Endpoint Detection and Response to Increase Plastics Manufacturer’s Cyber Posture

An international packaging company was concerned about its security posture after expanding rapidly. By selecting Kroll and Kroll Responder, the company now has visibility across its global network of offices and strengthened its protection of key industrial control systems against cyberattacks.



  • Manufacturing
  • Fragmented IT estate
  • Expanding hybrid infrastructure
  • Legacy control systems



Kroll Services
  • Kroll Responder managed detection and response (MDR)
  • Comprehensive security insight
  • Proactive identification of vulnerabilities 
  • Protection against current and emerging threats

The Challenge

This organization is a global packaging provider delivering sustainable solutions to the food and beverage, consumer, agricultural, and transportation industries. Due to a process of consolidation, culminating in it becoming a globally integrated business, the organization's threat profile had increased significantly.

The company was highly aware of the wider cyber security challenges affecting the manufacturing industry and was worried that a cyberattack could lead to system downtime and negatively impact production and financial performance.

The manufacturer relied upon many specialist industrial control systems running legacy, unsupported software. The company needed to mitigate the risk of being unable to patch critical systems by enhancing its ability to proactively monitor for threats that might seek to exploit any unpatched vulnerabilities. The company’s decision to migrate workloads to the cloud also intensified its need to improve threat coverage and visibility.

The organization had a security information and event management (SIEM) system in place, but this offered only limited visibility across its hybrid environment. It did not provide the assurance that attacks would be identified fast enough to minimize damage and disruption. With only a small number of IT specialists for its size, the company also lacked the resources to be able to respond to incidents outside of regular business hours.


“Faster incident alerting enables us to better understand what is going on in our network and react more quickly. From an advice side of things, it’s great to be able to talk to knowledgeable people and discuss solutions to help mitigate our security risks.” – Head of IT Security, global plastics manufacturer


Kroll's Solution

The global plastics manufacturer recognized the importance of developing a long-term partnership with a top tier managed detection and response (MDR)  provider. It identified that Kroll and Kroll Responder, its award-winning MDR service, would provide the support it needed to hunt for and help shut down cyber threats, 24/7.

By integrating experienced security personnel, leading network and endpoint detection technologies, and up-to-the minute threat intelligence, Kroll Responder significantly improves security visibility across the company’s hybrid infrastructure and reduces its mean time to detect and  respond to threats.

Kroll’s global security operations centres (SOCs)  professionals operate as a virtual extension of the team, providing the high-quality insight and guidance the company’s IT team needs to respond to incidents whenever they arise.

To help mitigate the risks posed by the use of legacy systems, endpoint sensors are installed on each of the organization's key assets. These capture a range of security telemetry, which is used by Kroll’s specialists to inspect more deeply into the company’s IT systems and hunt for threats.

To ensure that the manufacturer stays fully on top of security risks, Kroll also conducts regular vulnerability scanning and provides support to help address any exposures identified.

The Head of IT Security says:


“Right from the start, I found that the Kroll team were very much on top of their game. From both project management and technical perspectives, I would rate them as excellent.”


The Impact

Visibility Across a Hybrid Cloud Estate

A key business priority was addressing the risks created as a result of moving operations to the cloud. With Kroll Responder, the company now has visibility across its complete hybrid infrastructure, including its Office 365 environment. To achieve the level of 24/7 security coverage in-house equivalent to that provided by Kroll, the organization would need to employ 10 in-house security professionals.

Deep Endpoint Detection

The organization was concerned about being breached without knowing it. Proactive endpoint monitoring enables Kroll to improve visibility of threats targeting its systems. Kroll Responder’s security professionals use the latest endpoint detection and response (EDR ) technology to hunt for known and unknown threats across the company’s hosts. Because the company has many legacy industrial control systems that it is unable to patch or cannot update immediately, it needed to mitigate the risk of them being exploited. Kroll Responder monitors these at-risk systems for threats that might seek to target unpatched vulnerabilities.

Comprehensive Security Insight

Without Kroll Responder, the company’s IT team would not have the time to check whether all the security alerts it receives are valid. Kroll alleviates this burden by investigating, analyzing and triaging alerts and sharing genuine incident information securely via the Kroll Redscan threat management platform. To help the team swiftly respond to incidents, Kroll supplies high-quality intelligence and actionable remediation guidance.

Fast and Effective Integration of New Environments

Kroll’s implementation team worked with the manufacturer to define a standardized methodology for service onboarding. The standardized methodology helps newly acquired businesses be quickly integrated into Kroll Responder and monitored by Kroll.

Monitoring for Unverified Devices

Kroll Responder is having a significant impact on reducing the number of employees attempting to connect unverified devices to the company’s network. Kroll continuously monitors for employee actions that could introduce new threats and vulnerabilities.

Vulnerability Scanning and Management

The company identified that it needed to undertake vulnerability scanning to help stay on top of security risks. Kroll Responder harnesses the most up-to-date scanning tools to ensure that the company can proactively identify vulnerabilities across its critical infrastructure and receives help to address them.

Protection Against Current and Emerging Threats

Kroll works closely with the manufacturer to continually improve the company’s service. This helps the organization ensure its security is responsive to changes within the swiftly evolving threat landscape.

Value for Money

In a survey, the company awarded Kroll 10 out of 10 for value for money and professional manner and stated that it would be extremely likely to recommend Kroll to others.


“With so much organizational change, this is a time of incredible pressure on our small team. Partnering with Kroll is making it easier for us to address the security challenges of business consolidation.” – Head of IT Security, global plastics manufacturer

  Learn more about Kroll Responder, our Managed Detection and Response Solution

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Penetration Testing Services

Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.