.webp)
Customer Story
For over 30 years, Highlite has been active as an international distributor within the entertainment industry. From its headquarters in Kerkrade and offices in the United Kingdom, Italy and China, the company serves customers in more than 80 countries every day. With a fully automated warehouse of over 25,000 m² and more than 150 employees, availability and speed of delivery are central to its services.
As a distributor with a global customer base, continuity is crucial. Because when the system stops, deliveries stop. And downtime costs money, a lot of money.
During the coronavirus pandemic, Highlite’s board saw major customers becoming victims of targeted cyberattacks. For them, it was a clear signal: this could happen to us as well. Time to take action. Cybersecurity therefore became a weekly topic on the board agenda.
Tim Damrow, ICT Manager at Highlite, used his broad experience from the data centre and cloud world to strengthen Highlite’s IT infrastructure and cybersecurity. The challenge? Limited staffing, many endpoints, a broad threat landscape, cloud solutions such as M365 and EntraID, but mainly on premises solutions. Tim: “You can do a lot yourself, but you cannot do everything on your own. Especially not if you also need to run other projects. That is when I started looking at how to achieve maximum control with minimal dependency.”
Maintaining control, reducing risks
Highlite deliberately chose a clear direction: everything that can remain on premises, stays under our own control. Only email and Teams run in the cloud, the rest is tightly secured. Branch offices and external staff work via Citrix and VPN. Internally, people work on laptops and fixed workstations, but only within the secure boundries of the network.
The first step? Gaining visibility into who connects to the network and from where, and monitoring the related network traffic for potential threats. On the recommendation of contacts from his business network, Tim came across Tesorion and Immunity was implemented. Immunity is a Network Access Control solution with a number of additional security features. Tim: “New devices are automatically recognised, placed in the correct segment or, in the event of a possible infection, quarantined. Troubleshooting has become faster and more targeted. For example, I can see which segment a device is in, so I no longer have to search the entire warehouse for a device and can instead look in a focused way. The functionality of Immunity saves me a day of manual work every week, for example when making network changes.”
From detection to action
After testing several solutions, Highlite chose an NDR solution from Vectra. This solution is based on AI and machine learning and provides 24/7 monitoring of suspicious behaviour on the network. It automates threat hunting and immediately provides an alert in the event of high risk, which is essential for a small IT team. Thanks to the integration between Vectra’s NDR solution and Immunity, the alerts generated by Immunity are immediately linked to the alerts from the NDR platform. In addition, these alerts are also correlated with alerts from an Endpoint Detection and Response solution, with all alerts displayed in one dashboard. “This allows us to map risks very quickly and stop attacks early in the kill chain,” says Tim.
In addition to threats on the network, we also chose to deploy additional Detection and Response from Vectra for Microsoft 365 and EntraID. Email and Teams are two very important platforms where information is shared and stored. It is very important for us to quickly recognise accounts that may be misused by attackers. If an identity is stolen and the attacker can read emails, perform eDiscovery on Teams or within emails, this can be very serious and cause significant damage. This solution gives us insight into the accounts that pose the greatest risk at that moment.
The collaboration with the SOC makes a major difference. Tim: “Irregularities are noticed immediately, including outside working hours. I no longer need to go through log files every week. The Vectra platform provides clear reports, allowing me to recognise and interpret anomalies at a glance. For me, the greatest gain is the peace of mind I get in return. You know your environment is being monitored, even when you are away for a while, during weekends and outside office hours. It also gives me more time and space to take on other projects. And because I am personally responsible for everything in IT, that is indispensable.”
An additional advantage of the reporting capabilities is that these reports can easily be shared with management. This means they too are informed quickly and effectively.
Awareness and smart policy
Security is now embedded throughout the entire organisation. From finance to sales, everyone receives tailored training to recognise phishing, for example. Employees who are not yet good at assessing risks receive extra attention so their knowledge can be brought up to the desired level.
Ready for the future, without overkill
Although Highlite does not fall under the NIS2 obligation, the organisation is working towards Cyber Essentials certification. This allows them to show that security is taken seriously, without unnecessary overhead. Tim: “We are not a corporate with a full security team. But by investing smartly, we have control over our IT, and I can go on holiday with peace of mind.”
The collaboration
By now, a stable partnership has been built between Highlite and Tesorion, in which knowledge sharing is just as important as delivering reliable technology. Tim: “What I value most? The substantive conversations. And the fact that they really think along with us.”
