John van Berkum, IT Manager Timber and Building Supplies (TABS) Holland
Timber and Building Supplies (TABS) Holland, a holding company of eleven suppliers of timber and building materials in the Dutch market, have always paid special attention to the security of their network. With the rise of ransomware, the company decided it was time to go one step further. For this, the wood specialists turned to Cegeka, who were already managing their workplaces and infrastructure.
The mission of TABS Holland is clear: ‘Helping the Dutch construction industry to build better’. The holding company has been active in the wood and building materials market for more than 220 years, with 101 branches throughout the Netherlands. "Network security has always been a huge concern for us," explains John van Berkum, ICT Manager at TABS Holland. "We invested in conventional security measures such as anti-malware, firewalls and patch management early on. But a few years ago, when we saw the collateral damage caused by the NotPetya ransomware attack on companies that had not even been directly targeted, such as in the port of Rotterdam, we wondered: are we doing enough to prevent this kind of attack?"
Nearly every day you read in the news that someone has been affected by ransomware, such as a municipality, a bookstore or a bank. If TABS Holland were ever to be hit by ransomware, this would have a major operational impact. Customers would no longer be able to buy timber or building materials because our business processes would be compromised.
Besides, TABS Holland operates in a market with small margins – the company relies heavily on volumes. So the importance of liquidity cannot be underestimated. TABS Holland must therefore be able to guarantee the continuity of its primary business processes at all times.
John van Berkum is also seeing that companies are increasingly assessed on their cyber security level in order to secure funding: ‘In the future, you might not get funding if you don’t have adequate security.’
"In the future, you might not get funding if you don’t have adequate security."
- John van Berkum, ICT Manager at TABS Holland
"We work with several partners for our IT needs. But considering that ransomware also has an impact on individual workplaces, it was an obvious choice for us to bring in Cegeka, who were already managing these," says John van Berkum. "We noticed that EDR (Endpoint Detection & Response) and NDR (Network Detection & Response) were on the rise, and we wanted to learn more about these topics. So we asked Cegeka."
"For a company of our size, having our own team of security analysts monitoring everything around the clock would be too demanding," says John van Berkum. So Cegeka first implemented a SIEM (Security Information & Event Management) and a SOC (Security Operations Centre) for TABS Holland, relieving the company of this responsibility.
Next up were EDR (from Crowdstrike) and NDR (from Vectra). All machines are now equipped with software that detects malware and malicious links, and all notifications are automatically sent to Cegeka’s SOC. If a SOC security analyst identifies a link as dangerous, the machine is shut down or isolated remotely to prevent the threat from spreading further.
TABS Holland is now ready for any ransomware attack, and has greater insight into the behaviour of their network. "Strange behaviour is now detected very quickly," says John van Berkum. "In the beginning, there were obviously a lot of false positives, and this still sometimes happens when an administrator tries something new, for example. But Cegeka is responsible for triaging the notifications."
In time, TABS Holland would like to use automated responses: "I strongly believe that cyberattacks are happening so fast these days that they cannot be dealt with simply by human triage," says John van Berkum. "That is why we are now implementing the following: if one of our machines is exhibiting strange behaviour, we want to be able to isolate that PC or user automatically, until we can see what is going on."
John van Berkum explains how this is different from a hospital or a payment system: "There, you cannot just automatically block a system before you are sure that it is an attack, as blocking may have major consequences and sometimes even costs lives. In our business, it’s possible: we can block a potential attack immediately, and if it turns out to be a false alarm, we will remove the block."
The fact that Cegeka already managed the workplaces and infrastructure at TABS Holland was an advantage when it came to security, says Remko Verdouw, Account Manager Infra Services at Cegeka: "If there are security issues affecting the infrastructure or workstations, we can take immediate action. Our integrated portfolio also allows us to think beyond security."
"We are pleased to be working with Cegeka," says Rob van Kesteren, Manager of Infra, Workplace & Support at TABS Holland: "The i’s were being dotted one by one. Cegeka reviews the reporting with us every two weeks, which is something I appreciate a lot. To put it simply, I can sleep comfortably now, and that is worth a lot."
"Cegeka reviews the reporting with us every two weeks, which is something I appreciate a lot. To put it simply, I can sleep comfortably now, and that is worth a lot."
- Rob van Kesteren, Manager Infra, Workplace & Support at TABS Holland
"With ransomware on the rise, TABS Holland went one step further and switched to EDR and NDR software."