The payment and debit-card processing leader standardized on Google's G Suite, but struggled to achieve PCI compliance for its auditors. With a mix of regular employees and contractors, managed and BYOD mobiles and laptops, as well as a geographically distributed work force proved challenging when it came to achieving PCI compliance. The compliance team wanted to restrict contractors to browser access and only on the corporate network, whilst allowing regular employees full access on managed devices and corporate networks, but restricted access on BYOD.

The global arms manufacturer, based in the United States, faced a significant challenge in securing BYOD access to corporate productivity applications. The company, which supplies products to thousands of military and law-enforcement organizations worldwide, had previously attempted a Mobile Device Management (MDM) deployment. However, the MDM solution proved unsuitable for a wide range of BYOD devices. The global distribution of the company's employees made supporting MDM on BYOD very expensive. Moreover, many employees rejected the idea of installing MDM agents that controlled their devices and potentially threatened their privacy. This unsuccessful deployment of MDM resulted in lost productivity for the firm. The IT security team commenced a search for an agentless SaaS solution for mobile security.

REA Group, a multinational digital advertising company specializing in real estate, was facing challenges in discovering and monitoring cloud usage in an open cloud environment and blocking high-risk sites and services. They needed to securely roll out sanctioned collaboration tools like Box to a global workforce. The company also aimed to deliver on security roadmaps while meeting the four pillars of REA Group’s technology strategy. As a cloud-first organization with 90% of its systems being SaaS based, the IT team at REA Group developed two parallel roadmaps for their technology and security teams that suited REA Group’s open technology culture and met the four pillars of its technology strategy: discovery, reporting, risk assessment and policy control.

Advantage IT Management, an IT services and support company based in Mobile, Alabama, was seeking a zero-trust, policy-driven security solution to better protect its customers and its own business. The company was particularly concerned about the recent high-profile ransomware attacks targeting MSP tools. The company's CEO, Matt Wilson, had been exploring zero trust solutions when clients started asking about it, making it the perfect time to implement such a solution. The company evaluated several products but found that none offered a complete solution like ThreatLocker.

Lake Forrest Preparatory School, a private school in Orlando, was facing challenges in protecting their technology, teachers, and students as they expanded the use of technology. They struggled to protect computers against malware and other forms of unauthorized software. While antivirus, web security, and e-mail security played an essential role in stopping threats from entering the school, these technologies fell short in stopping unknown malware and other problematic software from running. When students and teachers were using laptops outside of the school’s network, there was no control over what filtering and firewalls were in place. This increased the risk of unauthorized software or malware being downloaded, which could later run inside of the school’s network.

Tri-State Generation and Transmission Association, a utilities provider that supplies wholesale electric power to 44 electric cooperatives across Colorado, Nebraska, New Mexico, and Wyoming, faced a significant challenge in protecting its corporate and subscriber data from cyberattacks. The threat of a cyberattack shutting down the national electric grid is real, and utility companies are beefing up security measures to keep the lights on and the heat running for households and businesses. Tri-State's internal networks, which store both corporate information and subscriber data for 1.5 million customers, had to be protected. Multiple hosts, or master computers, are located throughout the wide area network and support 1,500-plus Tri-State employees. These hosts are critical to the utility’s business and way too valuable to take any risks with their security. However, Tri-State lacked visibility into the hosts’ activity and when potential threats did come up, there was no context to the type or degree of threat, and no prioritization.

The telecom provider’s network spans more than 10 geographies and multiple Amazon virtual private clouds (VPCs). Securing and monitoring such a diverse and expansive footprint is no easy task. As a result, the telecom provider is required to follow and operate under several different compliance policies. To support this mandate, the security team relies on their AWS-hosted ArcSight platform for big data security analytics, security information and event management (SIEM) and log management. Although the telecom company is running endpoint detection and response (EDR) on its managed clients, this still leaves a large security gap in visibility for IoT, unmanaged devices, BYOD, and other devices that cannot support EDR software agents.

Hydro Ottawa, the largest distributor in eastern Ontario, is responsible for delivering electricity to over 323,000 business and residential customers. With the surge in attacks on electrical grids and utility providers, the company needed to protect its corporate IT and critical infrastructure systems from cyberattacks. The challenge was to close the gap between infection and detection. The company needed to automate threat management that is simple to use and integrates easily with other security tools.

The company, a distributor in North America, was facing challenges in securing its geographically dispersed environment. Traditional security vendors were falling short when it came to stranger peripherals such as printers, scan guns, tablets, and guest devices. The company had a centralized data center and numerous physical locations across the country, making their network very distributed. Before deploying Vectra, the company was not monitoring network traffic, creating a significant gap in their security infrastructure.

The Private Research Institution was facing a wave of uncertainty due to the risk of a second ransomware attack. The manual workload was overwhelming and the institution needed a solution to automate Security Operations Center (SOC) inefficiencies and prevent future ransomware attacks. The institution was also dealing with constant change as network devices were constantly on the move with students and staff connecting in different locations and bringing multiple personal devices.

The global financial services company was in constant reactive mode due to their security operations center (SOC) being overwhelmed with homegrown solutions that required a lot of software patches. The SOC team was constantly putting out fires, rushing to investigate whenever they saw smoke. They were looking for a network detection and response (NDR) solution that would enable them to proactively detect and respond to hidden threats inside their network. They evaluated potential NDR solutions, including Darktrace and Vectra, hoping to find the right solution that would enable them to proactively detect and respond to hidden threats inside the network.

mLeasing, a leading leasing company in Poland and part of the mBank group, was looking for a modern solution that enabled the identification of online threats in real time. Traditional systems based on signatures or attack patterns only detect threats that are known to the system. The company wanted to find a system that would complement the security concept with a state-of-the-art solution based on behavioral analysis, supported by artificial intelligence and deep machine learning.

Greenhill, a renowned investment bank, was facing challenges in managing cyber risk. They were using SIEM tools but had difficulty in identifying which firewall logs were serious and which ones were not. The rise in credential abuse and account takeovers in SaaS platforms like Microsoft Office 365 was also a concern. Attackers were using social engineering to exploit human behavior, elevate account privileges, and steal critical business data. Greenhill needed more visibility into the network and an easier way to identify which threats were critical and which threats were not.

ED&F Man Holdings, a commodities trading company, faced a significant challenge in mitigating cybersecurity risks. A security incident several years ago served as a wake-up call to the increasing success of cyberattacks. An independent assessment indicated that the company needed to significantly step up its cybersecurity processes, tools, and people. The company undertook a complete security transformation. Carmelo Gallo took over as the cybersecurity manager to protect the operations of the $10 billion company that has a presence in 60 countries. A focus on next-generation security technology, integration, and automation has rapidly accelerated the company’s security maturity.

DZ BANK, the second largest bank in Germany, was facing challenges in detecting advanced threats that were missed by traditional signature-based firewalls, IDS and IPS. The bank was looking for a solution that could distinguish between benign anomalous behaviors and high-risk attacker behaviors. The bank's mission to protect its assets, operations and sensitive information was complicated by a broad range of data privacy and financial regulations. Many types of surveillance and electronic monitoring of employees and communications are prohibited in Germany. In addition, both the European Union General Data Protection Requirement (GDPR) and Germany’s Second Markets in Financial Instruments Directive (MiFID II) became law in 2018.

Greater Manchester Mental Health NHS Foundation Trust, a healthcare provider in North West England, was facing a significant challenge with limited visibility into malicious behaviors inside network traffic or Office 365. The trust has about 5,400 employees, more than 140 locations, and provides mental health services for 53,00 patients a year. The sheer quantity of individuals using the service increases the chance that cyber hygiene will fall by the wayside, and knowledgeable attackers will exploit human behavior to gain high-privilege access to critical business-data. Despite antivirus software, a LogPoint SIEM and next-generation firewalls, network detection and response (NDR) had been on the radar for quite some time.

Nissho Electronics Corp., a company that makes cutting-edge U.S. technology available to enterprise organizations in Japan, was facing growing concerns about its own network and cloud security posture due to the rise in advanced cyberattacks. These hidden threats easily evade firewalls, IDS and other legacy security systems and spread inside networks in search of assets to steal. Nissho had used its SIEM to analyze firewall logs, which was a manual, time-consuming operation. The company was also concerned about the recent spike in credential abuse and account takeovers in SaaS-based Microsoft Office 365, which affects more than 30% of organizations each month. Attackers use social engineering to exploit human behavior, elevate account privileges and steal critical business-data. The company understood that it needed visibility inside the network and public cloud to identify and stop hidden cyberattackers who move laterally in traffic to spy, spread and steal.

The university healthcare system was in need of a proactive approach to understand threats, threat actors and the methods they employ in the internal threat landscape. They had in place anti-virus, anti-malware and email filters to protect end users. However, their log and event manager created a lot of work for the security team. It relied on the vendor to integrate the log and event manager with other security systems, which resulted in a deluge of anomalous alerts that didn’t make sense and were incompatible with security feeds that flowed into it. The university healthcare system needed a network-centric detection and response solution that was endpoint agnostic and which would help bring clarity to internal network traffic.

American University, a private institution in Washington D.C., was preparing to expand its cloud presence and needed to enhance its cybersecurity measures to protect its public cloud, data center, and campus networks. The university was facing two significant cybersecurity challenges that were consuming a significant amount of time and resources. The first was the use of open-source tools to monitor network traffic, and the second was the use of signatures to detect intrusions. The university's network supports about 60,000 users with more than 20,000 devices at any given time, along with 700 servers and hundreds of applications. The information security team was looking for non-open-source solutions that utilized artificial intelligence and aligned with their goals.

The Texas A&M University System, an academic and research powerhouse, faced significant challenges in protecting its high-value academic and research data. The system, which includes 11 university campuses, seven state agencies, and numerous research institutes, was a prime target for cyber thieves. The university system faced a lack of cybersecurity talent, a global issue that made it difficult to hire and retain skilled cybersecurity professionals. Additionally, the university system's significant expenditures and vital research partnerships with organizations like the U.S. Department of Energy, NASA, and the U.S. Department of Defense made it a target for nation-state cyber attackers.

The international private healthcare group, with over 100 hospitals and clinics globally, was facing challenges in timely detection and effective management of active cyberattacks. The healthcare industry is a prime target for cybercriminals, who use advanced attack techniques and tools. These criminals often target patient records that contain substantial amounts of private and sensitive information. In addition to the risk of data loss, ransomware attacks have the potential to disrupt and deny control over key digital services like biomedical devices and vital systems, putting the provider and the safety of patients at risk. The healthcare group realized that its existing cybersecurity protections were not enough to quickly spot and manage attacks, given the rapidly evolving threat landscape.

INDEVCO, a multinational manufacturing and industrial consultancy group, was facing challenges in detecting internal threats, gaining visibility into their network, and maintaining network hygiene. They had an open-source security information and event management (SIEM) solution and an endpoint detection and response (EDR) solution, but these were not sufficient. The company needed a solution that could help them better protect data and keep their operations running smoothly across their 38 manufacturing plants and 38 commercial companies worldwide.

The company, a Forbes Global 2000 manufacturer of specialty chemicals and advanced materials, needed to ensure its supply chain, from raw materials to finished goods, was not compromised by hidden cyberattacks. The company's supply chain spans the procurement of raw materials to formulating the plastics and adhesives that are essential ingredients in its own customers’ manufacturing processes. Cyberattacks could disrupt production operations, causing serious business disruption, reputational damage and fines for regulatory noncompliance. The company wanted to lift the burden from its security operations team, which was weighed down by huge volumes of inconclusive alerts and false positives.

Pennine Care NHS Foundation Trust, a provider of mental health and learning disability services in parts of Greater Manchester and Derbyshire, was faced with the challenge of protecting its operations from cyber threats. This became a priority after the 2017 WannaCry ransomware attack that disrupted a third of NHS operations. Although no patient data was compromised and the attack was stopped from spreading, all NHS trusts have since stepped up security to identify and stop future cyber threats. ICT security manager Rizwan Majeed was entrusted to protect Pennine Care NHS from cyber threats. He began to evaluate potential solutions, including network detection and response (NDR).

Bolton NHS Foundation Trust, a healthcare provider for over 140,000 people in Bolton and the surrounding area northwest of Manchester, was facing a growing challenge of protecting patient information across a growing number of mobile devices, medical internet-of-things (IoT) devices, data center workloads and cloud services. Healthcare providers have a treasure trove of patient, financial and clinical research data, making healthcare a top target for data theft. Criminals also target healthcare providers for extortion with ransomware, knowing that hospital systems must operate around the clock. Bolton NHS is just down the road from ground zero of the 2017 WannaCry outbreak in the U.K. The ransomware crisis, which affected organizations around the world, sparked many conversations at Bolton NHS. “We had proven security, but we still reassessed our weaknesses and gaps,” says Walmsley.

The telematics company, despite having a deep understanding of the tactics used by cybercriminals, was constrained by limited resources and budget. With a total of 100 employees, the IT operations team consisted of only five members who were tasked with handling everything IT-related, including security. The company provides telematic services to insurance clients, requiring them to store and transfer sensitive customer information regularly. Therefore, security was a top priority. However, with limited financial ability to fund a dedicated Security Operations Center (SOC) team, it became a priority to find budget-friendly alternatives. The company needed a solution that was software and operating system agnostic, and could help detect attacker behavior, increase their human expertise with artificial intelligence (AI), and address any threat or abnormal activity.

The Municipal Property Assessment Corporation (MPAC) was facing a challenge of lack of lateral movement visibility within the organization. As an IT security veteran, Mirza Baig, IT Security Manager at MPAC, needed to understand the security solutions the team was utilizing. He found that the team had already prioritized removing any blind spots, which is key to having the ability to detect attacker behavior. However, the existing solutions were not sufficient to detect lateral movement across cloud or enterprise workloads.

ROSSMANN, one of the largest drugstore chains in Europe, was facing a significant challenge in identifying threats inside its network. The IT security team, led by Daniel Luttermann, was tasked with strengthening the company's security posture to catch cyberattackers at the network perimeter and within the network. Before evaluating vendors, ROSSMANN conducted a red team exercise to identify potential security weaknesses and vulnerabilities. The results of this penetration test were used to gauge vendors in the proof-of-concept (POC) testing phase. The team ultimately chose a diverse roster of solutions that included the Cognito® network detection and response (NDR) platform from Vectra®.

The global retail giant in the beauty industry was struggling with maintaining network security for hundreds of stores and a busy online retail business with a lean security budget. Every year, the company would hire consultants to conduct red team exercises to test the mettle of cybersecurity operations, and every year it failed. The seven-member security operations center (SOC) team was in need of a solution that would provide visibility inside the network to detect and respond to hidden cyberattackers. They needed a network detection and response (NDR) platform that would identify attackers that bypass firewalls and IPS at the network perimeter and provide visibility into threats inside the network.

Royal Holloway University of London, a top 25 university in the UK, was facing a significant challenge in defending against a wide range of cyber threats. As a center of research and excellence in cybersecurity, the university was a particularly attractive target for threat actors. The large population of students and staff regularly connected to multiple devices, presenting a broad attack surface. With limited resources, the Cyber Security team at Royal Holloway was under huge pressure to keep up with the increasing workload of manual investigations in response to suspected vulnerabilities. They needed a solution that could detect threats that managed to penetrate their network, or those that originated from inside their perimeter defenses, without needing to perform manual intervention.