+880 1700 000 000 hello@nexora.io
24/7 SOC Operational Client Portal EN ▾
NEXORAENTERPRISE IT
Book a Consultation Get a Quote
— PROVEN OUTCOMES

Real projects. Named clients.
Verified results.

Every case study on this page is a live client reference. Outcomes are independently verifiable, architects are named, and the technical approach is documented — because we believe proof should be specific, not aspirational.

Filter by sector:
47Published case studies
200+Completed engagements
0Failed deployments on record
100%On-time delivery rate (last 36mo)
99.99% Average infrastructure uptime // Rolling 12 months, all managed clients
74% Avg compliance scope reduction // Post-segmentation, PCI & HIPAA projects
0 Data breaches across client base // All-time across all managed environments
14min Mean time to detect and respond // SOC 30-day rolling average
— FEATURED CASE STUDY
Most requested reference
APEX BANK CORE NETWORK
Featured · Banking & Financial Services
FINANCIAL SERVICES CYBERSECURITY NETWORKING DATA CENTER
99.999% Core uptime
−87% Incident response time
$4.2M Breach cost avoidance
Apex Commercial Bank · 11-month engagement

Re-architecting a national core network with zero-downtime cutover across 84 branches

Apex Bank's legacy flat network was failing PCI QSA reviews for the third consecutive year and couldn't sustain the failover SLA demanded by their new core banking platform. Nexora designed and delivered a full stack replacement — active-active data centres, SD-WAN across 84 branches, NGFW with microsegmentation, CrowdStrike EDR, and a 24/7 SOC integration — without a single hour of unplanned downtime during the 11-month cutover.

Active-active data centre design — Dell VxRail, Cisco ACI, <18s failover RTO tested quarterly
84-site SD-WAN rollout — Fortinet, QoS-guaranteed banking lanes, single-pane NOC
PCI DSS v4.0 microsegmentation — CDE scope reduced from 1,200 to 314 systems
CrowdStrike EDR + Splunk SIEM — 24/7 SOC integration, 15-minute response SLA
RH

"Nexora passed our PCI QSA review on first attempt — after two previous integrators couldn't. The difference was they designed to the standard rather than around it."

Rashed Hossain
CTO, Apex Commercial Bank
Read full case study
11-month engagement · 84 sites · 2024–2025
— ALL CASE STUDIES
Showing 9 of 47 engagements
Sort by:
Banking 11 months
99.999%Uptime
−87%IR time
$4.2MBreach avoidance

Apex Bank: Core network re-architecture with zero-downtime cutover across 84 branches

Full-stack replacement — active-active DC, SD-WAN, NGFW microsegmentation, EDR, and 24/7 SOC — without a single hour of unplanned downtime during the 11-month programme.

Apex Commercial Bank
Read
Manufacturing 8 months
3,400+IIoT sensors
<4hIncident RTO
ZeroProduction loss

Bashundhara Industrial: OT/IT convergence and IEC 62443 segmentation across 6 factories

Purdue model OT/IT segmentation, IIoT mesh deployment, and OT-aware firewalling across six manufacturing plants — including live cutover with no production downtime.

Bashundhara Industrial
Read
Healthcare 5 months
99.97%Clinical WiFi
ZeroPHI incidents
6Segments

National Diagnostic Network: HIPAA-compliant network redesign across 14 hospitals

Clinical WiFi 6E design, medical device NAC isolation, ePHI segmentation, and ransomware-resistant backup — first HIPAA technical safeguard pass in four years.

National Diagnostic Network
Read
Telecom & ISP 6 months
380GbpsAttack mitigated
<5sDDoS diversion
ZeroCustomer impact

Regional ISP: Carrier-grade backbone redesign with anycast DDoS scrubbing centre

100G/400G spine-leaf rebuild, anycast scrubbing centre commissioning, RPKI/MANRS routing hygiene — first 380Gbps attack absorbed without a single customer complaint.

Regional ISP, Bangladesh
Read
Government 9 months
ZeroAudit findings
100%MFA coverage
MLSClassification

Ministry of Finance: Air-gapped classified network with sovereign data residency

Full air-gap design, multi-level security classification, sovereign cloud architecture, and DLP enforcement — two independent security audits returned zero findings.

Ministry of Finance (Undisclosed)
Read
Retail 7 months
120Stores managed
4Audit findings (from 40+)
<2msPOS latency

National Retail Group: PCI-compliant SD-WAN and POS segmentation across 120 stores

Multi-site SD-WAN, POS micro-segmentation, centralised VMS CCTV with AI analytics — PCI audit findings dropped from 40+ to 4 in a single cycle.

National Retail Group
Read
Energy & Utilities 12 months
ZeroSubstation downtime
NERC CIPCompliant
14,820Meters secured

National Power Authority: NERC CIP compliance and substation DMZ across 42 substations

IEC 61850-aware communications, substation DMZ design, smart grid MPLS backbone, and SCADA security — full NERC CIP compliance achieved without a single substation going dark.

National Power Distribution Authority
Read
Education 4 months
8,251Connected devices
Capacity increase
99.96%WiFi uptime

Private University Dhaka: Wi-Fi 6E campus rollout with 5-segment identity-based access

Juniper Mist Wi-Fi 6E, ClearPass NAC, per-SSID DNS filtering, and research VLAN isolation — supporting 8,251 concurrent devices with a 4× capacity increase from the legacy system.

Private University, Dhaka
Read
Banking · Cloud 6 months
−27%Cloud cost YOY
IaC100% of envs
ZeroCompliance gaps

Gulf Commercial Bank: Multi-cloud migration with FinOps and sovereign compliance

AWS/Azure multi-cloud landing zone, IaC pipeline, CSPM implementation, and FinOps programme — 27% cloud cost reduction in year one with zero regulatory compliance gaps.

Gulf Commercial Bank, Dubai
Read
01 / 03 Banking & Financial Services

Apex Bank: 11 months, 84 branches, zero unplanned downtime

The brief: Replace a decade-old flat network — failing PCI QSA for three consecutive years — with a microsegmented, active-active architecture without disrupting 24/7 banking operations across Bangladesh.

Apex had already tried twice with other integrators. Both attempts stalled in the design phase when the scope of cutover risk became clear. Nexora assigned a primary architect and a dedicated cutover engineer, designed the phased migration with per-branch rollback runbooks, and executed the 84-site cutover over 11 months with a 100% on-time branch record.

Active-active data centres — Dell VxRail, Cisco ACI fabric, Veeam immutable backup, <18s failover tested quarterly
84-branch SD-WAN — Fortinet FMG-managed, QoS-guaranteed core banking lanes, single-pane NOC visibility
PCI DSS v4.0 microsegmentation — CDE scope reduced from 1,200 to 314 systems; zero QSA findings on first review
CrowdStrike Falcon + Splunk SIEM — 24/7 SOC integration, mean detection time reduced from 4h to 14min
CyberArk PAM — 100% privileged session logging; SWIFT CSP 32/33 mandatory controls achieved
99.999%Core uptime
−87%IR response time
−74%PCI scope
$4.2MBreach avoidance

"We had tried twice before. Nexora was the only team that came in with a phased cutover plan that the board actually understood — and then executed it exactly as written. First PCI QSA pass in four years."

Rashed Hossain
CTO, Apex Commercial Bank
Cisco ACIDell VxRailFortinet SD-WANPalo Alto NGFWCrowdStrike FalconCyberArk PAMSplunk SIEMVeeam Backup
Start a similar project Banking solutions overview
// apex.deployment.timeline
Completed
Wk 1–4
Discovery & current-state audit — network, security posture, PCI scope baseline
Wk 5–10
Architecture design, BoM, per-branch rollback runbooks — board sign-off
Wk 11–18
Data centre build: Cisco ACI, Dell VxRail, Palo Alto NGFW, failover testing
Wk 19–34
SD-WAN rollout: 84 branches, 6 branches/week, QoS validation at each site
Wk 35–40
EDR, SIEM, PAM integration — SOC handover and live monitoring activation
Wk 41–44
PCI QSA audit — zero findings. Project closed on time and under budget.
84Sites migrated
0Unplanned outages
On timeDelivery
// apex.soc.metrics
Live
Detection coverage
99%
MTTD improvement
−87%
PCI scope reduction
−74%
PAM session logging
100%
SWIFT controls passed
32/33
14minAvg MTTD
ZeroQSA findings
24/7SOC coverage
// bashundhara.ot.monitoring
All plants operational
06:14:02DONEPlant A — OT segmentation verified, Purdue L0–L4 intact
06:14:19DONE3,412 IIoT sensors reporting normally across 6 factories
06:15:08ACTIVEDragos Platform — 0 anomalies in last 24h
06:15:44DONEVendor VPN session recorded, auto-expired after 2h
06:16:12DONEPredictive maintenance alert dispatched — conveyor bearing Plant C
06:16:33ACTIVEModbus/DNP3 inspection enabled — all 6 PLC zones scanned
6Factories
3,412IIoT sensors
ZeroProduction loss
// purdue.zone.status
All zones enforced
L4–5 Enterprise IT
Secure
L3 Operations
Secure
L2 Control (SCADA)
Secure
L0–1 Field / PLCs
Secure
IT↔OT flat paths
Zero
IEC 62443Compliant
<4hIncident RTO
4Purdue levels
02 / 03 Manufacturing & Industrial

Bashundhara Industrial: OT/IT convergence across 6 factories — live cutover, zero production loss

The brief: Converge OT and IT networks across 6 factories without a single production line stoppage, apply IEC 62443 controls to legacy PLCs that cannot be patched, and deploy 3,400+ IIoT sensors for predictive maintenance.

Bashundhara's factories were running on completely flat networks — a corporate engineer's laptop could reach a PLC directly. When a phishing email hit a factory manager's machine in 2023, Nexora was called in post-incident. The re-architecture was completed in 8 months with a sequenced cutover plan that kept all six production lines running throughout.

Purdue model segmentation — L0 through L4/5, OT-DMZ between SCADA and IT, zero flat IT↔OT paths remaining
Fortinet FortiGate-OT NGFW — Modbus and DNP3 deep inspection, allowlisted per PLC zone
3,412 IIoT sensors deployed — dedicated VLAN, Dragos Platform anomaly detection, predictive maintenance pipeline
CyberArk jump server — time-limited vendor sessions, full recording, automatic expiry
OT incident response playbook — 6h RTO tested at commissioning; ransomware attempt 6 months post-go-live contained in 4h
ZeroProduction downtime
<4hIncident containment
3,412IIoT sensors live
IEC 62443Certified

"A ransomware attempt hit us 6 months after go-live. Because Nexora had segmented our OT environment and written the runbook, our team contained it in under 4 hours — without stopping a single production line. That ROI calculation is easy."

Salim Mahmud
Head of IT, Bashundhara Industrial Group
Claroty OT SecurityFortinet FortiGate-OTCisco IE SeriesCyberArk PAMDragos PlatformVeeam Air-gapped
Start an OT security project Manufacturing solutions
03 / 03 Healthcare

National Diagnostic Network: Clinical-grade WiFi 6E and HIPAA segmentation across 14 hospitals

The brief: Redesign the network across 14 hospitals — separating clinical devices, EMR systems, guest WiFi, and biomedical IoT into isolated segments — while achieving 99.97%+ clinical WiFi uptime that cardiology and radiology departments depend on.

NDN had failed their HIPAA technical safeguard assessment for four consecutive years due to flat network topology — imaging servers, patient WiFi, and staff machines were all on the same VLAN. The redesign required Ekahau-validated RF planning across 14 different hospital floor plans, live cutover without interrupting ICU or theatre WiFi, and immutable backup architecture resistant to the healthcare-targeted ransomware campaigns active in the region.

Ekahau Wi-Fi 6E design — 14 hospital floor plans surveyed, predictive + post-installation validation, clinical-grade coverage confirmed
6-segment network architecture — clinical, staff, biomedical IoT, imaging, guest, and management — all isolated at VLAN and firewall level
Aruba ClearPass NAC — device fingerprinting and identity-based VLAN assignment for all medical devices
Cohesity immutable backup — 3-2-1 architecture, 4h RTO, 15min RPO; air-gapped off-site copy for ransomware resilience
DICOM/HL7-aware firewall rules — TLS 1.3 enforced on all ePHI flows; first HIPAA technical safeguard pass in 4 years
99.97%Clinical WiFi uptime
ZeroPHI incidents
4hEMR recovery RTO
PassHIPAA audit (first time in 4yr)

"Our radiologists finally stopped escalating WiFi complaints. And for the first time in four years, we passed our HIPAA technical safeguard review without a single finding on network segmentation. That's what purpose-built clinical infrastructure looks like."

Dr. Anika Khan
CIO, National Diagnostic Network
Aruba ClearPass NACCisco Meraki MR WiFi 6EFortinet NGFWCohesity DataProtectSentinelOne EDRMicrosoft Sentinel
Start your healthcare project Healthcare solutions
// ndn.hipaa.compliance
Audit-ready
ePHI encrypted (TLS1.3)
100%
Device NAC enrolled
98%
Clinical WiFi uptime
99.97%
Backup recovery tested
Quarterly
HIPAA controls passed
All 18
14Hospitals
6Segments
ZeroPHI events
// ndn.network.segments
All VLANs active
VLAN10OKClinical — 2,841 devices, TLS 1.3 enforced
VLAN20OKStaff — 1,204 devices, AD-authenticated
VLAN30OKBiomedical IoT — 892 devices, NAC-enforced
VLAN40OKImaging (DICOM/HL7) — 340 devices, isolated
VLAN50OKPatient Guest — internet-only, no LAN reach
VLAN60MGMTManagement — jump server only, 2FA required
5,277Total devices
TLS 1.3All ePHI flows
HIPAAPass
— AGGREGATE OUTCOMES

Across 200+ engagements, the numbers are consistent.

99.99% Average uptime SLA across managed infrastructure // 12-month rolling, all active clients
−74% Average compliance scope reduction post-segmentation // PCI, HIPAA, and ISO 27001 engagements
0 Data breaches across the managed client base // All-time. Verifiable on request.
100% On-time delivery rate over the last 36 months // Across 47 completed engagements
— YOUR PROJECT NEXT

Every case study started
with a 30-minute discovery call.

Tell us about your environment, your compliance obligations, and your biggest infrastructure concern. We'll respond within 48 hours with a named engineer — not an account manager — and a written perspective within a week.

Book a discovery call Explore our services
48hResponse SLA
FreeFirst consultation
NDAAvailable on request