COVER STORY
Log4j existed in their environment and resolved the vulnerabilities quickly .
Now , Frasers is so confident in the Tanium platform , it ’ s requiring every newly acquired unit to use it as well . Tanium will be fully implemented at Studio Retail , its most recent acquisition , and Sports Direct , its largest unit by far , accounting for roughly 70 % of total group sales .
Matthew Wilmot , Group Head of Enterprise IT and Information Security , Frasers Group , expands on the above , providing further detail about how the company worked with Tanium to achieve its goals and better manage risk .
Why did you decide to work with Tanium on this occasion ?
I ’ d used Tanium in previous roles as a consultant and during my time , I worked on some of the big breaches that are well publicised in the press . Tanium was always on the roadmap and was something that I wanted to bring into Frasers Group .
When Log4J hit last year we were struggling as an organisation to locate all of our assets and understand exactly where these vulnerabilities were . So we trialled Tanium which pinpointed exactly where the information was and then rolled it out to the rest of the environment .
What challenges were the group facing prior to your work with Tanium and what were your cybersecurity must-haves ?
Coming into the group as the first person in a senior position for Information Security , I noticed that the organisation wasn ’ t taking Information Security seriously . The external auditors were putting more pressure on what was being done from a cyber perspective from a defence point of view , but also around security of financial information and systems where financial information is stored and the access to these systems also . I came in with a two-year plan . The organisation didn ’ t necessarily have any issues , it just needed more of a focus to take areas relating to Information Security more seriously .
In terms of must-haves , one of the first things I did was design a Target Operating Model , so having the right people in the right position to do the right roles . I built out a Security Operations Centre and initially , using Microsoft Defender , we had E5 security licences , which meant that we have all of the Machine Learning technologies that you get as part of the vendor stack , which plays nicely into sentinel . The initial thought was to get that off
52 www . intelligentciso . com