Case Study

Pague Menos and Extrafarma transform retail security operations with Palo Alto Networks

RESULTS

98%

reduction in endpoint deployment time

12,000

threat visibility into twelve thousand endpoints

In brief

Customer

Pague Menos and Extrafarma

Partner

Location

Brazil

Featured Products and Services

Retail pharmaceutical products and services

Organisation Size

19 million customers and 1,600 stores

Industry

Retail

Challenges

The main challenges encountered by the Information Security, Privacy and Data Protection team at Pague Menos and Extrafarma were linked to the need to increase visibility and insights to protect the company’s environment, in addition to reducing the time of the operations team in maintaining the environment and contribute to the BSC perspective of Operational Excellence.

Requirements

  • Unite network, endpoint, and cloud data to prevent sophisticated attacks.
  • Use behavioral analytics to reveal root causes and speed up investigations.
  • Avoid alert fatigue.
  • Simplify operations and reduce costs.

Solution

Palo Alto Networks Cortex XDR
Introduction

Pague Menos and Extrafarma innovates in protection against cyber threats with Palo Alto Networks. An intelligent endpoint security platform is helping one of Brazil’s leading pharmaceutical retailers protect against cyber threats with full visibility and analytics. Modern security helps drive Pague Menos and Extrafarma’ digital retail initiatives, elevate the customer experience, and outpace the competition.

Faced with an expanding commercial portfolio, a desire to expand digital retail and a need to “do more with less”, Pague Menos and Extrafarma innovated its cybersecurity strategy. The platform endpoint protection systems lacked the visibility and analytics capabilities needed to keep up with evolving threats, and the security team was faced with an excess of alerts and performed complex investigations. Pague Menos and Extrafarma sought a radical new approach to eliminating threats – an approach built on analytics, proper data, and AI that is always learning.

CHALLENGE

Building for the future of retail in Brazil

Pague Menos and Extrafarma (Pay Less) is among the largest retail pharmaceutical networks in Brazil. The US$1.9 billion organization provides a wide range of healthcare products and services to more than 19 million customers at 1,600 stores across 26 states, including the Federal District of Brazil.

Their 2022 acquisition of rival Extrafarma, product innovation, and a rapid move into digital retailing all demonstrate Pague Menos and Extrafarma’s appetite for innovation and agility. Information security plays a strategic role in this drive. Gladstone Cruz, manager of information security, privacy and data protection at Pague Menos and Extrafarma, explains: “Our goal is to foster a safer retail technology environment, with an eye on process automation to identify and respond to threats. Solutions that unite visibility, Zero Trust, and resilience are crucial to that strategy.”

Clayton Soares, DPO and executive manager of IT governance, information security, and ICT service at Pague Menos and Extrafarma, reinforces this point – arguing that cybersecurity is critical for companies like Pague Menos and Extrafarma, as they deal with customers’ sensitive healthcare information.

"We must take a layered approach to security, starting with awareness of the user, their device, network, applications, services and the Internet."

– Clayton Soares

DPO and Executive Manager of IT Governance, Information Security, and ICT Service, Pague Menos and Extrafarma

Pague Menos and Extrafarma’s legacy endpoint security platform struggled to deliver on these requirements. A lack of visibility across more than 12,000 endpoints hindered the detection of advanced threats, failed to connect network and cloud data – and delayed the subsequent response.

"We were extremely uncomfortable with the low level of visibility. As cyberthreats became more sophisticated, we needed a modern, smart solution that would do all the heavy lifting for us, only triggering the alerts that were a real threat to the business operations."

– Gladstone Cruz

Manager of Information Security, Privacy and Data Protection, Pague Menos and Extrafarma

REQUIREMENTS

Protecting against breaches with XDR

Pague Menos and Extrafarma’s cybersecurity requirements were to:

  • Unite network, endpoint, and cloud data to stop sophisticated attacks.
  • Use behavioral analytics to reveal root causes and speed up investigations.
  • Avoid alert fatigue.
  • Simplify operations and reduce costs.
SOLUTION

EPP, EDR, and XDR – in one integrated platform

Gladstone Cruz explains why Pague Menos and Extrafarma chose Palo Alto Networks: “Cortex XDR was the leader in our evaluation of several excellent alternative endpoint security solutions. It combines EPP with EDR and XDR in one integrated, user-friendly platform.”

Pague Menos and Extrafarma collaborated closely with both Palo Alto Networks and Trust Control on the deployment.

"The experts from Palo Alto Networks and Trust Control worked as one. They understood our cybersecurity vision and worked closely with stakeholders on the architecture design, education, and knowledge transfer."

– Gladstone Cruz

Manager of Information Security, Privacy and Data Protection, Pague Menos and Extrafarma

Cortex XDR combines endpoint security, detection, response, and automation to safeguard Pague Menos and Extrafarma’s data. Integrating data from any source, machine learning detects advanced threats, automates incident management, and coordinates response. As a measure of the steps taken to reduce the risk of data loss, Pague Menos and Extrafarma uses USB device control and disk encryption.

"We use the Cortex XDR AI and machine learning models to understand patterns of behavior and detect anomalies which might lead to an endpoint attack. We can view the root cause of any alert with a single click – which speeds up our investigations."

– Gladstone Cruz

Manager of Information Security, Privacy and Data Protection, Pague Menos and Extrafarma

The automated analysis of aggregated data sources for threat detection and security monitoring is helping Pague Menos and Extrafarma re-evaluate its approach to security. “The unified incident response gives us rapid identification and a timeline describing the flow. We also receive information about incidents which we may intersect with MITRE ATT&CK tactics and techniques. This provides in-depth analysis and important insights into threat response.”

BENEFITS

Endpoints deployed in minutes not days

Cortex XDR is helping Pague Menos and Extrafarma prevent, detect, and respond to even the stealthiest threats.

  • Pinpoints threats faster with analytics: Cortex XDR provides complete, transparent visibility into 12,000 endpoints, together with agile incident management. Telemetry from other systems expands intelligence and threat visibility. Gladstone Cruz comments, “The visibility allows us to make trusted, informed decisions about events. Cortex XDR brings us important information about the behavior of our environment, such as our compliance rating within information security frameworks.”
  • Transforms business agility: Pague Menos and Extrafarma has reduced the time it takes to deliver endpoints in the field from more than 24 hours to just several minutes. “This is due to the rapid installation of the agent with disk encryption,” says Gladstone Cruz.
  • Improves productivity: Agent refreshes occur without the need for a system restart or intervention from IT staff. Cortex XDR also negates the risk of an endpoint restarting during a customer engagement or other critical task.
  • Increases efficiency: Pague Menos and Extrafarma has reduced the consumption of server processing resources from that required by the previous endpoint security solution.
  • Reduces business risk: User behavior analytics enables Pague Menos and Extrafarma to proactively identify and investigate threats, reducing the threat of an outage and temporary pause of retail trading.

"Palo Alto Networks innovative and reliable cybersecurity solutions are drivers for our strategy execution. There is certainly room to expand their technologies at Pague Menos and Extrafarma."

– Gladstone Cruz

Manager of Information Security, Privacy and Data Protection, Pague Menos and Extrafarma

Learn more about Palo Alto Networks on the website, where you can also read many more customer stories.