue. Industry-average breach cost is 4-7% of revenue. The math heavily favors investment.
- ISO 27001 certification unlocks enterprise sales. Approximately 80% of enterprise procurement questionnaires in 2026 require ISO 27001 evidence.
Conclusion
Layered defense works because layers fail at different times. The near-miss incident defeated three of seven layers; the fourth caught it. Security is not a project; it is a program with measurable outcomes (MTTD, MTTR, pentest finding trends) reported to leadership monthly.
For Indian SaaS, fintech and enterprise customers, managed security programs deliver this depth of defense at fractional in-house cost. Codesecure operates ISO/IEC 27001:2022 certified managed security programs with named consultants, fixed-price engagements and 24x7 SOC coverage across India, UAE, Saudi Arabia, Australia, Singapore and Maldives.
Want Outcomes Like These?
Codesecure is an ISO/IEC 27001:2022 certified cybersecurity firm. We deliver fixed-price engagements with named consultants and executive-ready outcomes across India, UAE, Saudi Arabia, Australia, Singapore and Maldives.
Get a Free Consultation Explore Our Services
