Case Study: Lomax
About the customer

Lomax is one of Denmark’s largest multichannel office supply companies serving over 50,000 business customers and processing over 350,000 orders every year. Their ecommerce website stocks over 30,000 products and plays a crucial role in delivering frictionless customer experience and sustaining business growth.


Ecommerce office supplies

Customer Since:



Event Management Software

Customer Since:


Services Used

The Challenge for Lomax

Ecommerce websites main targets for hackers

Online retailers are prime targets for cyberattacks. As the business expands online, Lomax needed to step up their security maturity and better confront the risks they face in order to prevent business disruption. Kim Millard, IT Manager of Lomax explains “our customers rely on our services to meet their office supply needs 24/7. We knew we needed to address the new threats and protect our business and operations as a priority.”

To protect profitability and their customers data they needed to ensure every aspect of the IT operations is tested and monitored to deliver the best customer experience.

Millard adds “if our website suffers downtime and can’t serve our customers when they need it, it will force them to look elsewhere. This is not an option. We cannot compromise on security and risk being attacked; therefore, we’ve moved from ad hoc pen tests to continuous application security assessment from Outpost24 to protect our ecommerce operations and ensure it runs smoothly.”

Before Outpost24 they used to conduct annual penetration testing, however we quickly realized testing just once every year was not enough to keep up with the evolving threats such as megacart and malware. Lomax needed a new security testing approach to continuously assess and monitor their website for vulnerabilities. As the risk of data breach increases, the business case of investing in a more robust application security testing solution made perfect sense – “ad hoc pen testing was taking too long to arrange and get the results, we didn’t feel confident that our website was being checked enough for new threats hence the need for change.”

Reduce application risks and optimize resource

Day to day the Lomax IT team are focussed on ensuring the smooth running of the ecommerce website. With limited security resource, they needed a solution provider that will help embed security testing into the IT operations and automating the process, plus providing the guidance they need to interpret the findings in a meaningful way and resolve security issues identified. “During the vendor selection process we felt very encouraged when we saw what Outpost24 SWAT has to offer – a unique combination of automated application security scanning and manual penetration testing in a single solution, like no others to provide complete coverage.”

“Implementing Outpost24 has saved our team a lot of time and effort from managing day to day vulnerabilities, allowing us to better understand the risk posture and enabling us to prioritize more effectively. We used to find information gathering and action planning very time consuming, however, with the zero false positives guarantee our IT- and online team now have more time to plan and focus on fixing real issues and ensuring the website runs smoothly so there’s no downtime.”

“Implementing Outpost24 has saved our team a lot of time and effort from managing day to day vulnerabilities, allowing us to better understand the risk posture and enabling us to prioritize more effectively”

Kim Millard | IT Manager

Lomax experienced results from day one when Outpost24 uncovered unknown vulnerabilities that had previously gone undetected by pen testers. By pinpointing the severity of these software vulnerabilities, Outpost24 provides Lomax with a greater understanding of their risk profile:

  • Complete visibility of known and unknown threats and vulnerabilities
  • Educate IT to resolve vulnerabilities effectively without re-creating new ones
  • Supporting Lomax in delivering software updates securely to maintain up time
  • Automate security assessment for front and back end IT systems
  • Alert Lomax to any critical security flaws as they are discovered

Millard continues “the solution is very easy to use – the portal provides direct access to the SWAT team which is a real benefit as we can communicate quickly and easily. It feels good to know you’re speaking to an expert when you have a problem and have access to advice you can trust. At Lomax we take cyber risk very seriously. Outpost24 offers a manageable security solution that’s integrated and very easy to work with and supports our goal by helping to protect our customer facing website. We utilise the communication function on a regular basis which is a very important and a well-used feature for us. Trawling through irrelevant findings is a big challenge so having zero false positives alerts us to the real problems and allows us to resolve and retest more efficiently.”

Planning for a secured business future

In a dynamic world of cybercrime, hackers are always looking for new ways to infiltrate and profit from vulnerable systems. Implementing Outpost24 SWAT service has allowed Lomax to be more dynamic and strengthened their website security capabilities with critical defence against cyber-attack all year round.

“It’s important for IT managers to understand that new vulnerabilities can appear at any point, a solution like SWAT helps me stay on top of the risks our business-critical ecommerce website is exposed to, and be able to mitigate those risks with confidence. We’re dependent on Outpost24 solutions to keep our business moving and delivers high levels of customer satisfaction at all times.”