Migros Case Study

Helping Migros to Enhance the Protection it Receives from its Security Controls

Industry: Retail
The Customer

Migros, one of the largest retailers in Turkey and other countries, prioritizes security highly.

Migros, a leading supermarket chain and online retailer, wanted to ensure that it was doing everything possible to maintain a proactive approach to safeguarding its critical infrastructure and customer data. With The Picus Complete Security Control Validation Platform, the business can now measure the strength of its defenses at any moment and take swift action to optimize the performance of controls against current and emerging threats.

Elif Seven
Senior Team Lead, Migros

"The Picus Platform is an easy to use solution that helps us ensure our defenses keep pace with evolving threats. The security scores and insights it provides help us to assess the effectiveness of our controls and identify ways to better protect our assets and customer data. The results we’ve seen, as well as the high level of support and guidance we receive from Picus’ Customer Success Team, were key factors in our decision to recently renew our license. Picus has become the right hand of our security team. I’d recommend it to all organizations that want to strengthen their cyber resilience and automate manual assessment and detection engineering processes.”

The Challenges


Obtaining a holistic view of the organization's security posture and confirming that its defenses are working effectively were difficult.

As a leading retailer with over 2,600 stores in Turkey and other countries, Migros prioritizes security extremely highly. The company serves over 14 million customers annually and is well aware of the impact a serious cyber attack could have on its operations, finances and reputation. On a daily basis, Migros processes huge volumes of sensitive customer and financial data. A hybrid cloud infrastructure, use of specialist point of sale (POS) systems and web applications, plus a vast supply chain means that the company has a large, growing estate to protect. As an innovator in its industry, Migros is investing heavily in artificial intelligence and contactless payment technology. Consequently, it is keen to ensure that its intellectual property is also comprehensively protected. To safeguard its assets, Migros employs a large in-house security team and utilizes third-party services providers to assist with vulnerability management and threat detection. However, despite the resources at its disposal, the company was struggling to obtain a holistic view of its security posture and lacked assurance that the defenses it relies upon were operating as expected. It also wanted to ensure it was doing all it could to identify and address security gaps as quickly as possible. “Information and data security have always been a top priority for our business”, explained Elif Seven, Senior Team Lead at Migros. “However, with such a large estate to protect, maintaining a broad oversight of our security was proving to be a challenge. To mitigate risks, we leverage a wide range of security controls and it’s imperative that they provide the best possible protection at all times. “Security assessments such as penetration testing were helping to identify potential weaknesses but did not provide

The Solutions

Measuring the effectiveness of security controls and identifying gaps in coverage or visibility by simulating real-world cyber threats.

After evaluating a range of cyber security solutions, Migros identified The Picus Complete Security Control Validation Platform as the ideal tool it needed to help assess and stay on top of its security posture. By simulating real-world cyber threats, The Picus Platform enables the business to measure the effectiveness of its security controls on a continuous basis and take swift action to address any threat coverage and visibility gaps identified. Every day, Migros’ security teams leverage Picus’ Breach and Attack Simulation technology to conduct over 4,000 simulations and validate the performance of its network, endpoint and email controls. At a prevention level, The Picus Platform validates that Migros’ firewalls, web application firewalls and antivirus are reliably blocking known malicious activity. Additionally, at a detection level, it tests that the company’s Security Incident and Event Management (SIEM) tool is ingesting the necessary log sources and that alerts are triggered promptly when malicious activity is identified. Where policy gaps are observed, The Picus Platform helps to address them by supplying actionable mitigation recommendations and by mapping threat coverage to the MITRE ATT&CK Framework.

The Result


Greater Threat Readiness
Greater Threat Readiness Monitoring cyber threat intelligence to identify new risks was proving highly time-consuming. With the addition of emerging threats and attack scenarios to its threat library on a daily basis by Picus Labs, The Picus Platform helps to alleviate this burden by reducing the time the Migros team needs to devote to security research and analysis.



Reduced Time to Mitigate
By supplying actionable and vendor-specific mitigation recommendations to address threat coverage and visibility gaps, The Picus Platform enables Migros’ security team to respond to risks sooner. The provision of prevention signatures and detection rules, all thoroughly tested by Picus to minimize false positives, also helps to alleviate manual prevention and detection engineering processes.



Improved Collaboration
Use of The Picus Platform has helped Migros to foster a purple teaming culture within its security operations. To aid awareness and knowledge transfer, simulation results and mitigation insights are shared with relevant asset owners and used to drive ongoing improvements to controls and processes.



More Effective Reporting
Before using The Picus Platform, Migros’ team struggled to measure the company’s security posture. Now its team can track security scores for each of its controls and monitor changes in real-time. Integration of The Picus Platform with the company’s central reporting system enhances visibility further and ensures that senior managers across the business can stay up to date.



Greater Value from Pen Testing
By validating the efficacy of the company’s security controls to prevent and detect particular threats and attack techniques, The Picus Platform enables Migros’ security team to better scope penetration testing. This includes ensuring that the assessments it commissions from third parties are conducted in the right areas and are focused on replicating the tactics and techniques that pose the most risk.



Enhanced Compliance
As a processor of personal and financial data, Migros must comply with a range of security-related regulations and standards. The Picus Platform helps the company to prove adherence with the latest government and industry mandates, including the GDPR and the PCI DSS, by ensuring that the controls and processes it has in place are operationally effective.

#Retail #Case Study

Trusted by Security Teams Across the Globe

Organizations use Picus to get immediate actionable insights on their security posture. They choose Picus to manage, know, and control their dynamic environment.

The GARTNER PEER INSIGHTS Logo is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

Discover Our Latest News and Content