Outmoded cybersecurity
KSG is a specialist restaurant and food services company serving 13 million meals per year across five industry sectors: professional offices, travel, retail, third-level education, and healthcare.
KSG previously relied on multiprotocol label switching (MPLS) networks managed by service providers to deliver connectivity across the airports, hospitals, and other sites it serves. Traffic was backhauled to the data centre, increasing complexity and cost while diminishing performance. It was unreliable too, with uptime sometimes dropping below 70%. Meanwhile the existing endpoint security tool was slow to detect threats.
The challenges included:
- Lack of visibility
It was difficult to discover, identify, and monitor network behaviour across locations and devices. - Unstable connections
Catering sites suffered from intermittent network outages, sometimes preventing customers from paying for their food and beverages. - Poor performance
Uneven bandwidth demand spikes put stress on network capacity and performance. - Excessive operational costs
High virtual private networks (VPN) service provider subscription fees and regular manual intervention resulted in excessive total cost of operation. - Outdated security at the endpoint
The outdated endpoint security on KSG’s devices struggled to keep up with modern threats. - Manual work to investigate and respond
The team spent hours detecting and responding to threats so couldn’t keep pace with the accelerating pace of cyberattacks. - Siloed security tools
The lack of a unified platform meant data from KSG’s headquarters and 120 remote sites was hard to collate. - Complex network security management and operations
The complexity of managing and operating multiple tools led to inconsistent security and unnecessary costs.
“I don’t like firefights. I prefer to prevent issues happening in the first place. Our goal was to realign the security architecture at each site to be more responsive to threat and better serve our customers."
Stephen Daly
Group Head of IT, KSG
Simplifying operations and reducing costs
Simplifying operations and reducing costs KSG standardised on a modern platform approach to security, built on Palo Alto Networks products. KSG selected a unified suite of secure access service edge (SASE) and AI-driven endpoint security with extended detection and response (Cortex XDR®) to protect its headquarters and catering sites from every known and unknown threat. By leveraging the natively integrated Cloud-Delivered Security Services (CDSS), KSG is able to deliver consistent best-in-class protection throughout. Using both the AI-powered SASE with SD-WAN and Next-Generation Firewalls, KSG can stop known, unknown, and zero-day threats 180x faster than it could with any other platform or point solutions.
Implemented in partnership with Irish security reseller Pure Networks, this innovative, streamlined approach is reducing KSG’s attack surface without impacting performance or user experience.
-
Protects all users and applications
Prisma SD-WAN applies rigorous security to the food and beverage outlets with Zero Trust Network Access (ZTNA) 2.0, protecting data and applications. “Other security platforms are built like a poor man’s Palo Alto Networks. We’re confident that these unified security measures safeguard all of our restaurant and food services,” says Stephen. -
One unified management interface
Strata Cloud Manager™ enables KSG to easily manage its Palo Alto Networks Network Security infrastructure – including NGFWs and SASE environment – from the cloud, via one unified management interface. With this technology, KSG is able to strengthen security in real time, comparing adjustments to see which improvements had the most impact. -
Achieved 50% reduction in costs
By swapping the legacy MPLS infrastructure for Prisma SD-WAN, KSG reduced connectivity costs by 50%. This upgrade reduced maintenance, eliminated third-party provider fees, enabled automation, and leveraged Strata Cloud Manager to unify system management. For example, a major airport site’s connectivity costs dropped from €800 per month to €80 per month, and one university site was able to cut its connections from 14 to one. -
Enabled 50% increase in performance
KSG doubled the throughput to/from sites using Prisma SD-WAN. This was achieved through improved connections, direct cloud connectivity, application-aware routing, WAN optimisation, and carrier-independent connectivity. -
Accelerated onboarding
When KSG wins a new food services site, it wants to generate revenue there as quickly as possible. To enable fast turnaround of new locations that have a legacy security provider, KSG needs a flexible zero-touch solution with the full suite of monitoring, alerts, and added-value features Palo Alto Networks provides. Timed implementations show the SD-WAN environment can be live in 14.5 minutes, accelerating time to value. “If we win a new contract, the Pure Networks technician can walk in with a box under their arm and get the site live in less than 15 minutes, irrespective of the service provider. The team are agile, expert, and highly professional,” says Stephen. -
Delivered 90% availability
Managed service provider uptime with KSG’s previous infrastructure was sometimes as low as 67%, resulting in lost revenue and customer frustration. Now, with Palo Alto Networks, availability is 90%. “We’re no longer jumping in a car and travelling across Ireland to fix a 5G box,” Stephen says. -
Reduced security administration by 60%
SD-WAN simplifies and automates everyday security tasks. Tight integration allows the team to manage security and SD-WAN on a single, intuitive interface, rather than on unconnected monitoring devices. This liberates the team to concentrate on strategic value-added tasks. -
Reduced MTTD/MTTR to “near real time”
The AI in Cortex XDR analyses data from 250 endpoints to identify threats and their root causes, allowing security analysts to respond faster to threats. Stephen says, “Using Cortex XDR, KSG has cut the time to identify threats from half a day using the previous system to near real time. If an event occurs, we see it straight away in the portal.”
share this story
