Case Studies

Detmold Uplifts Security Footprint on Modernisation Journey Across 17 Countries

Wednesday, May 11, 2022

Global manufacturing giant, Detmold Group, recently shifted gears and embarked on a new and daring mission to adopt a managed security service offering and uplift the entire security posture across the multi-regional organisation, operating in 17 countries.

“In light of changing dynamics and threats in the IT security landscape, we decided to embark on a more modernised approach to cyber threat mitigation – and my first port of call to assist with that process was Somerville,” according to Mark Render, General Manager - Technology at Detmold Group, who said the outsourcing partnership with IT service provider, Somerville, is guiding Detmold through its modernisation journey.
“It’s a huge investment for an organisation to make to uplift its security portfolio,” Mark said, explaining the company adopted Sophos MTR, Managed Threat Response technology, after lengthy deliberation with Somerville.

So, what’s in action? For endpoint protection, the company adopted 1,000 Sophos Central Intercept X Advanced with XDR and MTR Advanced solutions. On the server side, it adopted 100 Sophos Central Intercept X Advanced for Server with XDR and MTR Advanced solutions.

“It represents one of the largest software purchases outside of Microsoft licensing for the organisation,” said Render.

Established in 1948, the Detmold Group is an Australian family-owned and operated business, supplying some of the world’s largest and most iconic food and retail brands including McDonalds, Hungry Jacks, Subway, Coles, Woolworths and Jurlique.

Indeed, it’s a big move for the international manufacturing player and comes amid a rethink of priorities and security measures due to the raging global pandemic, and a growing recognition that the organisation needed to batten down the hatches - and fast.

“When COVID hit the world, everyone’s way of working literally shifted overnight. We had to facilitate more remote working, and more collaboration utilities. The security tools in place at the time, and our security environment, didn’t support us in the way that would make us feel comfortable,” Render said, admitting he had more risk than ever before to contend with.
“You’re allowing people to use their own home devices, more BYOD, there’s a lot more people dialling in over VPN – you name it. You have people connecting into your network from uncontrolled environments - all of this brings with it a heightened level of risk and concern.”
In fact, it required a re-evaluation of security processes and measures, Render explained.
“We were forced to consider what our security footprint actually looked like – and whether it was supportive of modern standards, approaches and techniques. And it genuinely wasn’t - so we decided to align ourselves to a modernised security framework, and to the ACSC (Australian Cyber Security Centre) Essential 8.”
‘Now, with Sophos MTR onboard, Render said the company has clinched a few pillars including: application control, application patching, application hardening, office macro control as well as enhancing end point and web security. What’s more, Sophos MTR is offering much needed peace of mind as it combines malicious traffic detection with real-time threat intelligence in a bid to prevent, detect and remediate threats with ease and efficiency.
“There are eight pillars to help you achieve these securities standards and Sophos helped us achieve four of them (contributing to the uplift of three more) in one product.”
And there’s lots at stake. Render said the latest security move is all part of a larger IT modernisation and transformational push - and uplifting the security posture was no small measure.
“We have challenges around geographic location. We’re 11 people in a team supporting 3,000 people across 17 countries. But it’s a constant battle ensuring the entire network is part of the global solution, and not operating in individual siloes.

But being prepared is not just a boy scout’s motto, but ‘life or death’ in the world of security – and Detmold needed greater insights.

“One of the worst things about looking at IT security is you don’t know what you don’t know. But now we know. There’s always that concern that if something malicious gets into your environment, and if you’re in a small IT team, then you need to know, ‘Are we able to react quick enough to prevent the spread of that malicious activity from causing real harm?’”

But already, Detmold is kicking goals thanks to the technology partnership with Somerville, which helped them to manoeuvre complex vendor relationships, master and secure appropriate pricing, match-fit solutions to Detmold’s unique business needs and requirements, and ultimately stay on course.

“It’s crucial you have a partner that can ground you and bring you back to what’s actually important, rather than get side-tracked and focus on mundane details. Somerville reminded us of the criteria we were looking for - and came up with a solution to meet them,” Render said.
“They helped put together the business case, the ROI proposals and helped with the negotiation with the vendor on the solutions to ensure we were paying the best price for the solution we were looking for.”
Thanks to all of these efforts, Render said the company now has enhanced security, which was always the primary goal, but also complete visibility and total control over the IT infrastructure.

 

Scoring Wins

“We’re now able to see better, have more control and visibility across our environment, and have added peace of mind with things like application whitelisting.” The IT team can also crank up its testing performance, deploy security patches more rapidly, enhance its user support, and “know each and every nuance” of the user’s experience. In fact, knowing the environment is secure - and outsourced - gives Detmold, and the IT team, peace of mind, and a “good night’s sleep,” Render admitted. “Having the service outsourced means it’s now the responsibility of a specialised security organisation that’s geared up and set up to run this 24/7, and 365 days a year. That alone is worth its weight in gold.”

And Detmold isn’t alone in its pursuit of security enhancements and a wider IT modernisation push across manufacturing – and seeking guidance from an IT service provider to meet and address ever-changing needs, according to Craig Somerville, Somerville Chief Executive Officer.

“Similar to healthcare, security threats and attacks are on the rise in the manufacturing industry; therefore, companies need to take proper steps and procedures to mitigate the risks and help secure company-wide operations,” Somerville said. “Detmold, in particular, recognises the value of a managed security offering, which not only provides threat hunting, detection and response service (even fusing machine learning with human analysis for an evolved approach to proactive security protection), but also plays a critical role in protecting the manufacturer’s entire IT infrastructure.”

Next on The Horizon

So, what’s next on the agenda for this multinational manufacturing player? Render said the company is on a growth agenda for the next three years - and the latest managed security initiative means the company can reach these and other goals with a renewed confidence in its IT operations and a proper security foundation in place. “We’re hoping to double our revenue stream within three years. Realistically, we could do more than that - and this type of project will help build the confidence we can do that. Certainly, from an IT perspective, this project shows we can support the company to achieve that objective.” And while the most recent managed security service adoption isn’t the largest project in the company’s history, it ranks high in terms of impact and significance, Render explained. “It’s not the largest project that we’ve had within the organisation, but it’s one of those projects that has garnered lots of attention and visibility. Not to mention, the IT team now has confidence to deliver on other large- scale projects. “Now that’s a win in my book.”