Stronger Threat Detection and Response for UK Bank: Reduced False Positives, Swifter Response

A specialist bank in the United Kingdom recognized that its security controls were not adequately addressing the potential cyber security threats it faced.

By choosing Kroll Responder to significantly bolster its threat detection and response capabilities, the organization has enhanced its operational resilience and ability to comply with the latest industry regulations.



  • Finance
  • High volume of false positives
  • Hybrid infrastructure
  • Rigorous compliance requirements



Kroll Services
  • Kroll Responder managed detection and response (MDR)
  • Greater operational resilience
  • Swifter incident response
  • Enhanced compliance reporting

The Challenge

Kroll enabled a specialist bank to strengthen its operational resilience by improving threat visibility across its environment and absorbing the task of monitoring important infrastructure and assets around the clock.

While not having the risk profile of a Tier 1 bank, Kroll’s client knew that it could still be targeted by cybercriminals because of the large volumes of personal and financial data it processes. The risks were further increased because the bank operates across a hybrid environment encompassing legacy on-premises infrastructure and an increasing number of workloads in the Amazon Web Services cloud—including a newly launched online banking portal.

The bank recognized that enhancing its ability to swiftly detect and respond to threats 24/7 was vital because an attack could significantly impact its profits, reputation and ability to trade. In particular, it was experiencing a growing number of attacks and was worried about the consequences of breaches going undetected.

While the bank already had security information and event management technology in place, this wasn’t providing complete threat visibility. In addition, investigating a high volume of false-positive alarms was proving too time- and resources-intensive for the organization's small in-house security team. With the number of security events only increasing, the bank would have had to employ at least eight full-time professionals to monitor its entire infrastructure around the clock—an option that wasn’t viable for an organization of its size.

The bank needed a managed security partner that could help it swiftly identify and mitigate cyber threats both inside and outside of regular working hours, as well as help meet the requirements of the GDPR, the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA).


“I definitely recommend Kroll Responder. It’s an incredible managed security service. By working in partnership with Kroll, we have significantly improved our operational resilience.”– Head of Cybersecurity, specialist bank


Kroll's Solution

To identify the best partner and service for its needs, the bank’s Head of Cybersecurity led a rigorous tender process. Kroll stood out as offering the turnkey security capability, offensive security expertise and proactive approach the organization needed to level up its security maturity and respond to a continually evolving threat landscape.

The bank recognized that Kroll Responder, Kroll’s outcome-focused MDRervice, offered the people, technology and intelligence it required to swiftly identify and respond to current and emerging cyber threats.

Kroll’s global security operations centre (SOC) professionals operate as a virtual extension of the bank’s IT team, analyzing and triaging alerts generated by the service’s underlying technology stack and providing the actionable insight and mitigation guidance it needs to respond to incidents whenever they occur.

Since subscribing to Kroll Responder, the organization has significantly reduced its mean time to detect and respond to threats.

The bank’s Head of Cybersecurity commented:


“An important factor in our choice of security partner was the high level of security expertise within the team at Kroll. We also wanted to partner with a company that was around the same size as us, and on the same trajectory in terms of growth and ambition. We didn’t want to be a small fish in a large ocean of customers.”


“I definitely recommend Kroll Responder, it’s an incredible security service. The SOC teams are very knowledgeable, and I value the fact that Kroll aggregates insight about the cyberattacks it sees on other customers and retrospectively applies it to other organizations, so we all benefit from that knowledge. By working in partnership with Kroll, we have significantly improved our operational resilience.”


The Impact

Enhanced Operational Resilience

Kroll Responder has enhanced the bank’s operational resilience. It now has greater visibility across its environment and the assurance that it has the people, technology and intelligence in place to help detect and respond to security incidents, 24/7. By choosing Kroll Responder, the bank was able to quickly level up its security maturity in a matter of just weeks.

A Reduction in False Positives

With Kroll analyzing and investigating security alerts generated by the underlying Kroll Responder technology stack and passing on information about only those which are genuine, the bank’s small in-house security team is able to focus on incident response and other aspects of cyber security management.

Swifter Incident Response

With Kroll’s SOC teams supplying high-quality incident information, including risk level and kill chain analysis as well as actionable mitigation guidance, the bank is now able to act quickly and effectively in the event of attacks. Incident information is communicated via Kroll’s Redscan threat management platform.

Improved Compliance Reporting

In addition to the incident information and insights supplied through Kroll’s Redscan threat management platform, the bank’s team receives a monthly service report. The report helps to enhance situational awareness amongst key business stakeholders and streamline the process of providing evidence of compliance with the GDPR, as well as FCA and PRA requirements.

More Effective Vulnerability Management

Kroll Responder’s technology platform integrates with the bank’s chosen vulnerability management solution to help enhance security monitoring and ensure that at-risk systems are continually hardened.

Exceptional Customer Service

In a survey, the bank rated Kroll 9/10 for speed of response to security incidents, quality of security advice and overall satisfaction with the service, as well as stating that it would be extremely likely to recommend Kroll to others.


“I value the fact that Kroll aggregates insight about the cyberattacks it sees on other customers and retrospectively applies it to other organizations, so we all benefit from that knowledge.”– Head of Cybersecurity, specialist bank


  Learn more about Kroll Responder, our Managed Detection and Response Solution

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

24x7 Endpoint Detection and Response

Intelligent Endpoint detection and response: Maximum confidence in data security

Ransomware Preparedness Assessment

Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.