Catch Advisors
Healthcare

Pharmaceutical Company MSP Exit and SASE Transformation

100% remediated
Firewall Vulnerabilities
Terminated
MSP Contract
Full SASE
Network Architecture
Services: CybersecurityNetworking & ConnectivityUnified CommunicationsCloud Migration

The Challenge

CarieBoyd, a pharmaceutical company in Dallas, was locked into a contract with a national managed service provider (MSP) that had been neglecting their environment for months. During our initial assessment, we discovered that the Fortinet firewalls across all of their locations had not been updated in over 9 months. No firmware patches, no signature updates, no configuration reviews. It was a security nightmare.

The MSP had essentially been collecting a monthly fee while leaving the company exposed to known vulnerabilities, some of which had active exploits in the wild. For a pharmaceutical company handling sensitive formulation data, patient information, and regulatory compliance requirements, this was an unacceptable risk.

Key pain points included:

  • Fortinet firewalls unpatched for 9+ months with known critical vulnerabilities left exposed
  • No proactive monitoring or maintenance from the incumbent MSP despite contractual obligations
  • Microsoft 365 managed externally with the MSP controlling admin access and billing
  • No business continuity or disaster recovery plan in place
  • Legacy on-premises phone system that did not support their distributed workforce
  • No endpoint protection beyond basic antivirus on a handful of machines
  • Zero network segmentation between office locations

Our Approach

This engagement required both urgency and precision. We needed to get the company out of a bad MSP relationship, remediate critical security gaps, and build a modern infrastructure, all without disrupting daily operations.

Phase 1: MSP Exit and Immediate Remediation (Weeks 1-4)

We documented the MSP’s failures, including the 9-month gap in firewall updates, lack of monitoring evidence, and unresponsive support tickets. Using this documentation, we helped the company negotiate an exit from their MSP contract.

Simultaneously, we performed emergency patching on all Fortinet firewalls, closing critical vulnerabilities and updating threat signatures. We also began the process of migrating Microsoft 365 administration in-house, transferring full admin control back to the company’s IT team so they were no longer dependent on a third party for basic operations.

Phase 2: SASE Network and Security (Weeks 4-10)

With the immediate fires put out, we designed and deployed a CATO Networks SASE solution across all of the company’s locations. CATO provided a unified platform combining SD-WAN connectivity, cloud-native firewall, and Zero Trust Network Access (ZTNA) in a single architecture.

Every location was connected through CATO’s global backbone with built-in redundancy and encryption. Endpoint protection was enabled for all devices through CATO’s agent, providing both secure connectivity and threat prevention regardless of where employees were working. ZTNA replaced the legacy VPN approach, giving users application-level access based on identity and device posture rather than broad network access.

Phase 3: UCaaS and BCDR (Weeks 8-14)

We migrated the company from their on-premises phone system to Dialpad, a cloud-native UCaaS platform with AI-powered features including real-time transcription, call summaries, and coaching. The migration covered all locations and remote workers.

For business continuity and disaster recovery, we deployed Datto’s BCDR platform with integrated ransomware detection. Datto provided automated backup and recovery for critical systems with the ability to spin up virtual instances within minutes of a failure or attack. The ransomware detection layer added an early warning system that would alert the team if backup data showed signs of encryption or tampering.

Results

The transformation took the company from a neglected, high-risk environment to a modern, secure, and resilient infrastructure:

  • 100% of firewall vulnerabilities remediated within the first 2 weeks
  • MSP contract terminated with documented evidence of negligence and failure to perform
  • Microsoft 365 administration brought in-house eliminating dependency on a third-party MSP
  • Full SASE deployment via CATO Networks with SD-WAN, cloud firewall, and ZTNA across all locations
  • Endpoint protection enabled on every device through CATO’s unified agent
  • Dialpad UCaaS deployed with AI-powered transcription and call intelligence
  • Datto BCDR implemented with automated backup, instant recovery, and ransomware detection
  • Zero Trust access model replacing legacy VPN with identity-based, application-level controls

Client Feedback

“We had no idea how badly our MSP was failing us until Catch Advisors showed us what 9 months of neglect looked like on our firewalls. They got us out of that contract, fixed the immediate risks, and built us an entirely new infrastructure that is more secure, more reliable, and actually managed properly. The CATO network and Datto backup give us confidence we never had before.”

  • Shaun Rohde, IT Director, CarieBoyd

Solutions Deployed

Cybersecurity
Networking & Connectivity
Unified Communications
Cloud

Platforms Deployed

Cato Networks Cato Networks
Dialpad Dialpad
Datto Datto