Cookie Notice

We use cookies to analyse site traffic and optimise your browsing experience. Accepting necessary cookies is required to provide you with a minimum level of service. Read Cookie Statement

Get In Touch
Contact Us

Contact Us

Please get in touch using the form below

1000 characters left
I prefer to be contacted by:
View our privacy policy
Experiencing a breach? Get emergency incident response assistance.

Overview

Protecting a global shipping business against ransomware

One of the world’s largest shipping companies wanted to become more proactive in its approach to cyber security, particularly in relation to the detection of ransomware. Working with Redscan gives the company greater visibility across its global network of offices and ships to better detect and respond to threats when they arise and ensures that appropriate controls and processes are in place to meet its compliance obligations.

Protecting a global shipping business against ransomware
Industry
Shipping
HQ
Germany

The Challenge

Summary

  • Globally dispersed network
  • Hybrid infrastructure
  • Strict compliance responsibilities

This organisation is one of the world’s largest shipping companies, with more than 135 years in the industry. The company provides integrated maritime solutions through nine ship management centres worldwide and manages around 600 vessels, with 20,000 employees on shore and at sea.

Following the NotPetya malware attack which affected three of shipping giant Maersk’s global businesses in 2017, the team were only too aware of the damage that cybercrime could inflict on its operations, finances and reputation. The NotPetya attack spread throughout Maersk’s IT operations, forcing it to undertake a complete reinstallation of its infrastructure, including 4,000 servers and 45,000 PCs, and costing it $300m USD.

While the organisation had some security controls in place to support threat detection, these did not provide visibility across its complete hybrid cloud infrastructure, encompassing Office 365. Nor did they provide confidence that attacks would be identified quickly enough to minimise potential damage and disruption.

With only a relatively small number of IT specialists for its size, the company wanted to identify a third party to help alleviate the demands of day-to-day threat detection, enable it to be more proactive in its approach to cyber security and mitigate future security risks. They also needed to ensure that appropriate controls and processes were in place to meet all its data protection obligations, including the ability to detect and report breaches in line with the GDPR.

The Solution

Summary

  • Long-term partnership
  • Comprehensive security monitoring
  • Addressing threats 24/7

The business was looking to build a long-term partnership with a top tier MDR provider. Its choice was based on a range of criteria, including technical expertise, approach to threat detection and quality of customer references. After spending some time identifying the security partner that would best meet its requirements, the shipping company selected Redscan and its Managed Detection and Response service. It was also impressed by the personal touch that the Redscan team demonstrated in proposing a solution that would best meet its threat detection requirements.

The Head of IT says:

“Redscan was the company which met all the criteria we had in mind. I always pay attention to personal relationships with potential partners. Right from the start, I had an Account Manager working with me helping me to identify the best solution for our needs and providing the information I needed to make my decision.”

While the personal aspect was an essential part of its decision to work with Redscan, so too was the turnkey nature of the service – which supplies the people, technology and intelligence the company needs to identify and respond to both current and emerging cyber threats, 24/7.

The company recognised the value of MDR in improving visibility across its infrastructure and the impact the service would have in driving a reduction in the mean time to detect and the mean time to respond to threats. Our Security Operations Centre (SOC) professionals operate as a virtual extension of the team, providing the high-quality insight and mitigation guidance its IT team need to respond to incidents whenever they arise.

To ensure that the organisation’s security is as robust as possible, Redscan also conducts managed vulnerability scanning and CREST-accredited penetration testing to help identify and address vulnerabilities across its global infrastructure.

The Head of IT adds:

“The human factor is something I’m always looking for. I don’t want to talk with bots – I want to talk with people. This personal approach is something I noticed from my first engagement with Redscan and it is still true today.”

The Results

Enhanced threat visibility
The shipping company now has visibility across its global network of offices and ships and its public cloud environments. When threats arise, Redscan is able to swiftly identify and help the IT team to respond to them before they have an opportunity to impact business operations. Redscan utilises the latest security intelligence to detect current and emerging threats and constantly tunes the underlying technology, included as part of the service, to reduce false positives.
Detection of ransomware
With ransomware a key concern in light of the Maersk attack, MDR provides a critical layer of defence. Using real-time threat intelligence, the service provides the company with the essential security capabilities it needs to quickly detect and respond effectively to the latest types of malware.
A reduction in phishing attacks
Our MDR service integrates with the organisation’s chosen Secure Email Gateway (SEG) solution to enhance visibility of phishing attacks and emails that contain malicious attachments. Security events generated by the SEG are correlated alongside other data sources, enabling Redscan’s SOC team to achieve enhanced visibility of email attacks and help the company respond to them.
Swift incident response
Redscan provides the outcomes and actionable mitigation guidance needed to be able to quickly respond to incidents and significantly reduce the possibility of an attack. Incident information is shared securely via CyberOps, Redscan’s threat management platform. Redscan’s SOC team thoroughly analyse and investigate every security alert received and if deemed to be a genuine incident, use CyberOps to notify the client, relay its priority level, and supply the information needed to assist remediation.
Improved vulnerability management
For an added level of security, Redscan supports with vulnerability management. Our MDR service uses the latest vulnerability scanning tools to identify known vulnerabilities across key assets in the organisation’s environment. This is further enhanced by penetration testing engagements, conducted by Redscan’s team of ethical hackers, and designed to identify and help address hidden vulnerabilities across the company’s infrastructure.
Increased situational awareness
Monthly service reports from Redscan provide the firm with the high-quality information its key stakeholders need to improve situational awareness and understand the value of the service in helping to improve the company’s security posture and demonstrate compliance with industry regulations such as the GDPR.
Consistently high-quality service
In a recent survey, Redscan were awarded 10 out of 10 for overall satisfaction, the company stating that it would be extremely likely to recommend the company to others. It values the initial and ongoing training provided by Redscan. This includes on-site visits from its Account Manager and workshops to help educate IT staff about emerging security threats.