Home/Yalantis Reaches Full Security Posture in 6 Months with Protagonist Support

Yalantis Reaches Full Security Posture in 6 Months with Protagonist Support

Yalantis reached out to Protagonist to close security gaps during fast growth. We’ve set up incident monitoring systems, conducted vulnerability assessments, trained the team, and helped Yalantis reach ISO 27001 compliance in 6 months.

  • 94/100

    Yalantis security rate after Protagonist involvement

  • 2x

    Improvement in employee security awareness

  • OWASP Top 10

    Team trained to prevent & respond to OWASP Top 10 risks

CLIENT REQUEST

Protect the company during hypergrowth

Yalantis was in the middle of an intense growth phase. In less than a year, the company’s headcount surged from 290 to over 500 employees. With dozens of systems, client environments, and data flows, controlling operations became increasingly difficult. At the same time, their competitor, a major IT services company, suffered an attack that exposed personal data, including government identifiers. For Yalantis, this was a signal to rapidly reinforce their overall security posture. Yalantis turned to Protagonist to find security gaps and hidden vulnerabilities and take full ownership of security needs.

  • Location: Ukraine

  • Industry: IT

  • Services: Managed security & SecOps

  • Project timeline: Ongoing

Yalantis was in the middle of an intense growth phase. In less than a year, the company’s headcount surged from 290 to over 500 employees. With dozens of systems, client environments, and data flows, controlling operations became increasingly difficult. At the same time, their competitor, a major IT services company, suffered an attack that exposed personal data, including government identifiers. For Yalantis, this was a signal to rapidly reinforce their overall security posture. Yalantis turned to Protagonist to find security gaps and hidden vulnerabilities and take full ownership of security needs.

“Yalantis didn’t have an internal security team, so we took on all their security needs.”

Dmytro Kravchuk

CTO at Protagonist

PROCESS

Protagonist helps Yalantis close all security gaps 

With no dedicated security team and rising risks, Yalantis needed security that could protect them and their clients from potential cyber attacks and data breaches. Protagonist stepped in to take ownership and build a long-term security foundation.

  • Month 1

    Initial security baseline and visibility were established across critical systems and activities.

    • Security strategy and priority risk areas defined
    • First vulnerability assessment completed
    • Priority systems onboarded to centralized SIEM system
    • Critical and high-risk exposures identified and risk-ranked
  • Month 2-4

    The focus shifted from visibility to implementing structured, repeatable security operations and reducing systemic risk.

    • Incidents investigated and resolved
    • Access management formalized
    • Security awareness training
    • Ongoing vulnerability management cycle established
  • Month 5+

    Security processes transitioned from project-driven improvements to steady-state, governance-supported operations.

    • Security operating as continuous processes
    • Security metrics and risk visibility regularly reported
    • Environment capable of supporting customer due diligence and compliance initiatives

  • 2-week assessment of security gaps

    We started with an ISO 27001 gap assessment, mapping existing controls to the standard ones, identifying missing ownership, and spotting documentation gaps. Based on this, we built a six-month compliance roadmap.

  • We helped Yalantis restructure & migrate to AWS

    At the same time, Yalantis was undergoing internal restructuring. To keep security stable, we took ownership of the cloud layer, migrating hosts to AWS, and rolling out unified security controls across environments.

  • Protagonist formalized security processes for ISO evidence

    We translated existing security practices into ISO-aligned processes. This included structured asset management, role-based access control, and secure configurations for Google Workspace, Slack, and Atlassian.

  • We prepared Yalantis for the audit with a trusted auditor

    Our experts selected the auditor, managed all communication, and consulted Yalantis’ stakeholders for the upcoming audit so they knew in advance what questions to potentially expect.

  • We passed the audit on the first attempt

    During the audit, we acted as Yalantis’ compliance team, handling all questions that didn’t require stakeholder involvement. The auditor praised the practicality of our security measures, and Yalantis was certified on the first attempt.

  • Now, we support Yalantis through annual audits

    Today, we continue supporting Yalantis, monitoring processes, and handling rare incidents. In 2024, we helped Yalantis recertify under the new ISO 27001 version, again on the first attempt.

RESULT

In under 6 months, Yalantis went to a stable security operation that scaled with the company. Protagonist took full ownership of security, covering detection, response, testing, access control, and training, so the team could focus on delivery.

  • 300 access requests/month automated

  • Foundation for ISO compliance

  • Team trained on OWASP TOP 10

CLient Testimonial

“Their deep expertise in cybersecurity, particularly in the context of modern software architecture, was outstanding.”

Artur Shevchenko

Director of Engineering at Yalantis

Get a free security consultation

Book a call with us, and talk to Protagonist’s
expert about your security posture.

Book a Consultation

Explore more case studies