Case Study

Waverley Borough Council

Located in the south of England Waverley Borough Council supports over 123,000 citizens. with assets of over 553 million GBP and an annual income of 73 million GBP, the Waverley Borough Council employs 450 staff, manages 4,800 “council houses,” and manages a full time pension fund. protecting the personal data and information of the citizens who live in the borough is one of the council’s top priorities.


2020 was a brutal year for cyber attacks and ransomware as cyber criminals expanded their focus to include government organisations and local authorities. The objectives are well known, blackmailing victims with the threat of public leakage of exfiltrated data and paralysing critical systems and infrastructure for weeks on end.

In October, Hackney Borough Council became a victim of a cyber attack and the UK central government communicated to all local authorities, warning that they review their security posture immediately and take steps ensure that they are effective.

Waverley Borough Council took these warnings seriously and working with trusted partner Click26, reviewed their security systems and policies. This review found that Waverley had a solid layered cyber security defense program; good firewall and endpoint security and well-defined cybersecurity awareness training. But the review did find one area where defenses needed improvement, Waverley lacked visibility into their network assets and associated risks. This visibility gap left the council’s IT infrastructure and digital assets vulnerable to ransomware, unauthorised web and DNS activities, lateral movement, and data exfiltration. Improving network visibility and defense would add an additional layer of protection to Waverley’s already strong defensive architecture. But Waverley Borough Council had to solve this network security challenge with limited budget, and no ability to add headcount to an already very busy IT Team.


  • Understand their network and define where sensitive data was located.
  • Correlate and authorise security policies that protect their sensitive data and align to their security framework.
  • Automatically learn “normal” network activity and surface any potential threats.
  • Automate prioritised alerting of suspicious behaviour without the need for additional resource in the team.
  • Improve their ability to mitigate the threat of ransomware attack.
  • Continually monitor and measure how existing security tools and policies are performing.


  • Accurately mapped all network resources and all identified “unknown” systems. Identified, categorised and labeled sensitive assets on the network.
  • Enabled a continual monitoring process that watches network traffic, IT systems and endpoint systems for risks and threats.
  • Deployed security policies that expanded the Council’s security framework to cover ransomware attacks. Risky network behaviours – including those indicative of ransomware attacks – are automatically identified and alerts are sent to the IT team 24X7.
  • AI is successfully used to prioritise alerts and focus the small IT team on the threats that pose the greatest risk to sensitive data.
  • Produce consistent, easily digested executive reports demonstrating improved security posture and effectiveness of their technology investments.


Click26 turned to Nominet’s cyber security division, and its cloud based, AI driven Network Defence as a Service (NDaaS) solution. NDaaS was a perfect fit for Waverley Borough Council. It met all of the project objectives including visibility of assets and risk on the network, network based threat detection, continual monitoring, and automated detection and response, but most importantly, it required no new hardware and no new headcount.

Full size CyGlass architecture diagram



Visibility across network and cloud, identify rogue assets and abnormal, risky activities


Detects anomalies caused by Ransomware, Insider Threat and other advanced threats

Money icon

Easy to install – no additional hardware, software or people