Free Trial
|
Login
Free Trial
Login
Platform

Platform

I want to

report
WHITEPAPER Picus Red Report 2024
white paper
DATASHEET Security Validation Platform
Use Cases

Use Cases

Frameworks

Group
WHITEPAPER Building a Robust Defense-in-Depth Strategy with Breach and Attack Simulation (BAS)
webinar
ON-DEMAND Top Ten ATT&CK Techniques: The Rise of ‘Hunter-Killer’ Malware
Research

RESEARCH

LEARNING

report (1)
REPORT 2024 Gartner® Peer Insights™ Voice of the Customer for Breach and Attack Simulation (BAS) Tools
report (1)
REPORT Blue Report: Effective Threat Exposure Management
Resources

RESOURCES

LEARNING

Group
WHITEPAPER Double Your Threat Blocking in 90 Days
webinar
UPCOMING WEBINAR Maximizing Cybersecurity with GenAI
Company

COMPANY

PARTNERS

webinar
UPCOMING WEBINAR Maximizing Cybersecurity with GenAI
Data sheet
DATASHEET The Pioneer of Breach & Attack Simulation
GET A DEMO
Case Study

Migros Case Study

Helping Migros to Enhance the Protection it Receives from its Security Controls

Industry: Retail
The Customer

Migros, one of the largest retailers in Turkey and other countries, prioritizes security highly.

Migros, a leading supermarket chain and online retailer, wanted to ensure that it was doing everything possible to maintain a proactive approach to safeguarding its critical infrastructure and customer data. With The Picus Complete Security Control Validation Platform, the business can now measure the strength of its defenses at any moment and take swift action to optimize the performance of controls against current and emerging threats.

Elif Seven
Senior Team Lead, Migros

"The Picus Platform is an easy to use solution that helps us ensure our defenses keep pace with evolving threats. The security scores and insights it provides help us to assess the effectiveness of our controls and identify ways to better protect our assets and customer data. The results we’ve seen, as well as the high level of support and guidance we receive from Picus’ Customer Success Team, were key factors in our decision to recently renew our license. Picus has become the right hand of our security team. I’d recommend it to all organizations that want to strengthen their cyber resilience and automate manual assessment and detection engineering processes.”

The Challenges

migros

Obtaining a holistic view of the organization's security posture and confirming that its defenses are working effectively were difficult.

As a leading retailer with over 2,600 stores in Turkey and other countries, Migros prioritizes security extremely highly. The company serves over 14 million customers annually and is well aware of the impact a serious cyber attack could have on its operations, finances and reputation. On a daily basis, Migros processes huge volumes of sensitive customer and financial data. A hybrid cloud infrastructure, use of specialist point of sale (POS) systems and web applications, plus a vast supply chain means that the company has a large, growing estate to protect. As an innovator in its industry, Migros is investing heavily in artificial intelligence and contactless payment technology. Consequently, it is keen to ensure that its intellectual property is also comprehensively protected. To safeguard its assets, Migros employs a large in-house security team and utilizes third-party services providers to assist with vulnerability management and threat detection. However, despite the resources at its disposal, the company was struggling to obtain a holistic view of its security posture and lacked assurance that the defenses it relies upon were operating as expected. It also wanted to ensure it was doing all it could to identify and address security gaps as quickly as possible. “Information and data security have always been a top priority for our business”, explained Elif Seven, Senior Team Lead at Migros. “However, with such a large estate to protect, maintaining a broad oversight of our security was proving to be a challenge. To mitigate risks, we leverage a wide range of security controls and it’s imperative that they provide the best possible protection at all times. “Security assessments such as penetration testing were helping to identify potential weaknesses but did not provide

The Solutions

Measuring the effectiveness of security controls and identifying gaps in coverage or visibility by simulating real-world cyber threats.

After evaluating a range of cyber security solutions, Migros identified The Picus Complete Security Control Validation Platform as the ideal tool it needed to help assess and stay on top of its security posture. By simulating real-world cyber threats, The Picus Platform enables the business to measure the effectiveness of its security controls on a continuous basis and take swift action to address any threat coverage and visibility gaps identified. Every day, Migros’ security teams leverage Picus’ Breach and Attack Simulation technology to conduct over 4,000 simulations and validate the performance of its network, endpoint and email controls. At a prevention level, The Picus Platform validates that Migros’ firewalls, web application firewalls and antivirus are reliably blocking known malicious activity. Additionally, at a detection level, it tests that the company’s Security Incident and Event Management (SIEM) tool is ingesting the necessary log sources and that alerts are triggered promptly when malicious activity is identified. Where policy gaps are observed, The Picus Platform helps to address them by supplying actionable mitigation recommendations and by mapping threat coverage to the MITRE ATT&CK Framework.

The Result
threat-readiness-icon

 

Greater Threat Readiness
Greater Threat Readiness Monitoring cyber threat intelligence to identify new risks was proving highly time-consuming. With the addition of emerging threats and attack scenarios to its threat library on a daily basis by Picus Labs, The Picus Platform helps to alleviate this burden by reducing the time the Migros team needs to devote to security research and analysis.
time-mitiigate-icon

 

Reduced Time to Mitigate
By supplying actionable and vendor-specific mitigation recommendations to address threat coverage and visibility gaps, The Picus Platform enables Migros’ security team to respond to risks sooner. The provision of prevention signatures and detection rules, all thoroughly tested by Picus to minimize false positives, also helps to alleviate manual prevention and detection engineering processes.
collaboration-icon

 

Improved Collaboration
Use of The Picus Platform has helped Migros to foster a purple teaming culture within its security operations. To aid awareness and knowledge transfer, simulation results and mitigation insights are shared with relevant asset owners and used to drive ongoing improvements to controls and processes.
reporting-iconn

 

More Effective Reporting
Before using The Picus Platform, Migros’ team struggled to measure the company’s security posture. Now its team can track security scores for each of its controls and monitor changes in real-time. Integration of The Picus Platform with the company’s central reporting system enhances visibility further and ensures that senior managers across the business can stay up to date.
value-icon

 

Greater Value from Pen Testing
By validating the efficacy of the company’s security controls to prevent and detect particular threats and attack techniques, The Picus Platform enables Migros’ security team to better scope penetration testing. This includes ensuring that the assessments it commissions from third parties are conducted in the right areas and are focused on replicating the tactics and techniques that pose the most risk.
compliance-icon

 

Enhanced Compliance
As a processor of personal and financial data, Migros must comply with a range of security-related regulations and standards. The Picus Platform helps the company to prove adherence with the latest government and industry mandates, including the GDPR and the PCI DSS, by ensuring that the controls and processes it has in place are operationally effective.
#Retail #Case Study
gartner-peer-insights-r-TM-rgb-for-gartnerblue-bkgrnd

Trusted by Security Teams Across the Globe

Organizations use Picus to get immediate actionable insights on their security posture. They choose Picus to manage, know, and control their dynamic environment.

The GARTNER PEER INSIGHTS Logo is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.
RESOURCES

Discover Our Latest News and Content
Ukrtelecom
Telecommunication

Ukrtelecom's Cybersecurity Transformation: Optimized SIEM Rules and Rapid Threat Detection Engineering

Learn More
MAIRE
Engineering Services

MAIRE‘s Journey to Enhanced Security and Efficiency

Learn More
amoun-pharma
Pharmaceutical

Safeguarding Pharmaceutical Operations: How Amoun Leverages The Picus Platform for Proactive Security

Learn More
lifecell
Telecommunication

How lifecell Leverages The Picus Complete Security Validation Platform to Safeguard Ukraine's Telecommunications Landscape

Learn More
migros-case-study
Retail

Migros Case Study

Learn More
case-study-ing-bank
Financial Services

ING Bank Embraces Continuous Security Validation to Boost Cyber Resilience

Learn More
istanbul-sabiha-gokcen-airport
Aviation

Istanbul Sabiha Gokcen (ISG) Case Study

Learn More
case-study-turkcell
Telecommunication

How Turkcell Uses Picus to Ensure Continuous Threat Readiness and Cross-Team Collaboration

Learn More
turkish-airlines-case-study
Aviation

Turkish Airlines: Threat-centric Validation for a Vast Security Estate

Learn More