Enhanced Ransomware Defences for Global Shipping Business with Robust MDR

One of the world’s largest shipping companies wanted to become more proactive in its approach to cyber security, particularly in relation to the detection of ransomware. Working with Kroll gives the company greater visibility across its global network of offices and ships to better detect and respond to threats when they arise and ensures that appropriate controls and processes are in place to meet its compliance obligations.



  • Shipping
  • Globally dispersed network
  • Hybrid infrastructure
  • Strict compliance responsibilities



Kroll Services
  • Kroll Responder MDR
  • Enhanced threat visibility
  • Improved vulnerability management
  • Increased situational awareness

The Challenge

This organization is one of the world’s largest shipping companies, with more than 135 years in the industry. The company provides integrated maritime solutions through nine ship management centres worldwide and manages around 600 vessels, with 20,000 employees on shore and at sea.

After the NotPetya malware attack which affected three of shipping giant Maersk’s global businesses in 2017, the team was only too aware of the damage that cybercrime could inflict on its operations, finances and reputation.

While the organization had some security controls in place to support threat detection, these did not provide visibility across its complete hybrid cloud infrastructure, encompassing Office 365. Nor did these controls provide confidence that attacks would be identified quickly enough to minimize potential damage and disruption.

With only a small number of IT specialists for its size, the company wanted to identify a third party to help alleviate the demands of day-to-day threat detection, enable it to be more proactive in its approach to cyber security and mitigate future security risks. The company also needed to ensure that appropriate controls and processes were in place to meet all its data protection obligations, including the ability to detect and report breaches in line with the GDPR.

Kroll's Solution

The business was looking to build a long-term partnership with a top tier managed detection and response (MDR) provider. Its choice was based on a range of criteria, including technical expertise, approach to threat detection and quality of customer references. After spending some time identifying the security partner that would best meet its requirements, the shipping company selected Kroll and its Kroll Responder MDR service. It was impressed by the personal touch that the Kroll team demonstrated in proposing a solution that would best meet its threat detection requirements.

The Head of IT says:


“Kroll was the company which met all the criteria we had in mind. I always pay attention to personal relationships with potential partners. Right from the start, I had an Account Manager working with me helping me to identify the best solution for our needs and providing the information I needed to make my decision.”


While the personal aspect was an essential part of its decision to work with Kroll, so too was the turnkey nature of Kroll Responder—which supplies the people, technology and intelligence the company needs to identify and respond to both current and emerging cyber threats, 24/7.

The company recognized the value of Kroll Responder in improving visibility across its infrastructure and the impact the service would have in driving a reduction in the mean time to detect and respond to threats. Kroll Responder’s global security operations centre (SOC) professionals operate as a virtual extension of the team, providing the high-quality insight and mitigation guidance its IT team needs to respond to incidents whenever they arise.

To ensure that the organization's security is as robust as possible, Kroll also conducts managed vulnerability scanning and CREST -accredited penetration testing to help identify and address vulnerabilities across its global infrastructure.

The Head of IT adds:


“The human factor is something I’m always looking for. I don’t want to talk with bots—I want to talk with people. This personal approach is something I noticed from my first engagement with Kroll and it is still true today.”


The Impact

Enhanced Threat Visibility

The shipping company now has visibility across its global network of offices and ships and its public cloud environments. When threats arise, Kroll is able to swiftly identify and help the IT team respond to them before they have an opportunity to impact business operations. Kroll uses the latest security intelligence to detect current and emerging threats and constantly tunes the underlying technology, included as part of Kroll Responder, to reduce false positives.

Detection of Ransomware

With ransomware a key concern, Kroll Responder provides a critical layer of defence. Using real-time threat intelligence, Kroll Responder provides the company with the essential security capabilities it needs to quickly detect and effectively respond to the latest types of malware.

A Reduction in Phishing Attacks

Kroll Responder integrates with the organization's chosen Secure Email Gateway (SEG) solution to enhance visibility of phishing attacks and emails that contain malicious attachments. Security events generated by the SEG are correlated alongside other data sources, enabling Kroll’s SOCs to achieve enhanced visibility of email attacks and help the company respond to them.

Swift Incident Response

Kroll provides the outcomes and actionable mitigation guidance needed to be able to quickly respond to incidents and significantly reduce the possibility of an attack. Incident information is shared securely via Kroll’s Redscan threat management platform. Kroll’s SOC teams thoroughly analyze and investigate every security alert received and, if the alert is deemed to be a genuine incident, use the Redscan threat management platform to notify the client, relay the incident’s priority level and supply the information needed to assist remediation.

Improved Vulnerability Management

For an added level of security, Kroll supports companies with vulnerability management. Kroll Responder uses the latest vulnerability scanning tools to identify known vulnerabilities across key assets in the organization's environment. This is further enhanced by penetration testing engagements, conducted by Kroll’s team of CREST-certified experts, and designed to identify and help address hidden vulnerabilities across the company’s infrastructure.

Increased Situational Awareness

Monthly service reports from Kroll provide the firm with the high-quality information its key stakeholders need. These reports improve situational awareness and help stakeholders understand the value of the service in helping improve the company’s security posture and demonstrate compliance with industry regulations such as the GDPR.

Consistently High-quality Service

In a survey, the company awarded Kroll 10 out of 10 for overall satisfaction and stated that it would be extremely likely to recommend the company to others. It values the initial and ongoing training provided by Kroll, including on-site visits from its Account Manager and workshops to help educate IT staff about emerging security threats.

Learn more about Kroll Responder, our Managed Detection and Response solution.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Cyber Risk Assessments

Kroll's cyber risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available.

Cloud Security Services

Kroll’s multi-layered approach to cloud security consulting services merges our industry-leading team of AWS and Azure-certified architects, cloud security experts and unrivalled incident expertise.

Ransomware Preparedness Assessment

Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

Penetration Testing Services

Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.