From rapid incident response through preventive hardening to relevant threat intelligence.
All services →● Active incidentA team from operations, investigation and intelligence. We think ahead to protect.
More about us →Cybersecurity with attitude. Join a team without ego.
All positions →Apply speculativelyAnalyses and experience on DFIR, Resilience Ops and Threat Intelligence.
All articles →Confidential, fast and without obligation.
To contact →● Emergency hotline// SERVICE · SECURITY HARDENING
Whether a cyber attack cripples your company or merely scratches it — that is not decided at the moment of the attack. It is decided now.
The rhythm of our M365, AD and infrastructure hardening program: transparent, plannable, continuous
Security hardening is not an emergency product. But sometimes the impulse comes from a cyber attack. Or from the realization that you only just escaped one.
You have survived a cyber attack. The real question is not technical — it is entrepreneurial: how do you prevent it from happening again? And how do you make sure that on the next attempt an attacker cannot paralyse your entire company?
The last pentest delivered a long list. Resources are limited. You do not need another checklist, but a risk-based prioritisation along real attack paths that gives you internal backing.
Auditors, insurers and NIS-2 increasingly demand robust technical evidence: not concepts, but implemented hardening measures with documented effectiveness. That is exactly what we deliver.
The attack surface grows faster than the capacity to control it. Without structured system hardening, blind spots emerge. Reduce the attack surface: methodically, not by gut feeling, without endangering operations.
NIS-2: Technical hardening measures are among the concrete obligations of the NIS-2 directive (NIS2). What this means for your company in practice: Implementing NIS-2: which measures are mandatory? →
We think like an attacker — and close every path he would take through your infrastructure.
Most providers deliver a report after a hardening project. We deliver a state: verifiable, validated monthly and implemented in close coordination with your IT. Every measure follows real attack paths: the way a hacker thinks, not the way a framework dictates.
For technical security leaders: Our attack-path analysis follows the MITRE ATT&CK methodology — we prioritise by tactics, techniques and procedures (TTPs) used in real attacks against comparable infrastructures. No generic framework mapping, but concrete attack-chain logic from our own offensive experience.
Operations stay stable — always
Measures are tailored to your specific environment: risk-based, not rolled out by generic standards.
Every operations-critical measure is prepared: risks evaluated, rollback scenario defined, implementation only after joint approval.
Every operational measure is communicated in advance and formally signed off with documentation afterwards. Your team always knows what is running and why.
The client decides in coordination with ProSec. You stay in control of your infrastructure.
We model how an attacker would reach critical assets in your real infrastructure, including Active Directory, identities and network segmentation.
Measures are weighted by actual exploitability and business impact, so that limited resources work where it counts.
System hardening across systems, identities, configurations and permissions — without losing usability and productivity.
Monthly vulnerability evaluation tracks progress. Defense baselines and hardening standards are documented and permanently anchored.
Monthly evaluations produce a clear progress curve. The security level becomes comparable over time and communicable to management, supervisory board or insurers.
Security hardening and IT hardening are not off-the-shelf products. We work through every layer of your infrastructure: from identity to perimeter, from Microsoft 365 to the network. Everything prioritised by what an attacker would exploit next.
Tier model, permission concept, privileged identities, service accounts. We close the paths ransomware uses to move laterally through your infrastructure and escalate to domain-admin rights.
Conditional Access, MFA enforcement, Exchange Online Protection, Teams and SharePoint permissions, Defender configuration. In almost every company, M365 is the biggest entry point. We close it systematically.
VLAN structure, network segmentation, firewall configuration, preventing lateral movement. A hardened network keeps a compromised system from becoming a springboard into the rest of the infrastructure.
VPN hardening, remote desktop protection, exposed services, DMZ configuration. The perimeter is the first point of contact for every cyber attack. We reduce the exposed attack surface to the necessary minimum.
Windows hardening along CIS benchmarks, group policies, application control, local admin rights. Every system an attacker compromises should remain an endpoint, not become a starting point.
Architecture reviews, defense baselines, hardening standards, effectiveness checks: documented, verifiable and permanently anchored. Not just for the next audit, but for the next cyber attack.
What you actually receive
Note: Not every area is equally relevant for every company. We start with an attack-path analysis and prioritise together, so budget and resources work where the risk is greatest — whether Active Directory, Microsoft 365, network security or perimeter.
Our team has analysed threat situations in intelligence services, accompanied cyber operations in the military, investigated cyber attacks in law-enforcement agencies and learned in the hacking scene how attackers really think. These are the fields people do not talk about loudly. And that is exactly our foundation.
The technical validation of our hardening measures is carried out by ProSec Networks, with ethical hackers who have been working at international top level for decades. Not as external service providers. As part of the same group of companies. When we validate monthly, real hackers do the testing — not automation tools.
“The knowledge of how to attack comes from the military, intelligence services and the hacking scene. The decision to use it for good — that one we made ourselves.”
ProSec Ransomware Containment Guarantee
We have been there in real attacks. We know how ransomware spreads and how to stop it. That is why we give a concrete guarantee:
After our hardening program, no attacker can encrypt your entire infrastructure. Ransomware stays isolated. It does not spread uncontrolled. What hits one endpoint stays at that endpoint.
Your critical systems and business processes remain operational even during an attack. An incident hits parts, not everything. Your value chain does not break.
We close the propagation paths. Active Directory, lateral movement, privilege escalation. No attacker with initial access can move uncontrolled through your systems.
Scope: This guarantee applies to the jointly defined infrastructure hardened under the ongoing program, for as long as ProSec Defense actively runs the monthly validation program and agreed hardening recommendations have been implemented. Systems outside the defined scope are not included. Details on the contractual anchoring on request.
Maurice du Maire, Managing Director, ProSec Defense GmbH
+49 341 3542867-0 · [email protected]
// AFTER HARDENING
Hardening protects the infrastructure.
What comes next?
Hardening creates the technical foundation. Governance anchors it organisationally: ISO 27001, NIS-2 compliance, ISMS setup.
Technical hardening protects the infrastructure. Legal protects the management: liability, NIS-2 law, insurance support.
DEFENSE READINESS
In a short, confidential initial consultation we assess your starting situation: whether after an incident or preventively. We show which hardening measures have the greatest protective effect in your situation.
Or directly by email: [email protected]