CS/04CASE STUDY

Insider Risk
for Export-Controlled Technical Data

A defense prime contractor holding highly sensitive programme data partnered with We As Web to secure its digital estate — implementing data discovery, classification-based DLP, and insider-threat detection while producing audit-ready compliance documentation against ISO/IEC 27001 and NIST SP 800-171.

Discuss Your Project →
At a Glance
Capabilities
Endpoint-Wide Data Discovery
Classification-Based DLP
Insider-Threat Detection
Audit-Ready Compliance
Technologies
Tanium (Endpoint Management)Data-Loss-Prevention (DLP)Anomaly DetectionISO/IEC 27001NIST SP 800-171EU Dual-Use Reg. 2021/821ITAR / EAR
Delivery Model
Cybersecurity + endpoint management specialists · Embedded engagement
[01]Business Context

A defense prime operating blind to where its most sensitive data lived

A defense prime contractor holding highly sensitive programme data — including design files, technical documentation, and export-controlled materials — partnered with We As Web to secure its digital estate. In the defense sector, the exfiltration of controlled technical data is a defining risk, carrying severe espionage, competitive, and regulatory consequences. To protect this critical intellectual property, the client needed to gain full visibility over their data and lock down vulnerabilities before they could be exploited.

Key Context
Highly sensitive design files, technical documentation, and export-controlled materials at risk
No clear picture of where sensitive data lived across the estate
Insiders, third parties, and compromised endpoints all potential exfiltration vectors
Strict regulatory exposure under EU Dual-Use Reg. 2021/821 and ITAR / EAR
[02]Client Needs

What prompted the project

To safeguard their most sensitive assets, the defense prime needed to move from "we hope it's secure" to "we can prove it" — with controls proportionate to data sensitivity.

N/01

Prevent Data Exfiltration

Radically reduce the risk of technical data leaving the organization through malicious insiders, careless third parties, or compromised endpoints.

N/02

Ensure Strict Regulatory Compliance

Tightly control data that falls under the EU Dual-Use Regulation (EU) 2021/821 and, where US-origin technology is involved, ITAR / EAR regulations.

N/03

Prove Security Posture

Produce concrete evidence of security controls to satisfy regulators, auditors, and prime-contractor security reviews.

[03]The Challenges

Why an expert partner was required

The initiative faced several major hurdles — most fundamentally, the client had no map of its own data to defend.

Pre-Project ChallengeLack of Data Visibility
Operating Blind
The client had no clear picture of where export-controlled data resided across their network or who had the permissions to access and move it.
No Classification Scheme
Without a consistent way to tag data, it was impossible to apply controls proportionately — everything looked the same.
Impact
You can't protect what you don't know you have. Every control decision was a guess.
Pre-Project ChallengeRegulatory Complexity
Dual-Use and ITAR/EAR
Managing dual-use and ITAR/EAR-relevant data requires highly specific handling rules.
Broad Policies Are Risky
Uniform or broad-stroke security policies are ineffective — and risky when applied to non-controlled data.
Impact
Misclassifying a single file could trigger regulatory consequences or block legitimate engineering work.
Pre-Project ChallengeBalancing Security with Privacy
Active Monitoring Required
The client needed to actively monitor for insider threats to detect the behaviors that precede exfiltration.
Privacy and Legal Limits
Employee monitoring must be balanced against privacy rights and legal constraints.
Impact
The program had to be designed to be effective at detection AND legally defensible.
[04]Solutions Provided

What We As Web delivered

We As Web delivered a comprehensive data protection and insider-threat mitigation program — anchored in a real map of where sensitive data actually lived.

S/01

Data Discovery and Classification

Endpoint-wide inventory and classification of sensitive data using Tanium — so controls could be applied based on sensitivity rather than uniformly.

We leveraged Tanium's endpoint-management depth to inventory data at scale across all endpoints, file shares, and engineering systems.
This allowed data to be classified so controls could be applied based on sensitivity rather than uniformly.
S/02

Targeted DLP and Access Controls

DLP controls and role-based access for the most sensitive material — proportionate, not blunt.

We designed and deployed Data-Loss-Prevention (DLP) controls governing removable media, cloud uploads, email, and printing specifically for the most sensitive material.
Access was also tightened so engineers and third parties could only reach what their specific roles required.
S/03

Automated Export-Control Handling

Handling rules built directly into the policy set — any movement of EU Dual-Use or ITAR/EAR data triggers the right controls automatically.

Export-control handling rules were built directly into the policy set.
Any movement of EU Dual-Use or ITAR/EAR-relevant data automatically triggered the appropriate security controls.
S/04

Insider-Threat Detection

Detection mechanisms for the behaviors that typically precede data loss, paired with a compliant investigation process.

Established detection mechanisms for the behaviors that typically precede data loss — unusual access, bulk copying, and anomalous egress.
Paired with a legally compliant investigation and response process that respects employee privacy while still being effective.
[05]Results Achieved

From blind to audit-ready in a single program

The data protection program successfully transformed the client's security posture — across visibility, controls, and compliance evidence.

R/01
Authoritative data map

The client received its first authoritative map of where sensitive and export-controlled technical data resided across endpoints and engineering systems.

R/02
Proportionate security measures

By calibrating DLP and access controls to data classification, the organization successfully constrained risky egress channels without applying blunt, productivity-killing blocks.

R/03
Policy-driven compliance

The handling of regulated technical data became governed strictly by automated policy, completely removing the reliance on individual employee judgment.

R/04
Proactive threat response

The new detection protocols allowed the organization to spot the access and egress behaviors that precede data loss before exfiltration occurs.

[06]Technology & Team

Defense-grade insider risk and data protection

A stack chosen for defense contexts — Tanium for estate-wide endpoint visibility, DLP tooling, and a policy layer aligned to the relevant regulatory frameworks.

Technology Stack
Tanium (Endpoint Management)Data-Loss-Prevention (DLP)Anomaly DetectionISO/IEC 27001NIST SP 800-171EU Dual-Use Regulation 2021/821ITAR / EAR ComplianceRole-Based Access Control (RBAC)
Team Composition
Cybersecurity SpecialistsEndpoint Management EngineersData Protection EngineersInsider-Threat Mitigation ExpertsDefense Export-Control Specialists
[07]Conclusion

When data sovereignty is mission-critical

A defense prime holding export-controlled technical data cannot rely on hope. By building an authoritative map of where sensitive data lived, applying classification-based DLP, and detecting the behaviors that precede exfiltration, we transformed this client from operating blind to operating with documented, auditable controls.

The entire program was built against ISO/IEC 27001 and NIST SP 800-171, producing the exact evidence needed to present to regulators, prime-contractor security reviews, and internal stakeholders. For any organization holding sensitive technical data under export-control frameworks, this is what proportionate, audit-ready data protection looks like.