Thorsten Poetter
Chief Digital Officer at Samson Systems Group, Inc. with 4,000 - 4,500 employees
USE CASE
Our use cases are essentially all the classic defense mechanisms that are used to protect devices, secure emails, and ensure that we don’t pull in anything harmful. We also monitor internet and intranet traffic to detect abnormal behavior and address it. This has helped us in many situations where we’ve faced external attacks, which then usually try to go back out. I always say that they try to drill through the wall and get back out, and in that way, we’ve been able to recognize when someone has gained access to our devices.
We operate in 60 countries with 4,000 to 4,500 employees, of which nearly 2,000 are based in Frankfurt. All of the end devices of our colleagues are under IT security monitoring. The Deep Discovery Inspector is implemented at three global locations: one in Europe, one in Asia, and one in the USA. This allows us to detect any issues early on, and with network segmentation, we can minimize potential damage in case of an incident.
The biggest security concerns in our industry are not really industry-specific but are intrusions. Identity theft is a challenge and then there are issues where people are manipulated into making money transfers to what seem like customer accounts that don’t actually exist.
Another is the classic attack, where ransomware is used to infiltrate systems and gain access through encryption and similar methods.
Additionally, we also have the issue of IP protection.
Trend Vision One has significantly improved our company because we can now track and see how many attacks we have. Since we’ve implemented it, we haven’t had any major attacks that have successfully entered the company.
HOW HAS IT HELPED MY ORGANIZATION?
Vision One has significantly improved our company because we can now track and see how many attacks we have. Since we’ve implemented it, we haven’t had any major attacks that have successfully entered the company. So, we know the defense mechanism is working.
In terms of our ability to manage risks, we already had the stances for risk management in place, from our side, from a purely conceptual standpoint. Through a solution like this, we always want to get a more concrete approach for the operational side. We aim to identify and assess risks and then determine the measures we can take to mitigate those risks. That’s where Trend Micro is very helpful.
Vision One has significantly helped reduce our time to detect and respond to threats.
In terms of whether or not Vision One has helped my organization reduce noise from false positives, it’s always a matter of perspective in terms of whether or not the number of alarms has truly been reduced or if they were false alarms. We rolled out the solution across the company, and as a result, we now monitor more devices and have a more comprehensive view of security. Therefore, the number of alarms and false alarms has certainly increased, because we are now looking at all devices. Previously, we didn’t monitor them, so we didn’t notice them.
We have always seen alarms and false alarms. However, we have incorporated mechanisms to identify where the false alarms are coming from, and we continuously refine the system. Sometimes, activities in the internal IT administrative area trigger alarms that are not actual threats, and we continuously adjust and refine those rules to reduce false alarms. We didn’t have a solution in place before to compare whether or not it has reduced false positives. The mechanisms we have now allow us to assess both alarms and false alarms in detail and, in the case of false alarms, to trace where they come from and implement rules to prevent them from happening again.
Vision One has definitely reduced my organization's cyber risk. We took a holistic view of all devices, became more aware of IT security risks from the outset, and then integrated all devices into that view. In the incidents we encountered at the beginning, as we increasingly implemented and observed this solution, a clear path was outlined on how to address and resolve these issues.
VALUABLE FEATURES
We implement the sensors globally from the angle that we are, in fact, global and operate worldwide. The importance lies in the fact that we know attacks can happen from anywhere, and therefore we decided to implement this as a standard solution within our company, The Samson Group. The Samson Group itself has 60 legal entities worldwide, and from our side, this is more of a governance requirement, meaning it must be used to protect the entire organization.
We have found the Trend Deep Discovery™ Inspector that is in place exceptionally valuable. It has consistently helped us identify areas where issues are happening and where there have been small vulnerabilities in the network that could lead to issues. This happens when, at some point, an unauthorized device—one that shouldn’t be in the network—somehow gains access. This is certainly one of Trend's standout features, as it has provided us with insight into what is happening in our network, which has prevented us from facing significant damage.
We have a positive impression of Vision One's ability to provide us with centralized visibility and management across protection layers. The impression is definitely positive for us. That’s also why we decided to extend the contracts. It’s a very mature solution that is well-understood and user-friendly for people working in this field.
Trend helps us consolidate security vendors because we are now establishing this as standard software for the company. We only work with one solution provider, which is part of the consolidation. When selecting the solutions, we carefully considered what was important to us and where issues occurred. For example, we were particularly pleased that the base and system come from a Japanese company, meaning we don’t have to put ourselves in the hands of Russian or American companies to make this happen.
We use the Vision One™ Cyber Risk Exposure Management (CREM) features and from our perspective, it is very helpful because it provides a supportive function. In situations where we notice something, we also have a very direct line to the team.
When it comes to having AI, from a high-level perspective, I don’t really care how it’s done in terms of the solution. It's great if AI is used because we measure based on the results we achieve. It must meet the requirements for performance and speed. Today, AI is the tool of choice to achieve the necessary speed and performance. But it’s not about the fact that AI is involved; it’s about the fact that, at the end of the day, a fast and reliable solution has been created.
WHAT NEEDS IMPROVEMENT?
We still have devices that are not traditional IT equipment but rather fall under the category of Operational Technology (OT) devices. There is increasingly a blending of the traditional OT world, which requires a specific focus, as OT devices often don't use standard Ethernet protocols and similar technologies. These are areas where I believe more can be done by Vision One.
Taking it a step further, we also produce items that include IT elements, which are then used by customers. It would be great if there were Trend products that could enhance the security of these devices, either as part of our product or in some other way integrated into our offering. But that's a different approach. At the moment, we use Trend to protect our own company and our internal networks, but expanding this to our customer-facing products is an idea for the future.
FOR HOW LONG HAVE I USED THE SOLUTION?
We have been using Trend for a long time, since 2020. We started in 2019 and signed our first Vision One contract in 2020.
Their technical support is excellent because we continuously see that when an issue arises, direct communication is sought. The ability to act quickly and be in direct communication is very important to us.
WHAT DO I THINK ABOUT THE STABILITY OF THE SOLUTION?
The stability is very high. We rarely encounter stability issues. When we do have issues, we typically find that they originate from our side, usually because certain information couldn't be provided by the server.
WHAT DO I THINK ABOUT THE SCALABILITY OF THE SOLUTION?
Compared to other companies, we're not huge, but during the rollout and expansion, we found that it scales easily. We haven't encountered any issues with scaling effects or anything like that.
HOW ARE CUSTOMER SERVICE AND SUPPORT?
Their technical support is excellent because we continuously see that when an issue arises, direct communication is sought. The ability to act quickly and be in direct communication is very important to us. It's not just about high-level support with the chatbot; rather, when an issue occurs, we have the experts on-site and ready to respond swiftly, which is crucial. In such situations, you need to act quickly without wasting time on what should happen next.
HOW WOULD YOU RATE CUSTOMER SERVICE AND SUPPORT?
Positive.
WHICH SOLUTION DID I USE PREVIOUSLY AND WHY DID I SWITCH?
We have used a lot of products. Over the past few years, we have been consolidating into a single corporation and replacing other solutions with the corporate mandate of Trend. The reason is for efficiency reasons, among others. By using the same solution across the entire company, we can manage and maintain it centrally, ensuring uniform behavior without having to deal with individual solutions for each part of the organization.
HOW WAS THE INITIAL SETUP?
I was involved in the setup in terms of managing the role and function, but not from a technical standpoint.
My colleagues reported that it is a very well-designed software. We’ve experienced other solutions where we’ve worked on software for a long time, and it didn’t go as smoothly. I haven’t heard any complaints, so the setup must have been good.
We took a risk-based approach to implement this. We started rolling it out in some large manufacturing companies, where the potential damage in case of an incident would be the greatest. From there, we moved to the smaller legal entities, such as just sales offices or similar, so from large to small.
We have a relatively small team in the global function with three people who worked on it. We also have a packaging team and similar resources when it comes to creating installation scripts for end devices.
In terms of maintenance, we have purchased Vision One as part of a SaaS solution. This includes updates and ongoing support, such as the provision of virus signatures, so we don't have dedicated staff specifically for maintenance. We do have designated contacts around the world dedicated to handling alarms and events. This is an additional responsibility for the IT team members after their training, so I can't give you a precise number of people involved. These activities are integrated into the existing IT staff who manage them alongside their regular tasks.
WHAT WAS OUR ROI?
We have seen a return on investment fundamentally more qualitatively, proportionally, and quantitatively. We haven't done a strict ROI calculation. We know it's in place to counter potential damage, but it's hard to quantify potential damage in an ROI calculation. On the other hand, we had two incidents during the rollout for the global company. Thankfully, we also had cyber security insurance, and the insurance covered the incidents because, through Trend and the implementation of the solution, along with the data it provided, we were able to demonstrate what had happened. Without this, we certainly wouldn’t have received the insurance payout.
WHAT'S MY EXPERIENCE WITH PRICING, SETUP COST, AND LICENSING?
Of course, we'd prefer for it to be free. Security has its price. Regarding the prices we've experienced, we consider Trend to be competitive. However, we sometimes wish for a higher discount based on more usage as the company grows.
WHICH OTHER SOLUTIONS DID I EVALUATE?
We looked around at other solutions. When we started evaluating options in 2019, we explored the typical solution portfolios available at the time. We considered several options, and then, based on different factors, we decided on a company operating out of Japan, rather than an extension of an American company. I don't quite remember all the details, but at the time, there was also a Russian solution that was quite popular in the European market, which we decided not to pursue further.
The main differences between these products and Vision One were the functionality and the overall environment. We wanted a truly independent solution. From the perspective of German and European data protection laws, it was a matter of weighing where we could place the most trust and where we would see those principles reflected in the implementation.
WHAT OTHER ADVICE DO I HAVE?
My advice would be that one should really take the time to think carefully about what they want and need, and particularly engage in conversations with colleagues to find the right solution. One could say that to perform Deep Discovery Inspector on network traffic, more nodes could be added but at some point, the cost-benefit effect becomes minimal.
We always felt that Trend provided us with very good advice, suggesting that more than three nodes in a global context weren't necessary. Any additional nodes would only slightly improve performance, making it not worthwhile. It's important to listen to the Trend team and communicate openly. What's key is that you have to think about your scenarios and risks in advance—this is something they can't take off your hands. For example, network segmentation, which isn't part of Trend's offering, is a mechanism we also bring in. It's important to work hand in hand, and there needs to be a lot of dialogue at this stage.
Join 500K+ Global Customers
Get started with Trend today