Case Study: RS Group
rs group
About the customer

The RS Group provides industrial and electronic products and services for designers, builders and maintainers of industrial equipment and operations. With 80+ years of experience supplying products from over 2,500 partners, and 1.1 million customers globally. The Group are proud to partner with suppliers and customers, offering them first class retail and wholesale services and advice on design, manufacturing and order management.  

Industry

Retail/ Wholesale 

Customer Since:

2016

Industry

Retail/ Wholesale

Customer Since:

2016

Services Used
OUTSCAN NX Threat Intelligence EASM SWAT

The Challenge for RS Group

For over seven years, Outpost24 has provided the RS Group with Continuous Application Security Testing and PCI scanning, ensuring their critical applications and infrastructure are protected around the clock. We sat down with Simon King, Security Operations and Vulnerability Manager at the RS Group, who’s been with RS for 10 years and oversees the Information Security of the Group, including its seven subsidiaries. We discussed how the group depends on Outpost24 products to effectively manage risk and protect the IP and brand reputation for the Group. 

“We utilize Outpost24 products to gain a holistic view of our risk, saving us valuable time managing and analyzing vulnerable apps. Outpost24 provides insightful data for our own reporting and enables us to keep track of trends and fluctuations in one place.” 

Simon and his team face the challenging task of managing over a thousand domains which are a fundamental part of their business operations. It’s crucial these applications are continuously scanned and analyzed for vulnerabilities to protect sensitive customer data and reduce risk.  

Outpost24’s penetration testing services are a crucial part of the security teams’ defenses against cyber-attacks and enable them to have a complete view of risk. The solutions enable Simon’s team to control access to their application portfolio centrally, whilst providing local teams with updates and information affecting their region. 

“With continuous scanning from Outpost24 we can control access of our applications better and assign tickets to the right developer. This way we can manage this centrally and we know controlled access is given to the correct business unit to manage.”

Simon King | Security Operations and Vulnerability Manager

Looking beyond the perimeter

Simon has seen significant improvements since introducing pen testing as a service (SWAT) from Outpost24, especially during periods of digital transformation. As the group has grown thanks to a number of acquisitions, Outpost24 helps them maintain control and visibility of all risks impacting their business and customers. 

“We don’t just need visibility of risks to the website, but to our brand and reputation. SWAT ensures we focus on critical vulnerabilities in our apps and EASM ensures we can track the external threats.” 

Managing external threats was a difficult task due to the scale and coverage of the Groups applications and assets including Shadow IT. Simon looked to Outpost24 to provide a solution to map their external attack surface and act as an extension of their security team, ensuring weaknesses are detected and that their brand is protected. Simon explains how they’ve extended their focus to External Attack Surface Management (EASM) alongside the credentials module of our threat intelligence solution, to protect all the known and unknown internet facing assets for vulnerabilities, and identifying the attack path for cyber criminals.  

We must look beyond what’s in our infrastructure, servers, etc., and at external threats including Shadow IT and the Dark Web. We utilize insights from Outpost24 on leaked credentials to share with our customer base in a way they can understand.” 

When we acquire new domains, we utilize the Outpost24 EASM tool to detect vulnerabilities via API which enables my team to cut out time on manual checks.

Simon King | Security Operations and Vulnerability Manager

Planning for 2024 and beyond 

In anticipation of 2024, Simon is preparing for upcoming trends and regulatory changes, notably focusing on the new EU Directive for NIS2 being introduced in October 2024, along with the ISO 27000 data protection standard.  

The NIS2 Directive supersedes NIS, and enforces stronger cybersecurity mandates in the EU, particularly for companies operating within critical infrastructure and other vital industries. Simon’s taken significant strides to achieving NIS2 compliance by implementing a proactive and systematic approach to identifying and mitigating vulnerabilities within their networks and systems. 

“Outpost24 pen testing as a service helps us align with NIS2’s focus on risk management and incident response”. 

For years, the Outpost24 team has built a strong and collaborative partnership with Simon and his team, offering our expertise, cutting-edge tools, and consultation to enhance the RS Group’s operational efficiency and bolster their cyber resilience. 

Outpost24 has helped transform our security operations. The team instills the confidence needed to safeguard our brand reputation, facilitating our ability to support our business growth objectives.