Harden Windows. Implement compliance. Eliminate risks.
Standard Windows installations are not secure enough, regulatory requirements are becoming stricter - and if the worst does happen, every minute counts. Dawico combines technical Windows hardening with pragmatic compliance implementation and structured crisis management. Prevention and emergency response from a single source - local and international.
DAWICO STRENGTH: Dawico played a key role in developing DIN SPEC 27099 and secures Windows environments according to CIS benchmarks and BSI Grundschutz. In an emergency we are also reachable outside business hours - initial damage control within a few hours.
Windows hardening
- Group policies (GPO): enforce security settings centrally
- Minimize services: disable unnecessary Windows services
- BitLocker encryption for all drives
- Configure Windows Defender / endpoint protection correctly
- RDP hardening: NLA, port change, access restriction
- Password and account policies according to best practice
- Local Administrator Password Solution (LAPS)
- PowerShell restrictions and execution policies
- Windows firewall: rule-based access control
Endpoint Security & Managed Protection
Modern endpoint protection goes far beyond classic antivirus. We rely on a multi-layered strategy with managed detection & response.
- Endpoint Detection & Response (EDR): behavior-based detection instead of signature checks alone
- Centrally managed antivirus solutions with real-time monitoring and reporting
- Application whitelisting: only approved software may be executed
- USB and device control: which external devices may be connected?
- Automated patch management: roll out security updates promptly and in a controlled manner
- Security dashboards: overview of the security status of all endpoints
DIN SPEC 27099 - data security to standard
Dawico played a key role in developing DIN SPEC 27099. This standard defines how companies effectively secure their data against unauthorized access, manipulation and theft through a three-tier network architecture.
- Three-tier network architecture: no access by unauthorized users
- Protection of critical data: source code, passwords, customer data
- Analysis of your individual security requirements
- Tailored solutions according to DIN SPEC 27099
- Integration into existing work processes without loss of productivity
Compliance Onboarding
We analyze your IT, identify gaps and implement concrete measures. Pragmatic instead of bureaucratic.
Gap analysis against GDPR, ISO 27001, BSI Grundschutz, DIN SPEC 27099
IT baseline protection per BSI: 5-layer model from infrastructure to application
Implementation of technical and organizational measures
Documentation for audits and certifications
Training for your team
Preparation for external audits
IT crisis management & incident response
Ransomware encrypts your data, the Exchange server is compromised, Active Directory no longer responds - IT crises arrive without warning and every hour counts. Dawico offers fast, structured help based on a proven 4-stage model aligned with BSI 100-4 and common incident response frameworks.
Analysis
What happened? Which systems are affected? Initial forensic preservation of log data and artifacts
Containment
Isolate affected systems, separate network segments, stop the spread immediately
Recovery
Restore systems from clean backups, bring services back online by priority, verify data integrity
Hardening
Identify and close the entry point, patch security vulnerabilities, tighten monitoring, document lessons learned
Typical crisis scenarios
- Ransomware attack: isolate encrypted systems, stop the spread, evaluate decryption options
- Server failure: identify the cause, activate failover, restore services
- Data loss: check backup integrity, initiate restore, reconstruct missing data
- Compromised accounts: lock access, analyze lateral movement, reset passwords
- DDoS attack: traffic analysis, set filter rules, restore availability
- Communication support towards customers, authorities, cyber insurers and the BSI
Prevention & emergency planning
The best crisis is the one that never happens. And if it does come, a tested emergency plan makes the difference between hours and weeks of downtime.
- Create disaster recovery plans: recovery sequence, define RTO/RPO, assign responsibilities
- Review and optimize backup strategies: 3-2-1 rule, air-gapped backups, regular restore tests
- Conduct emergency drills: simulate scenarios, expose weaknesses, measure response times
- BSI 100-4 emergency management: structured implementation per the BSI standard for business continuity
- Incident response runbooks: step-by-step guides for the most common crisis scenarios
- Employee training: recognize phishing, know reporting channels, react correctly in an emergency
International IT security
Cyber threats do not stop at national borders. If your company operates internationally, your IT security needs a global perspective.
- Multi-site security concepts: consistent security standards across all locations
- VPN architecture for international site networking - secure and high-performance
- Compliance across borders: GDPR, CCPA, industry-specific regulations
- Threat intelligence: monitoring regional threat landscapes and adapting protective measures
- Incident response with an international focus: coordination across time zones
- Security awareness trainings for multicultural teams