Case Study: Rebuilding Security Posture for a Regional Casino Operator
Industry: Gaming and Hospitality
Engagement: Cybersecurity Remediation and Infrastructure Hardening
The Challenge
A mid-size regional casino operating a full floor of Class III gaming machines engaged Doradus Labs after experiencing repeated security incidents over an eighteen-month period. The events ranged from credential compromise on administrative accounts to lateral movement attempts originating from network segments that should not have had unrestricted access to gaming infrastructure. Internal IT staff had performed reactive cleanup after each incident, but the conditions that allowed the breaches to occur had not been resolved.
A preliminary assessment by Doradus Labs identified five structural issues: administrative accounts protected only by passwords, a perimeter firewall approaching end of life with overgrown rule sets, inconsistent endpoint protection with no centralized visibility, flat network segmentation allowing east-west traffic to floor-side gaming systems, and no formal incident response procedure.
The Approach
Doradus Labs designed a four-phase remediation program built on the principle that durable security requires coordinated changes across identity, perimeter, endpoint, and process, rather than isolated upgrades to any single layer.
Identity hardening came first. YubiKey hardware tokens were deployed for all administrative, surveillance, and finance personnel, with on-site enrollment completed over a two-day window to minimize operational impact. The aging firewall was then replaced with a Palo Alto Networks next-generation platform, and the rule set was rebuilt from a documented baseline rather than migrated, removing years of accumulated permissive rules. New segmentation policies separated user, surveillance, gaming, and management traffic. A centralized endpoint protection platform was rolled out across all servers and workstations, replacing the patchwork of consumer-grade and lapsed enterprise agents already in place. The technical work was paired with documentation deliverables: an updated network diagram, a current asset inventory, a written incident response procedure, and a quarterly review cadence.
The Results
In the twelve months following the engagement, the property reported no successful intrusions and no credential compromise events. The new endpoint platform identified and contained two attempted infections at the workstation layer before either could spread, both of which the previous environment would almost certainly have missed.
Cyber insurance renewal premiums were reduced at the next renewal cycle, with the underwriter specifically citing the documented controls and authentication posture as factors in the revised rating. Operationally, centralized endpoint visibility reduced the time IT staff spent investigating routine alerts, the rebuilt firewall rule set made future policy changes faster and less error-prone, and the documented incident response procedure gave floor and finance leadership a clear understanding of how the property would respond if an event did occur.
About Doradus Labs
Doradus Labs delivers managed IT, cybersecurity, and intelligent video analytics services to gaming operators and other high-availability environments. Our work focuses on enhancing the systems clients already rely on, eliminating unnecessary disruption while improving visibility, resilience, and the ability to anticipate evolving threats.