Quality. Chocolate. Secured
When Ritter Sport was subjected to a targeted attack in November 2017, the WithSecure™ Rapid Detection and Response Service was there to identify the anomality in just few minutes.
Case study: Ritter Sport
With around three million Ritter Sport chocolate bars leaving the production lines in Waldenbuch every day, it is not hard to imagine the catastrophic effect that a hacker-induced production stoppage would have on the company.
Not only would such a scenario slowdown business processes, it would also have a considerable impact on costs. Indeed, the real and not merely theoretical nature of the threat was demonstrated to Ritter’s management through the unfortunate experience of another chocolate manufacturer, whose production line was brought to a standstill for a whole week in June 2017 as the result of an attack.
Life is like a box of chocolates
You don’t know exactly what you will get. Although 99.9% of all security incidents are automated attacks involving spyware, ransomware, banking Trojans, selfreplicating botnets, and so on (with endpoint security, email security and firewalls providing a very good defense), no technology can offer 100% protection against cyberattacks. This is particularly true of complex, targeted attacks, which, despite accounting for only 0.1% of the total volume, cause considerably more damage. Like most companies, Ritter Sport had no protection against this type of cyberattacks, as the focus of its security strategy was understandably on the most commonly occurring threats.
When your adversary is a human being, you don’t know exactly what you will get and you cannot rely solely on computer technology. To detect intruders and respond rapidly, you need to supplement smart software with human expertise. Otherwise, the threats will only be identified weeks, months or even years later – with serious consequences for costs and reputation.
Ritter Sport saw this as the ideal moment to put an advanced threat monitoring system in place that immediately flags suspicious behavior in the corporate network. That’s why they chose WithSecure™ Rapid Detection and Response Service (RDS). The analysts at the WithSecure’s operations center deliver around-theclock monitoring of Ritter Sport’s IT environment to detect signs of security breaches, analyze suspicious activity in real time, investigate the results and filter out false positives. Within 30 minutes of confirming that an anomaly is an actual threat, the customer’s IT team is alerted.
Cracking hard nuts
The security measures were implemented at exactly the right time. When Ritter Sport was subjected to a targeted attack in November 2017, the WithSecure™ team flagged the incident in just nine minutes – well within the promised reaction time.
In another incident in March 2018, WithSecure™ was even able to sound the alarm within six minutes. The focus of the attack was Microsoft Office: a malicious macro had caused unusual behavior in the system. The sensors immediately detected the attempted intrusion and downstream analysts at the Rapid Detection Center were soon able to identify the anomaly. In both cases, the cause was an email – a commonly used attack vector, as WithSecure’s most recent Incident Response Report shows.
More than a third of all digital incidents in the corporate world originate through phishing emails or malicious email attachments. The most frequent method is when attackers exploit software vulnerabilities. In 21% of the cases examined, this was the method attackers used to gain access to the company’s infrastructure. In 34% of all cases, however, no vulnerability was required. The attack was carried out through phishing and malicious email attachments – a method that companies find difficult to contain
"Thanks to Business Suite Premium and Elements Endpoint Detection and Response Service, our systems are now fully protected against all forms of malware and targeted cyberattacks. RDS has already done an amazing job on two occasions in just a few minutes”
A refined blend
WithSecure™ Elements Endpoint Detection and Response Service swiftly detects advanced cyberattacks through a combination of artificial intelligence and an international team of threat hunters. The team investigates each incident and decides whether it needs to be reported. The IT security team at Ritter Sport are then notified of the serious incident by telephone, and not by email or text message. The experts work around the clock to monitor, analyze and evaluate attacks in order to initiate the right response at exactly the right time.
For some time now, the chocolate manufacturer has successfully deployed WithSecure™ Business Suite Premium to protect all of its PC systems and many Citrix terminal servers. The WithSecure’s managed detection and response service was implemented at Ritter Sport by WithSecure’s partner, BWG Informationssysteme. Just like in the first project involving Ritter Sport and WithSecure™, the system administrator, Michael Jany, felt it important to choose a European manufacturer and German partner, both with strict “no backdoor” policies.
WithSecure™ Rapid Detection and Response Service now monitors around 1,000 connected endpoints at Ritter Sport around the clock, 365 days a year. To date, WithSecure™ has significantly outperformed its promise to detect and flag security incidents within 30 minutes. This makes it possible to immediately measure the return on investment (ROI). “This not only convinced us, the IT team, but also our CFO and the financial controllers,” says Jany.
Cyberattacks: No sweet surrender
“We are completely convinced that we have chosen the right solutions. What’s more, we consider WithSecure’s Elements Endpoint Detection and Response Center experts to be full-fledged members of our security team.”
- Cyber security experts monitor your environment around the clock
- Max. 30 minutes from breach detection to response, as agreed in a Service Level Agreement
- Direct return on investment through outof-the-box ready Managed Service
How do you detect a sophisticated attack? You make use of the most advanced analytics and machine learning technologies. But that’s not all. You’ve got to think like an attacker.
WithSecure‘s security experts have participated in more European cyber crime investigations than any other company. With our experts’ fingers firmly on the pulse of the cyber attack landscape, you’ll stay up to date with the latest threat intelligence.
Speak to the team
Detect threats and get full protection against intruders.