Case Studies
Real outcomes from real environments. Anonymised for confidentiality, but the numbers and the technology stacks are genuine.
Leading South African University — Campus Security Transformation
The Challenge
Legacy firewall infrastructure spread across 3 campuses serving 15,000+ users. Significant eduroam WiFi security gaps with no segmentation between student, staff, and guest traffic. No centralised policy management — each campus operated independently with inconsistent rulesets and no unified visibility.
The Solution
Palo Alto Networks PA-5400 series next-generation firewalls deployed across all campuses, centrally managed via Panorama. CrowdStrike Falcon endpoint protection rolled out to all staff and lab endpoints. Complete WiFi refresh with Fortinet FortiAP access points and FortiNAC for network access control and device profiling.
The Outcome
40% reduction in security incidents within the first year. Centralised policy management across all 3 campuses from a single Panorama console. Full eduroam and guest WiFi segmentation with role-based access. POPIA compliance achieved for student and staff data handling, validated by external audit.
Tier 1 Mining Group — Multi-Site OT/IT Network Security
The Challenge
12 remote mining sites across Southern Africa with converging OT and IT networks. Unreliable WAN connectivity causing operational disruptions. Zero visibility into SCADA/ICS traffic traversing the network, creating a significant blind spot for both safety and security teams.
The Solution
Palo Alto Networks next-generation firewalls with IoT Security subscription for deep SCADA/ICS protocol visibility. Fortinet SD-WAN deployed across all 12 sites for resilient connectivity with automatic failover. Layer7 managed firewall service providing centralised monitoring and change management from our NOC.
The Outcome
Full OT/IT network segmentation enforced at every site. 99.7% WAN uptime achieved via SD-WAN with LTE/satellite failover. Real-time SCADA traffic visibility and anomaly detection. Zero unplanned production stops due to cyber incidents in 18 months of managed service.
National Financial Services Provider — SOC/MDR Implementation
The Challenge
Increasing regulatory pressure from FSCA and POPIA with growing ransomware campaigns targeting the South African financial sector. The board mandated 24/7 security monitoring, but the organisation lacked the internal skills and budget for a dedicated SOC team.
The Solution
Layer7 IRON SHIELD MDR service deployed with CrowdStrike Falcon endpoint detection integrated with Palo Alto Cortex XSIAM for unified threat intelligence and automated response. Ongoing vulnerability assessment programme established with regular external and internal scanning cadences.
The Outcome
Mean time to detect reduced from 72 hours to under 15 minutes. Full POPIA incident response compliance with documented breach notification procedures. 3 ransomware attempts blocked in the first quarter of service, with full kill-chain analysis provided to the client.
Provincial Government Department — Compliance-Driven Security Overhaul
The Challenge
Failed AGSA (Auditor-General South Africa) audit on ICT security controls. Outdated perimeter security with end-of-life hardware. No vulnerability management programme in place. Significant POPIA non-compliance with citizen data handling procedures undocumented.
The Solution
Complete Palo Alto Networks NGFW replacement programme for all perimeter and internal segmentation firewalls. Tenable vulnerability scanning deployed with defined remediation SLAs. Layer7 CISOaaS advisory engagement providing strategic direction, policy development, and board-level reporting. Organisation-wide security awareness training programme.
The Outcome
Clean AGSA audit achieved within 12 months. Vulnerability remediation SLA reduced from 90 days to 14 days for critical findings. 85% staff completion of security awareness training programme. Full POPIA compliance documentation and data handling procedures established.
Private Healthcare Group — Ransomware Resilience Programme
The Challenge
A previous ransomware incident caused 3 days of complete operational downtime with patient data at risk. Multiple hospital sites operated with inconsistent security controls and no coordinated incident response capability. The board demanded assurance that this could never happen again.
The Solution
CrowdStrike Falcon Complete deployed across all endpoints and servers at every site. Palo Alto Prisma Access implemented for secure remote worker connectivity and consistent policy enforcement. Layer7 incident response retainer established with defined escalation procedures and quarterly tabletop exercises.
The Outcome
Full recovery capability tested and validated quarterly via tabletop exercises. Zero successful ransomware incidents in 24 months of continuous monitoring. POPIA breach notification process fully established and tested. Consistent security posture achieved across all hospital sites.
Your Challenge is Next
Every environment is different, but the approach is the same — understand the risk, deploy the right technology, and manage it properly. Let us show you what that looks like for your organisation.
Talk to Layer7