The Challenge
As a leading national housebuilder with a large and very mobile IT estate, this organization has the potential to be an attractive target to cybercriminals. The dispersed nature of the company’s workforce means that it relies heavily on carefully selected cloud services to enable and facilitate employee and subcontractor access to systems and data, both in the office and whilst in the field.
Security logs were not being consistently captured, analyzed and correlated, leaving the organization at risk of attacks without any visibility of them . There were also concerns about whether the business was doing enough to satisfy the requirements of the GDPR and PCI DSS.
The organization needed a security capability that would enable it to effectively monitor and protect important data and assets, 24/7/365. But the company’s Head of Technology and Cybersecurity knew its small team lacked the resources to build this capability in-house—they needed a security partner to provide support and expertise.
“As an organization using digital technologies to support the development, delivery, support and sale of our homes, we recognized that we needed a more cohesive solution and strategically aligned partner to help us deliver the majority of the required cybersecurity operations effectively.” – Head of Technology and Cybersecurity, housebuilding company
“We now know we’ve got eyes on our critical assets and that those events are being looked at, scrutinized, triaged and qualified as legitimate or false positives. That is night and day in contrast with where we were before our relationship with Kroll.” – Head of Technology and Cybersecurity, housebuilding company
Kroll's Solution
After a rigorous tendering process, the homebuilder selected Kroll as its cyber security partner. It did so in recognition of the fact that Kroll demonstrated a clear understanding of its needs and offered a set of well-integrated and expertly supported tools to address them.
Kroll Responder, Kroll’s award-winning managed detection and response (MDR) service, supplies the people, technology and intelligence needed to quickly identify and respond to current and emerging cyber threats. Kroll Responder provides extensive visibility across the company’s infrastructure and, in doing so, reduces its mean time to detect and mean time to respond to threats. Kroll Responder’s global security operations centres (SOCs) operate as a virtual extension of the organization, providing notification of genuine incidents and actionable mitigation guidance to help respond swiftly and effectively to them.
The company’s Head of Technology and Cybersecurity says: “Kroll’s excellent alignment to a cloud-first ethos matches ours perfectly and is ideal for our highly mobile workforce. The scalability and reliability of Kroll’s service gives us the confidence that our cybersecurity is being maintained very effectively and will support the growth of the business. Our expectations and needs have been met exactly, and this is true from the first stage of engaging with the team at Kroll as a potential partner, through to onboarding and now on an ongoing operational basis.”
The Impact
Validated Security Alerts
While the organization had already implemented several initial capabilities to help prevent cyberattacks, it wanted to elevate its cyber security maturity by enhancing its ability to proactively monitor for threats capable of evading these controls. In an average month, security events across the company’s infrastructure generate hundreds of security alerts. Without Kroll Responder, the team would not have the time to investigate, analyze and triage all of these alerts to validate whether they are genuine and require a response. The business now has the assurance that its infrastructure, including over 1,100 endpoint devices, and its corporate website are being constantly monitored, and when its team receives notification of incidents, they are ones which genuinely require attention.
Actionable Outcomes
Kroll provides the insight and mitigation guidance the team needs to be able to quickly detect and respond to incidents. Incident information is shared securely via Kroll’s Redscan threat management platform. When an incident is raised by Kroll’s global security operations centres (SOCs) , the company’s cyber security team receives a notification and a prompt to log into the Redscan threat management platform to view information about the incident, its possible risk to the business, and actionable advice about how to respond to it. The company is now confident that if an attack does occur, it will be in a position to act quickly and effectively.
Extensive Visibility
To enhance threat coverage and visibility across its network, Kroll Responder integrates with the company’s Microsoft 365, Cisco Meraki, Cisco Umbrella, Cradlepoint NetCloud, Fortinet FortiGate (firewall) and SpyCloud (dark web monitoring solution) solutions. Internal and external vulnerability scanning is also conducted as part of the service; these scans help the business proactively identify and address vulnerabilities across its infrastructure.
Swift Service Deployment
By choosing Kroll Responder, the company has been able to quickly level up its security capabilities. A smooth and efficient onboarding process means that Kroll Responder took less than two months to deploy, decreasing the time that the organization has taken to see value, and all without any disruption to the business.
Exceptional Service
The organization values the high-quality service it receives from Kroll. In a customer service survey, the company awarded Kroll 10 out of 10 for speed of response to incidents, quality of advice and the high standard to which Kroll responds to its needs.
Improved Situational Awareness
As well as security insights provided through Kroll’s Redscan threat management platform, the team receives monthly service reports and weekly Threat Intelligence updates . These help enhance situational awareness and ensure that security risks are communicated to key stakeholders across the business. The team also benefits from regular service reviews with a dedicated programme manager.
“Thanks to Kroll, we’re in an infinitely better place now. We have got more visibility than we ever had, and critically, in all the right places. I can now sleep easy knowing that Kroll’s expertise is protecting our business.” – Head of Technology and Cybersecurity, housebuilding company
Learn more about Kroll Responder, our Managed Detection and Response solution.