Cypress Manufacturing Company Implements Zero Trust — 18-Month Results

A Cypress manufacturing company with 85 employees had experienced a near-miss cyber incident where an attacker who compromised one workstation was blocked from reaching the company’s ERP and financial systems only by luck — the firewall rule that should have allowed access was misconfigured. That near-miss prompted a full zero trust architecture implementation.

The Problem with Flat Networks

The company’s network was largely flat — all workstations, servers, and OT systems on interconnected segments. A compromise of any endpoint could theoretically reach any other system. The near-miss demonstrated this risk concretely. The attacker had gained access to a workstation through a phishing email and spent three days mapping the network before attempting to access the ERP server — the misconfigured firewall rule was the only thing that stopped them.

Zero Trust Implementation

SpaceTown IT implemented a zero trust architecture over 12 weeks: (1) Network microsegmentation creating separate VLANs for workstations, servers, manufacturing OT systems, and guest devices with firewall policy between each, (2) Azure AD Conditional Access requiring MFA and device compliance for all application access, (3) Per-application ZTNA for remote access replacing full-tunnel VPN, (4) Privileged access management with just-in-time admin elevation, (5) SentinelOne EDR on all endpoints with 24/7 SOC monitoring integration.

18-Month Results

After 18 months: zero lateral movement incidents, three contained endpoint compromises (all caught by SentinelOne within 5 minutes and automatically quarantined with no lateral spread), SOC detected two external scanning campaigns within hours and blocked associated IPs proactively, and cyber insurance premium reduced by 22% at renewal based on documented control improvements.

Implement Zero Trust in Houston

SpaceTown IT implements zero trust network access and network management for Houston businesses. Call (832) 304-9748.